https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/5e354826-2087-44d4-9345-2e7d71b4bd90.jpg

givn

Security Researcher

vuln-discovering-poc-writing-report-filing security craftsman 💾

Contact Me

High

Total

Medium

Total

$3.52K

Total Earnings

#907 All Time

9x

Payouts

4x

Top 10

7x

Top 25

8x

Top 50

All

Sherlock

Code4rena

Jul '25

Zhenglong

Collaborative Audit • Sherlock • givn

Apr '25

Cabal Liquid Staking Token

744.94 USDC • 3 total findings • Code4rena • givn

medium

Desynchronization of Cabal's internal accounting with actual staked INIT amounts leads to over-minting of sxINIT tokens

medium

Unstaking from LP pools will cause underflow and lock user funds

medium

Unstaking calculates user share at request time, ignoring slashing — leading to DoS and unfair distribution

Kinetiq

485.73 USDC • 4 total findings • Code4rena • givn

#15

high

Users Who Queue Withdrawal Before A Slashing Event Disadvantage Users Who Queue After And Eventually Leads To Loss Of Funds For Them

medium

Attacker can partially DoS L1 operations in StakingManager by making huge number of deposits

medium

Inconsistent State Restoration in `cancelWithdrawal` Function

medium

Incorrect Balance Check in Validator Redelegation Process May Block Legitimate Rebalancing Operations

Mar '25

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • givn

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Feb '25

Initia Cosmos

395.81 USDC • 1 total finding • Code4rena • givn

medium

Contract deployment restriction can be bypassed

Jul '24

Karak Restaking

1,335.29 USDC • 2 total findings • Code4rena • givn

high

The operator can create a `NativeVault` that can be silently unslashable.

medium

Changing the slashingHandler for NativeVaults will DoS slashing

May '24

Olas

164.65 USDC • 1 total finding • Code4rena • givn

#13

medium

The `refundAccount` is erroneously set to `msg.sender` instead of `tx.origin` when `refundAccount` specified as `address(0)`

Apr '24

Teller Finance

44.94 USDC • 1 total finding • Sherlock • givn

#28

medium

Flashloan rollover doesn't work with USDT

Mar '24

Revert Lend

30.96 USDC • 2 total findings • Code4rena • givn

#61

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

medium

Repayments and liquidations can be forced to revert by an attacker that repays miniscule amount of shares

Feb '24

AI Arena

314.65 USDC • 6 total findings • Code4rena • givn

#14

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

medium

Can mint NFT with the desired attributes by reverting transaction

medium

Constraints of dailyAllowanceReplenishTime and allowanceRemaining during mint() can be bypassed by using alias accounts & safeTransferFrom()

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element