Security Researcher
dev @offchainlabs, initial builders of @arbitrum leaderboard warden & judge @code4rena solidity engineer / security researcher / sybil hunter / investor
High
Total
Medium
Total
Total Earnings
#59 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Code4rena
Oct '23
Aug '23
Jul '23
Jan '23
high
Protocol fees can be withdrawn multiple times in `Erc20Quest`
high
Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts
medium
Users may not claim Erc1155 rewards when the Quest has ended
medium
DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost
Dec '22
Nov '22
high
NFTFloorOracle's asset and feeder structures can be corrupted
medium
Value can be stuck in Adapters
medium
During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used
medium
Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.
medium
transferBribes could transfer before proposal deadline + Input validation
medium
Admin Privilege - Owner can rug via `ThecosomataETH.withdraw`
medium
SafeERC20.sol is imported but not used in the transferBribes() function
medium
[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets
medium
SWAP_ROUTER in AutoPxGmx.sol is hardcoded and not compatible on Avalanche
medium
Assets may be lost when calling unprotected `AutoPxGlp::compound` function
Aug '22
Jun '22
May '22
medium
Contract may not have enough fund to cover refund
medium
Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas
medium
Many unbounded and under-constrained variables in the system can lead to unfair price or DoS
medium
Critical variables shouldn't be changed after they are set
Apr '22
Mar '22
Feb '22
medium
transferBribes could transfer before proposal deadline + Input validation
medium
Admin Privilege - Owner can rug via `ThecosomataETH.withdraw`
medium
SafeERC20.sol is imported but not used in the transferBribes() function
medium
[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets
medium
SWAP_ROUTER in AutoPxGmx.sol is hardcoded and not compatible on Avalanche
medium
Assets may be lost when calling unprotected `AutoPxGlp::compound` function
high
Repeated Calls to Shelter.withdraw Can Drain All Funds in Shelter
high
USDMPegRecovery Risk of fund locked, due to discrepancy between curveLP token value against internal contract math
medium
USDM locked unless guardian remove liquidity
medium
[WP-H2] `ConvexStakingWrapper#deposit()` depositors may lose their funds when the `_amount` is huge
medium
Deactivate function can be bypassed
Jan '22
high
[WP-H5] `L1Migrator.sol#migrateETH()` dose not send `bridgeMinter`'s ETH to L2 causing ETH get frozen in the contract
medium
[WP-H3] `L1Migrator.sol#migrateETH()` Improper implementation of `L1Migrator` causing `migrateETH()` always reverts, can lead to ETH in `BridgeMinter` getting stuck in the contract
medium
Fund loss when insufficient call value to cover fee
medium
L1Migrator.migrateLPT` can be used to take away protocol's access to LPT tokens in BridgeMinter
Dec '21
Nov '21
Oct '21