Security Researcher
Founder @SoloditOfficial. Co-founder and Security Researcher @CyfrinAudits. Judge at @code4rena. Top Warden of 2023 @code4rena.
High
Total
Medium
Solo
Total
Total Earnings
#39 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Apr '23
Findings not publicly available for private contests.
Feb '23
Findings not publicly available for private contests.
medium
Reward tokens can't be added again once they are removed because there is no way to reset the user's previous debt/cache state.
medium
Users wouldn't claim their unclaimed rewards once the reward token is removed.
medium
`SingleSidedLiquidityVault.deposit()` and `SingleSidedLiquidityVault.withdraw()` will revert if `rewardToken.lastRewardTime > block.timestamp`.
Findings not publicly available for private contests.
Jan '23
Dec '22
Findings not publicly available for private contests.
Nov '22
high
A malicious user can drain the protocol funds using `reclaimContract()`.
high
Attacker can trigger permanent lock of funds of normal traders
medium
The NFT might be locked inside the protocol forever after the contract was settled.
medium
Protocol can lose the fee and withdrawal function can become useless.
high
`Staking.unstake()` doesn't decrease the original voting power that was used in `Staking.stake()`.
high
`Staking._stakeToken()` calculates `stakedTimeBonus` wrongly.
high
The total community voting power can be huge because of incorrect conditions.
medium
`Governance.queue()` should update the `CommunityScoreData.proposalsPassed` instead of `CommunityScoreData.proposalsCreated`.
medium
Voters can increase their community voting power without any token voting power using `castVote()`.
medium
`Staking._stakeToken()` and `Staking.evilBonus()` don't calculate a voting power for a monster like a document.
Oct '22
high
Refinance validation is wrong
high
Potential debt calculation on new loan is wrong
high
`AuctionHouse.cancelAuction()` doesn't refund the last bidder.
medium
timeToEpochEnd is wrong
medium
Rate is used in wrong units
medium
`AuctionHouse.createBid()` will revert when it should increase the duration.
medium
Inconsistent usage of `firstBidTime` in `AuctionHouse.createAuction()` and `AuctionHouse.createBid()`
medium
ChangeInSlope function is wrong.
medium
Borrower might get loss while repaying.
high
The `Vault` contract should check more validations to prevent the `first depositor` issue.
medium
`Vault.convertToShares()` and `onTokenTransfer()` check the wrong condition for the first deposit.
medium
`Vault._withdrawFromPlugin()` always reverts when `_amount == 0`.
medium
The admin might add the same plugin using `Vault.addPlugin()` by fault.
Sep '22
high
In `Auction.sol`, users might fail to withdraw the funds from the processed auction because of the uint underflow.
high
`AuctionInternal._previewWithdraw()` might return the wrong result after some orders are removed during the withdrawal.
medium
`Auction.getEpochsByBuyer()` might omit some valid epochs.
medium
Chainlink's latestRoundData might return stale or incorrect results.
Aug '22
Jul '22
Jun '22
May '22