https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

hash

Security Researcher

#1 @CodeHawks 2023

Contact Me

High

57

Total

Medium

10

Solo

86

Total

$595.60K

Total Earnings

#10 All Time

32x

Payouts

gold

11x

1st Places

silver

6x

2nd Places

bronze

5x

3rd Places

All

Sherlock

Blackthorn

Code4rena

Cantina

CodeHawks

Mar '25

Sentiment - MetaOracle

Sentiment - MetaOracle

Collaborative Audit • Sherlock • hash

Sentiment V2: Hyperliquid Oracle Update

Sentiment V2: Hyperliquid Oracle Update

Collaborative Audit • Sherlock • hash

Feb '25

beraborrow-blockend

beraborrow-blockend

16,439.72 USDC • 9 total findings • Cantina • hash

silver

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '25

Allora v0.8.0 Update

Allora v0.8.0 Update

70,322.76 USDC • Sherlock • hash

gold

Findings not publicly available for private contests.

Dec '24

Teller Lender Groups Update Audit

Teller Lender Groups Update Audit

14,825.78 USDC • 8 total findings • Sherlock • hash

gold

high

Malicious lender can prevent borrower from repayment due to try/catch block revert

high

Using original principal amount as due amount inside `liquidateDefaultedLoanWithIncentive` breaks contract accounting leading to lost assets/broken functionalities

medium

Attacker can revoke any user from a market

medium

Not updating state before making custom external call can cause borrower's to loose assets due to re-entrancy

medium

Using `.approve` will cause bidding to revert in LenderCommitmentGroup_Smart.sol

medium

Repayer can brick lending functionality of `LenderCommitmentGroup_Smart` by repaying excess

medium

Tokens that revert of zero value transfers can cause reverts on liquidation

medium

EMI calculation is flawed

Rain - Collateral Contract V2

Rain - Collateral Contract V2

16,724.47 USDC • Sherlock • hash

gold

Findings not publicly available for private contests.

Nov '24

collar-core

collar-core

3,060.88 USDC • 2 total findings • Cantina • hash

bronze

medium

Finding not yet public.

medium

Finding not yet public.

Oct '24

Omni Network

Omni Network

113,773.26 USDC • 5 total findings • Cantina • hash

bronze

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

mev-commit

mev-commit

4,479.88 USDC • 7 total findings • Cantina • hash

#5

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Aug '24

Sentiment V2

Sentiment V2

17,333.69 USDC • 10 total findings • Sherlock • hash

gold

high

User's can seize more assets during liquidation by using type(uint).max

medium

Formula used for minimum required collateral value is flawed

medium

Superpool doesn't handle USDT due to abi decoding

medium

Attacker can inflict losses to other Superpool user's during a bad debt liquidation depending on the deposit/withdraw queue order

medium

`maxWithdraw` deviates from `ERC4626` spec

medium

`ChainlinkOracle` doesn't validate for minAnswer/maxAnswer

medium

Setting `minDebt` and `minBorrow` to low values can cause protocol to accrue bad debt

medium

Planned large liquidation fees will make liquidation not profitable causing bad debt

medium

New depositors can loose their assets due to existing shares when totalAssets is 0 following a bad debt rebalance

medium

User's can create non-liquidateable positions by leveraging `rebalanceBadDebt` to decrease share price

Jul '24

LoopFi

LoopFi

4,006.85 USDC • 17 total findings • Code4rena • hash

#6

high

`decreaseLever` uses incorrect position address when withdrawing

high

`Flashlender.sol#flashLoan()` should use `mintProfit()` to mint fees. The current implemetation may lead to locked up WETH in PoolV3.

high

Debt position interest is compounded while pool interest is simple causing inconsistency b/w `expectedLiquidity_` and `availableLiquidity_`

medium

Emission schedule is not followed

medium

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

medium

Usage of `lastEligibleStatus` can cause user to miss out on rewards on `manualStopEmissionsFor` invocation

medium

Incorrect address is used as `spender` for ERC20 permit signature verification

medium

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

medium

In CDPVault::liquidatePositionBadDebt(), the calculation of `loss` is incorrect.

medium

PositionAction.decreaseLever() fails to consider the loan fee in Flashlender when calculating loanAmount, as a result, the functionanlity will not work when protocolFee != 0.

medium

Incorrect calculation of `newCumulativeIndex` in function `calcDecrease`

medium

WhenNotPaused modifier in the CDPVault can be bypassed by users

medium

Malicious actor can abuse the minimum shares check in `StakingLPEth` and cause DoS or locked funds for the last user that withdraws

medium

`PositionAction4626::increaseLever` will always revert

medium

Wrong repayment amount used in `PositionAction::_repay`, forcing users to unexpectedly lose funds

medium

ChefIncentivesController caches endRewardTime, which is not required, and may cause issues during reward update.

medium

`PositionAction.sol#onCreditFlashLoan` may have leftover tokens after conducting `leverParams.auxSwap`.

MakerDAO Endgame

MakerDAO Endgame

19,643.93 USDC • Sherlock • hash

#6

Jun '24

Mellow Modular LRTs

Mellow Modular LRTs

30,739.18 USDC • 3 total findings • Sherlock • hash

gold

medium

Predefined amount parameter can challange allocation to Obol validators

medium

`ratiosX96Value` is rounded down

medium

1:1 price is assumed b/w stETH and WETH

May '24

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

47,186.81 USDC • 8 total findings • Sherlock • hash

silver

high

Reward allocation can result in allocation of more than 100% of available reserves

medium

User's might be able to claim their prizes even after shutdown

medium

`maxDeposit` doesn't comply with ERC-4626

medium

`maxRedeem` doesn't comply with ERC-4626

medium

Incorrect implementation of `drawTimeout`

medium

Using `feePerClaim` for slippage control could result in claimer's making losses during claims

medium

Can start draw will return incorrectly

medium

Users can setup hooks to control the expannsion of tiers

Mar '24

Copra Finance

Copra Finance

9,722.17 USDC • Sherlock • hash

gold

Findings not publicly available for private contests.

Axis Finance

Axis Finance

25,116.19 USDC • 11 total findings • Sherlock • hash

silver

high

Lot id is always set to 0 for new auctions

high

Gas is not configured to be claimable in Blast

high

Downcasting to uint96 can cause assets to be lost for some tokens

high

Lack of max field value check for coordinates allows bricking the decryption

high

Incorrect `prefundingRefund` calculation will disallow claiming

high

Overly restrictive check for claimBid function disallows bidder's from claiming

high

Inconsistent timestamp usage across `_revertIfLotActive` and `_revertIfLotConcluded`

medium

User's can be grieved by not submitting the private key

medium

Bidder's payout claim could fail due to validation checks in LinearVesting

medium

Inaccurate value is used for partial fill quote amount when calculating fees

medium

Remaining funds of FMAP auctions cannot be recovered once auction is concluded

Feb '24

eigenlayer-contracts

eigenlayer-contracts

82,750 USDC • 2 total findings • Cantina • hash

gold

high

Finding not yet public.

medium

Finding not yet public.

Rio Network

Rio Network

30,933.31 USDC • 10 total findings • Sherlock • hash

bronze

high

Deactivating operators doesn't clear it's strategy allocations

high

Epoch is not incremented when current epoch settlement is queued

high

Validator keys are loaded incorrectly from storage to memory

high

Operators can steal ETH by front running validator registration

high

Operators undelegating via EigenLayer is not handled

medium

Shares associated with operator exits are not marked unwithdrawable

medium

Min excess scrape amount can cause unused ETH and possbily lost LRT tokens for users

medium

Strict check for precalculated shares to equal the actual shares received will revert often due to rounding in eigenlayer

medium

TranferETH gas limitation of 10k is not enough

medium

Operators can cause verification of other operators to fail by verifying a validator that was added outside Rio

Stealth

Stealth

8,500 USDC • Sherlock • hash

gold

Findings not publicly available for private contests.

100x

100x

6,964.79 USDC • Sherlock • hash

silver

Findings not publicly available for private contests.

Jan '24

reNFT

reNFT

2,733.7 USDC • Code4rena • hash

#5

Dec '23

Olas

Olas

20,540.04 USDC • 5 total findings • Code4rena • hash

silver

high

Withdrawals can be frozen by creating null deposits

high

Bonds created in year cross epoch's can lead to lost payouts

high

Wrong invocation of Whirpools's updateFeesAndRewards will cause it to always revert

medium

Possible DOS when withdrawing liquidity from Solana Lockbox

medium

Withdraw amount returned by `getLiquidityAmountsAndPositions` may be incorrect

DODO GSP

DODO GSP

949.63 USDC • 2 total findings • Sherlock • hash

bronze

medium

lower decimal token as quote asset allows initial depositor to set QUOTE_TARGET to 0 always

medium

Initial depositor can alter the reserve-target ratio to trade subsequent depositors tokens at lower prices

Olympus RBS 2.0

Olympus RBS 2.0

13,363.29 USDC • 7 total findings • Sherlock • hash

gold

high

BunniPrice returns totalValue instead of pool token price

high

Incorrect ProtocolOwnedLiquidityOhm calculation due to inclusion of other user's reserves

high

Incorrect StablePool BPT price calculation

medium

Pool manipulation check in BunniHelper is flawed as uncollected fees is used

medium

Incorrect deviation check

medium

Possible incorrect price for tokens in Balancer stable pool due to amplification parameter update

medium

usage of totalSupply for newer balancer pools should be replaced with getActualSupply

Nov '23

Panoptic

Panoptic

15,331.67 USDC • 5 total findings • Code4rena • hash

gold

high

Partial transfers are still possible, leading to incorrect storage updates, and the calculated account premiums will be significantly different from what they should be

high

Attacker can steal all fees from SFPM in pools with ERC777 tokens.

medium

Premium owed can be calculated as a very big number due to reentrancy on uninitialized pools

medium

removedLiquidity can be underflowed to lock other user's deposits

medium

premia calculation can cause DOS

Convergence

Convergence

3,277.34 USDC • 5 total findings • Sherlock • hash

silver

high

User's can attain unlimited `veCvg/mgCvg` voting power due to lack of duplication checks

high

Killing a gague can lead to bricking of the protocol

medium

Incorrect slippage protection for sdt/cvgSdt exchange

medium

Division difference can result in a revert when claiming treasury yield and excess rewards to some users

medium

cvgRewards may be incorrectly calculated due to possible changes in gagueWeights and totalWeight

Velodrome-Mellow Blackthorn

Velodrome-Mellow Blackthorn

Collaborative Audit • Blackthorn • hash

Oct '23

Steadefi

Steadefi

2,128.91 USDC • 9 total findings • CodeHawks • hash

#7

high

try-catch does not store the state when it is reverted

high

`GMXVault` can be blocked by a malicious actor

high

Withdraw function provides more funds to withdrawer

high

Incorrect slippage protection on deposits

medium

The protocol will mint unnecessary fees if the vault is paused and reopened later.

medium

The transfer of ERC-20 tokens with blacklist functionality in process functions can lead to stuck vaults

medium

Incorrect depositable shortToken amount calculation in Delta neutral vaults

medium

Front-Run Attacks Due Slippage Mishandling Lead to Total Losses For Depositors

medium

A depositor of the GMXVault can bypass paying the fee when the depositor deposit into the GMXVault.

The Wildcat Protocol

The Wildcat Protocol

4,046.17 USDC • 3 total findings • Code4rena • hash

bronze

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last

medium

Pending withdrawal batch debt cannot be payed by the borrower until the cycle end

zkSync Era

zkSync Era

95.22 USDC • Code4rena • hash

#37

Sep '23

DittoETH

DittoETH

9,725.79 USDC • 11 total findings • CodeHawks • hash

gold

high

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

high

New orders can overwrite active orders when order id reaches 65000

high

Users can avoid liquidation while being under the primary liquidation ratio if on the last short record

high

Owner of a bad ShortRecord can front-run flagShort calls AND liquidateSecondary and prevent liquidation

high

Previous NFT owner can burn NFT from the new owner

high

Flag can be overriden by another user

high

User's can loose collateral when exiting a short

medium

Order creation can run out of gas since relying on previous order matchtype

medium

Secondary short liquidation reverts due to arithmetic underflow in volatile market conditions

low

Loss of precision in `twapPriceInEther` due to division before multiplication

low

Lack of Duplicate ID Check in combineShorts Function

Aug '23

Sparkn

Sparkn

841.73 USDC • 3 total findings • CodeHawks • hash

#4

high

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

medium

The `digest` calculation in `deployProxyAndDistributeBySignature` does not follow EIP-712 specification

low

Owner can incorrectly pull funds from contests not yet expired

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

32.67 USDC • 8 total findings • CodeHawks • hash

#91

high

Using forged/fake lending pools to steal any loan opening for auction

high

Lender can Sandwich a borrower to seize his collateral

low

Missing Events Emitting

low

Emitting incorrect event parameters

gas

Multiple accesses of a mapping/array should use a local variable cache.

gas

Uncheck Arithmetic where overflow/underflow impossible

gas

Wrong comment in `setPool` function

gas

Unwanted gas expenditure by recomputing already computed value

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.55 USDC • 1 total finding • CodeHawks • hash

#124

high

Theft of collateral tokens with fewer than 18 decimals

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

5.60 USDC • 2 total findings • CodeHawks • hash

#81

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

gas

Use Openzeppelin Minimal Clones to Save a Lot of Gas