https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_0.png

honeymewn

Security Researcher

Contact Me

High

9

Total

Medium

11

Total

$30.43K

Total Earnings

#280 All Time

7x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

4x

Top 50

All

Sherlock

Cantina

CodeHawks

Immunefi

Feb '24

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

716 USDC • 1 total finding • Immunefi • honeymewn

#20

medium

Finding not yet public.

Jan '24

Blast

Blast

28,826.36 USDC • 3 total findings • Cantina • honeymewn

#13

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Sep '23

Allo V2

Allo V2

635.31 USDC • 5 total findings • Sherlock • honeymewn

#10

high

Malicious recipient can unfairly get more funding in RFP strategies

medium

Invalid poolAmount check will result in a failed distribution

medium

Invalid qv_allocate allows allocators to give unlimited votes to a recipient

medium

reviewRecipients allows for contradictory outcomes which might make recipient non-eligible for funding

medium

Overlapping registration and fund allocation times might result in an unfair competition

Aug '23

Sparkn

Sparkn

210.41 USDC • 6 total findings • CodeHawks • honeymewn

#18

high

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

If a winner is blacklisted on any of the tokens they can't receive their funds

low

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

low

Centralization Risk for trusted organizers

low

Using basis points for percentage is not precise enough for realistic use-cases

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

27.42 USDC • 7 total findings • CodeHawks • honeymewn

#100

high

Tokens with less than 18 decimals allow for draining of funds

high

Lender contract can be drained by re-entrancy in `setPool`

high

Using forged/fake lending pools to steal any loan opening for auction

high

Token spending by Uniswap router doesn't get approved

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Fixed fee level is used when swap tokens on Uniswap

gas

Unbounded loop in Lender.sol functions may revert.

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.70 USDC • 2 total findings • CodeHawks • honeymewn

#119

high

Theft of collateral tokens with fewer than 18 decimals

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

11.27 USDC • 3 total findings • CodeHawks • honeymewn

#72

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

gas

Use Openzeppelin Minimal Clones to Save a Lot of Gas

gas

Use predefined address instead of `address(this)`