https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/968e1b70-b2a9-488a-878f-899477b22663.jpg

hunter_w3b

Security Researcher

Smart Contract Security Researcher ⚔️

Contact Me

High

Total

Medium

Total

$21.17K

Total Earnings

#375 All Time

87x

Payouts

1x

1st Places

1x

2nd Places

1x

3rd Places

All

Sherlock

Code4rena

CodeHawks

Dec '24

Tally ARB Staker

130.75 USDC • Sherlock • hunter_w3b

#20

Nov '24

Chiliz Chain System Contracts

151.22 USDC • Sherlock • hunter_w3b

#14

Findings not publicly available for private contests.

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • hunter_w3b

high

Malicious User Will Steal Rewards by Front-Running a Claim Transaction

Telcoin Update #2

121.05 USDC • Sherlock • hunter_w3b

#19

Oct '24

Covalent - EWM Light Client

453.76 USDC • Sherlock • hunter_w3b

Findings not publicly available for private contests.

AXION

111.80 USDC • 1 total finding • Sherlock • hunter_w3b

#10

medium

MasterAMO should not use the `initializer` modifier

Sep '24

Liquid Staking

19.41 USDC • 1 total finding • CodeHawks • hunter_w3b

#39

medium

Remove splitter will always revert if there are some rewards left on splitter contract

Aug '24

Cork Protocol

91.50 USDC • 2 total findings • Sherlock • hunter_w3b

#13

high

Double-Counting of Redemption Asset (RA) in `_redeemCtDsAndSellExcessCt` Function

medium

Incorrect Deposit Pausing Logic in `LVDepositNotPaused::ModuleState` Modifier

Rumpel Point Tokenization Protocol

163.48 USDC • Sherlock • hunter_w3b

Axelar Network

0 USDC • Code4rena • hunter_w3b

Tadle

8.32 USDC • 4 total findings • CodeHawks • hunter_w3b

#99

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

Native token withdrawal fails until manually approved

low

`listOffer` Unsafely References Fungible Identifiers

low

Validation of `collateralRate` in `PerMarkets::createOffer` function

Jul '24

MagicSea - the native DEX on the IotaEVM

0.08 USDC • 1 total finding • Sherlock • hunter_w3b

#64

medium

The quantity is calculated incorrectly when depositing Fee on Transfer Tokens.

Jun '24

Thorchain

397.82 USDC • 1 total finding • Code4rena • hunter_w3b

#14

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

May '24

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • hunter_w3b

medium

Claim Function Fails in `PerAddressTrancheVestingMerkleDistributor` Due to Empty Data

Sophon Farming Contracts

1,196.48 USDC • 1 total finding • Sherlock • hunter_w3b

high

Protocol supports `eETH` but doesn't consider its also a rebase token like `stETH`

Apr '24

Renzo

1.52 USDC • 3 total findings • Code4rena • hunter_w3b

#53

high

Incorrect withdraw queue balance in TVL calculation

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

medium

Lack of slippage and deadline during withdraw and deposit

Mar '24

Acala

480.02 USDC • Code4rena • hunter_w3b

#14

DittoETH

236.67 USDC • Code4rena • hunter_w3b

#17

Smart Wallet

34.97 USDC • Code4rena • hunter_w3b

#15

Taiko

246.86 USDC • Code4rena • hunter_w3b

#26

Revert Lend

193.61 USDC • 1 total finding • Code4rena • hunter_w3b

#40

medium

Asymmetric calculation of price difference

PoolTogether

51.12 USDC • Code4rena • hunter_w3b

#24

Phat Contract Runtime

630.47 USDC • Code4rena • hunter_w3b

Feb '24

Spectra

414.48 USDC • Code4rena • hunter_w3b

UniStaker Infrastructure

266.89 USDC • Code4rena • hunter_w3b

AI Arena

179.8 USDC • Code4rena • hunter_w3b

#30

HydraDX

1,291.82 USDC • Code4rena • hunter_w3b

#10

Jan '24

Covalent

67.18 USDC • 1 total finding • Sherlock • hunter_w3b

#13

medium

Sandwich Attack in Reward Validators

Decent

62.25 USDC • Code4rena • hunter_w3b

#41

Salty.IO

60.13 USDC • Code4rena • hunter_w3b

#85

Opus

100.1 USDC • Code4rena • hunter_w3b

#17

Curves

167.09 USDC • Code4rena • hunter_w3b

#29

reNFT

269.86 USDC • Code4rena • hunter_w3b

#31

Dec '23

Olas

2,735.23 USDC • Code4rena • hunter_w3b

Revolution Protocol

257.89 USDC • Code4rena • hunter_w3b

#25

Ethereum Credit Guild

114.88 USDC • Code4rena • hunter_w3b

#63

Nov '23

Shell Protocol

458.85 USDC • Code4rena • hunter_w3b

Panoptic

11.32 USDC • Code4rena • hunter_w3b

#28

Canto Application Specific Dollars and Bonding Curves for 1155s

114.38 USDC • Code4rena • hunter_w3b

#19

Kelp DAO | rsETH

207.18 USDC • Code4rena • hunter_w3b

#19

Oct '23

Party Protocol

83.82 USDC • Code4rena • hunter_w3b

#27

NextGen

41.67 USDC • Code4rena • hunter_w3b

#65

Steadefi

98.00 USDC • 3 total findings • CodeHawks • hunter_w3b

#31

medium

`emergencyClose()` may fail to repay any debt

low

Lack of events for critical actions

low

Chainlink aggregators return the incorrect price if it drops below `minAnswer`

Ethena Labs

176.43 USDC • Code4rena • hunter_w3b

#20

Badger eBTC Audit + Certora Formal Verification Competition

182.47 USDC • Code4rena • hunter_w3b

#12

Open Dollar

458.63 USDC • Code4rena • hunter_w3b

#12

The Wildcat Protocol

456.49 USDC • Code4rena • hunter_w3b

#18

Brahma

113.54 USDC • Code4rena • hunter_w3b

#11

ENS

8.19 USDC • Code4rena • hunter_w3b

#19

Canto Liquidity Mining Protocol

310.68 USDC • Code4rena • hunter_w3b

#11

zkSync Era

1,495.67 USDC • Code4rena • hunter_w3b

#25

Sep '23

Venus Prime

17.24 USDC • Code4rena • hunter_w3b

#37

Maia DAO - Ulysses

261.04 USDC • Code4rena • hunter_w3b

#28

DittoETH

5.78 USDC • 1 total finding • CodeHawks • hunter_w3b

#54

low

Loss of precision in `twapPriceInEther` due to division before multiplication

Ondo Finance

196.22 USDC • Code4rena • hunter_w3b

#20

Aug '23

Livepeer Onchain Treasury Upgrade

27 USDC • Code4rena • hunter_w3b

#18

Dopex

90.1 USDC • Code4rena • hunter_w3b

#84

Sparkn

6.71 USDC • 2 total findings • CodeHawks • hunter_w3b

#65

low

Signature missing nonce & expiration deadline

low

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

veRWA

9.82 USDC • Code4rena • hunter_w3b

#52

PoolTogether V5: Part Deux

129.8 USDC • Code4rena • hunter_w3b

#20

Tangible Caviar

775.9 USDC • Code4rena • hunter_w3b

#18

Good Entry

17.34 USDC • Code4rena • hunter_w3b

#31

Jul '23

Beedle - Oracle free perpetual lending

24.20 USDC • 7 total findings • CodeHawks • hunter_w3b

#107

gas

Multiple accesses of a mapping/array should use a local variable cache.

gas

The `for loops` inside the borrow(), repay(), giveLoan() & startAuction() functions in Lender contract are probably gas-guzzlers

gas

Uncheck Arithmetic where overflow/underflow impossible

gas

Using Private Rather Than Public For Constants,Saves Gas

gas

Use if + custom errors instead of using require + string

gas

Using delete statement can save gas

gas

ADD UNCHECKED{} FOR SUBTRACTIONS WHERE THE OPERANDS CANNOT UNDERFLOW BECAUSE OF A PREVIOUS IF-STATEMENT

Foundry DeFi Stablecoin CodeHawks Audit Contest

3.33 USDC • 3 total findings • CodeHawks • hunter_w3b

#101

low

Zero address check for tokens

low

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

gas

[I-10] Functions not used internally could be marked external

CodeHawks Escrow Contract - Competition Details

12.86 USDC • 2 total findings • CodeHawks • hunter_w3b

#70

gas

Reentrancy guard and nonReentrant modifier not required.

gas

Refactor `inState` modifier for high gas savings

Amphora Protocol

124.48 USDC • Code4rena • hunter_w3b

#16

Axelar Network

19.28 USDC • Code4rena • hunter_w3b

#25

PoolTogether

247.48 USDC • Code4rena • hunter_w3b

#41

Tapioca DAO

1,399.23 USDC • Code4rena • hunter_w3b

#35

Basin

25.41 USDC • Code4rena • hunter_w3b

#25

Nouns DAO

55.3 USDC • Code4rena • hunter_w3b

#17

Jun '23

LUKSO

292.81 USDC • Code4rena • hunter_w3b

#10

Lybra Finance

80.43 USDC • Code4rena • hunter_w3b

#61

Llama

23.81 USDC • Code4rena • hunter_w3b

#25

Stader Labs

18.57 USDC • Code4rena • hunter_w3b

#36

May '23

Maia DAO Ecosystem

610.33 USDC • Code4rena • hunter_w3b

#40

Juicebox Buyback Delegate

27.98 USDC • Code4rena • hunter_w3b

#17

Venus Protocol Isolated Pools

44.94 USDC • Code4rena • hunter_w3b

#44

Ajna Protocol

179.84 USDC • Code4rena • hunter_w3b

#38

Apr '23

Frankencoin

273.34 USDC • Code4rena • hunter_w3b

#28

Caviar Private Pools

480.02 USDC • Code4rena • hunter_w3b

#18

Rubicon v2

25.03 USDC • 1 total finding • Code4rena • hunter_w3b

#93

medium

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Mar '23

Feb '23

Ethos Reserve contest

42.07 USDC • Code4rena • hunter_w3b

#34