https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

iamnmt

Security Researcher

Contact Me

High

1

Solo

36

Total

Medium

40

Total

$39.96K

Total Earnings

#212 All Time

19x

Payouts

gold

1x

1st Places

silver

3x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Feb '25

Yieldoor

Yieldoor

4,819.46 USDC • 6 total findings • Sherlock • iamnmt

silver

high

Incorrect tick range in vesting position fee collection leads to transaction revert

high

Integer overflow in observation index calculation leads to denial of service

high

Incorrect max leverage calculation in liquidation check delays necessary position liquidations

high

Incorrect collateral value calculation allows bypassing leverage limits

medium

Incorrect modulo calculation in secondary position ticks leads to active position and division by zero

medium

Infinite loop in path parsing leads to broken core contract functionality for opening leveraged positions with multiple pool swaps

Jan '25

reserve-index-dtf

reserve-index-dtf

53.43 USDC • 1 total finding • Cantina • 3n0ch

#8

medium

Finding not yet public.

Dec '24

story-protocol

story-protocol

13,153.64 USDC • 8 total findings • Cantina • 3n0ch

#22

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • iamnmt

#33

high

The wrong increased amount of `marketFunds` in `buyVotes` will lead to withdrawal of a higher amount of ETH when calling `withdrawGraduatedMarketFunds`

Oct '24

predict.fun lending market

predict.fun lending market

490.40 USDC • 2 total findings • Sherlock • iamnmt

#4

medium

Inconsistency in charging the protocol fee in `_acceptOffer`, `matchProposals` with `acceptLoanOfferAndFillOrder`, `auction`, `_refinance`

medium

A borrower can not repay to a USDC blacklisted lender

Sep '24

Saffron Lido Vaults

Saffron Lido Vaults

1,422.84 USDC • 1 total finding • Sherlock • iamnmt

silver

high

The incorrect accounting of protocol fee will cause double charging fee and wrong distribution of earnings for variable users

Royco Protocol

Royco Protocol

860.41 USDC • 7 total findings • Cantina • 3n0ch

#11

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Boost Core Incentive Protocol

Boost Core Incentive Protocol

1,654.14 USDC • 4 total findings • Sherlock • iamnmt

#5

high

Wrong owner initialization in incentive contracts will cause owner functions to be unusable

medium

Unrestricted `referralFee` will cause the protocol can not receive `claimFee` as a boost creator will set `boost.referralFee` to `100%`

medium

Incentive contracts can not be initialized with Fee on Transfer tokens

medium

`incentiveId_` is not included in the hash that is signed by the validator will allow anyone to claim for a user

Aug '24

ZeroLend One

ZeroLend One

4,179.52 USDC • 13 total findings • Sherlock • iamnmt

bronze

high

A NFT's `_balances` is not updated during liquidation will cause `_balances` and `_totalSupply` to report a stale value

high

Incorrect deduction of `accruedToTreasuryShares` from `totalSupply.supplyShares` in `executeMintToTreasury` will cause broken accounting, insolvency

high

`POOL_ADMIN_ROLE` can set a pool's `interestRateStrategyAddress` to a bad address to cause loss of funds to a vault

high

An attacker can hijack the `CuratedVault`'s matured yield

high

Incorrect conversion between debt shares and supply collateral shares will cause incorrect calculation of liquidation rewards or debt deduction

high

Wrong calculation in `PositionBalanceConfiguration#getSupplyBalance` when `liquidityIndex > ray` will cause broken accounting

medium

Different oracle's decimals will cause wrong calculation in `GenericLogic#calculateUserAccountData`

medium

Wrong implementation of `CuratedVault#reallocate` when `allocation.assets = 0` will cause unknown frontrunning donations can not be withdrawn

medium

`CuratedVault` is vulnerable to an inflation attack when 18 decimals token is used as an asset

medium

In `NFTPositionManager`, `_totalSupply` and `_balances` will be stale when `borrowIndex` and `liquidityIndex` are increased

medium

Missing a `updateInterestRates` step in `executeMintToTreasury`

medium

Hardcoded oracle's heartbeat in `Pool` will cause using stale price in case of short heartbeat oracle and DoS in case of long heartbeat oracle

medium

`borrowIndex` increases faster than `liquidityIndex` will cause the borrowers overpay their debt

Fjord Token Staking

Fjord Token Staking

1,672.23 USDC • 2 total findings • CodeHawks • 3n0ch

bronze

high

Loss of funds for a user due to incorrect state updates while unstaking

medium

Owner of a cancelled Sablier stream will be elegible for a full amount reward claim, due to a revert in `FjordStaking::onStreamCanceled(...)`

Winnables Raffles

Winnables Raffles

39.80 USDC • 5 total findings • Sherlock • iamnmt

#18

high

`_lockedETH` is not decreased in `WinnablesTicketManager#refundPlayers` will cause loss of funds to the owner when withdrawing ticket sales

high

In `WinnablesTicketManager`, an attacker can prevent CCIP messages in `cancelRaffle` and `propagateRaffleWinner` from being sent to `prizeManager` in the destination chain

high

An attacker can prevent the raffle from being created by exploiting permissionless raffle cancellation

medium

Winnables admins can prevent a winner from withdrawing their prize

medium

Admin can not deny roles to other users

Sentiment V2

Sentiment V2

1,028.57 USDC • 2 total findings • Sherlock • iamnmt

#14

medium

A position that got blacklisted by USDC/USDT still can use USDC/USDT in its balance as an asset

medium

In `SuperPool`, an attacker can move assets to a specific base pool

Jul '24

TraitForge

TraitForge

0.05 USDC • 3 total findings • Code4rena • 3n0ch

#85

high

The maximum number of generations is infinite

high

Wrong minting logic based on total token count across generations

medium

`Golden God` Tokens can be minted twice per generation

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

3,120.45 USDC • 10 total findings • Sherlock • iamnmt

silver

high

Incorrect ownership check in `BribeRewarder#_modify` will prevent `Voter` from calling `BribeRewarder#deposit`

high

Users can not claim from `BribeRewarder` when `Voter#getLatestFinishedPeriod()` is greater than `BribeRewarder#_lastVotingPeriod + 1`

high

Incorrect order when setting top pool's weight will cause the `LUM` rewards to mint more than expected

high

Missing `sweep` function will left residual bribe rewards stuck in `BribeRewarder`

high

Missing remaining lock time check for `lsNFT` in `Voter#vote` will allow users double voting at the end of locking period

medium

Permissionless `BribeRewarder` registration will cause the bribing mechanism unavailable as an attacker will register `BribeRewarder`s with `_amountPerPeriod = 1 wei`

medium

Incorrect ownership check in `MlumStaking#addToPosition` will cause locking user's funds more than a week as an attacker will call `MlumStaking#addToPosition` to user's position at the end of locking period

medium

Rounding down `avgDuration` in `MlumStaking#addToPosition` allows users add `MLUM` to a position without extending `lockDuration` at the end of a locking period

medium

Rounding to zero while calculating `debtPerShare` in `MasterChefRewarder`, `BribeRwarder` when the rewards is low decimals token will prevent the rewards from accruing as an attacker will update the rewards every block

medium

Unclaimed rewards when emergency withdrawing are not redistributed in `MasterChef` and `MlumStaking`

Jun '24

Size

Size

526.06 USDC • 5 total findings • Code4rena • 3n0ch

#35

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Multicall does not work as intended

medium

LiquidateWithReplacement does not charge swap fees on the borrower

medium

withdraw() users may can't withdraw underlyingBorrowToken properly

May '24

YOLO Games

YOLO Games

1,007.92 USDC • 3 total findings • Cantina • 3n0ch

#4

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Predy

Predy

457.19 USDC • 1 total finding • Code4rena • 3n0ch

#18

medium

Possible DoS When calling `GammaTradeMarket::_removePosition` will cause user position to not be able to get liquidated

Beefy Cowcentrated Liquidity Manager

Beefy Cowcentrated Liquidity Manager

5,375 USDC • 1 total finding • Sherlock • iamnmt

gold

medium

`StrategyPassiveManagerVelodrome`'s functionality would break when being initialized with a pool that has one of the trading tokens as a reward token

Elfi

Elfi

101.48 USDC • 1 total finding • Sherlock • iamnmt

#21

high

A malicious user can transfer an arbitrary amount of WETH from `LpVault` to `PortfolioVault` by staking native token as collateral