https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/4dfc2be6-d333-42a2-87cd-836c74d93e43.jpg

ihtishamsudo

Security Researcher

Smart Contract Security Researcher | Solidity | Rust

Contact Me

High

7

Total

Medium

9

Total

$17.43K

Total Earnings

#390 All Time

37x

Payouts

bronze

1x

3rd Places

regular

8x

Top 10

regular

22x

Top 25

All

Sherlock

Code4rena

CodeHawks

Immunefi

Mar '25

Crestal Network

Crestal Network

0.01 USDC • 1 total finding • Sherlock • ihtishamsudo

#12

high

Unauthorized Token Transfers in payWithERC20 Function

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • ihtishamsudo

#18

medium

Malicious actors will indefinitely extend reward periods affecting all stakers

Feb '25

MetaLend Ronin Lending Protocol

MetaLend Ronin Lending Protocol

Collaborative Audit • Sherlock • thekmj

Jan '25

Aave v3.3

Aave v3.3

439.92 USDC • Sherlock • thekmj

#50

Allora v0.8.0 Update

Allora v0.8.0 Update

7,982.97 USDC • Sherlock • thekmj

#4

Findings not publicly available for private contests.

Oct '24

Audit Comp | Anvil

Audit Comp | Anvil

139 USDT • 1 total finding • Immunefi • ihtishamsudo

#13

low

Finding not yet public.

Avantis v1.5: Cross-Asset Leverage

Avantis v1.5: Cross-Asset Leverage

699.35 OP • Sherlock • thekmj

#12

Findings not publicly available for private contests.

Sep '24

Boost Core Incentive Protocol

Boost Core Incentive Protocol

9.11 USDC • 1 total finding • Sherlock • ihtishamsudo

#23

medium

Boost Protocol doesn't support Fee-on-Transfer Tokens

Aug '24

Winnables Raffles

Winnables Raffles

1.80 USDC • 1 total finding • Sherlock • ihtishamsudo

#37

high

Unupdated _lockedETH in refundPlayers Function Leads to Potential Fund Locking

Jul '24

Munchables

Munchables

0.39 USDC • 1 total finding • Code4rena • ihtishamsudo

#48

high

Single plot can be occupied by multiple renters

MakerDAO Endgame

MakerDAO Endgame

657.58 USDC • Sherlock • thekmj

#67

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

57.57 USDC • Sherlock • thekmj

#21

Acala

Acala

3,012.88 USDC • 1 total finding • Code4rena • ihtishamsudo

#5

high

`transfer_share_and_rewards` allows for self transfer

Phat Contract Runtime

Phat Contract Runtime

391.62 USDC • Code4rena • ihtishamsudo

#8

Feb '24

UniStaker Infrastructure

UniStaker Infrastructure

22.02 USDC • Code4rena • ihtishamsudo

#8

Audit Comp | Puffer Finance

Audit Comp | Puffer Finance

320 USDC • 2 total findings • Immunefi • ihtishamsudo

#27

low

Finding not yet public.

low

Finding not yet public.

HydraDX

HydraDX

22.99 USDC • Code4rena • ihtishamsudo

#18

Jan '24

Decent

Decent

23.41 USDC • Code4rena • ihtishamsudo

#48

Dec '23

stake.link

stake.link

10.28 USDC • 1 total finding • CodeHawks • ihtishamsudo

#32

low

SINGLE STEP OWNERSHIP TRANSFER PROCESS

Footium Update

Footium Update

88.52 USDC • Sherlock • thekmj

#16

Revolution Protocol

Revolution Protocol

237.05 USDC • Code4rena • ihtishamsudo

#27

Oct '23

NextGen

NextGen

27.69 USDC • Code4rena • ihtishamsudo

#75

ENS

ENS

85.67 USDC • Code4rena • ihtishamsudo

#12

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

58.62 USDC • 1 total finding • Code4rena • ihtishamsudo

#45

medium

Message channels can be blocked resulting in DoS

Aug '23

Cooler Update

Cooler Update

397.03 USDC • 1 total finding • Sherlock • thekmj

#7

medium

`emergency_shutdown` role is not enough for emergency shutdown.

Shell Protocol

Shell Protocol

247.5 USDC • Code4rena • ihtishamsudo

#12

Tangible Caviar

Tangible Caviar

47.49 USDC • Code4rena • ihtishamsudo

#61

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

2.47 USDC • 1 total finding • CodeHawks • ihtishamsudo

#94

gas

Use nested `if` statements instead of logical AND (`&&`)

Lens Protocol V2

Lens Protocol V2

31.38 USDC • Code4rena • ihtishamsudo

#9

Beam

Beam

78.49 USDC • Sherlock • thekmj

#24

Nouns DAO

Nouns DAO

277.78 USDC • Code4rena • ihtishamsudo

#12

Jun '23

Unitas Protocol

Unitas Protocol

81.25 USDC • 1 total finding • Sherlock • thekmj

#18

medium

Protocol does not check for price staleness from the XOracle, which is problematic if the price feeder goes down.

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

442.4 USDC • 1 total finding • Code4rena • ihtishamsudo

#46

medium

Protocol fees can become trapped indefinitely inside Talos vault contracts

Iron Bank

Iron Bank

117.53 USDC • 2 total findings • Sherlock • thekmj

#9

medium

PriceOracle will use the wrong price if the Chainlink registry returns price outside min/max range

medium

Chainlink oracle may return stale data

Footium

Footium

0.01 USDC • 1 total finding • Sherlock • thekmj

#32

medium

Unsafe ERC20 transfer: tokens that don't revert on failed transfers may disable claims

Apr '23

EigenLayer Contest

EigenLayer Contest

161.62 USDC • Code4rena • ihtishamsudo

#23

Jan '23

Cooler

Cooler

48.03 USDC • 2 total findings • Sherlock • thekmj

#27

high

Rollable loans can be indefinitely rolled, opening up room for a griefing attack that will permanently lock funds.

high

Unsafe ERC20 usage: If one of the token is a non-revert on transfer, the other token can be stolen.

Notional Update

Notional Update

1,204.75 USDC • 1 total finding • Sherlock • thekmj

bronze

high

`getEmergencySettlementBPTAmount()`: Wrong usage of `IERC20.totalSupply()` on BPT tokens