https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_5.png

immeas

Security Researcher

Contact Me

High

53

Total

Medium

1

Solo

75

Total

$86.31K

Total Earnings

#97 All Time

42x

Payouts

gold

5x

1st Places

silver

1x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Mar '25

Nudge.xyz

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • immeas

#8

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

2.47 USDC • 1 total finding • Sherlock • immeas

#32

medium

Lack of slippage check on `ReputationMarket::sellVotes` will cause vote sellers to sell at a worse price than intended

Mar '24

Ondo Finance

Ondo Finance

3,177.06 USDC • 1 total finding • Code4rena • immeas

bronze

high

`OUSGInstantManager` will allow Excessive OUSG Token Minting During USDC Depeg Event

Feb '24

AI Arena

AI Arena

191.72 USDC • 10 total findings • Code4rena • immeas

#28

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

high

FighterFarm:: reroll won't work for nft id greator than 255 due to input limited to uint8

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Can mint NFT with the desired attributes by reverting transaction

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element

Dec '23

Olas

Olas

21.9 USDC • Code4rena • immeas

#20

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

897.48 USDC • 2 total findings • Code4rena • immeas

#4

high

Owner cannot withdraw all interest due to wrong calculation of accrued interest in WithdrwaCarry

medium

Users will lose rewards when buying new tokens if they already own some tokens

Oct '23

NextGen

NextGen

1,988.96 USDC • 6 total findings • Code4rena • immeas

#4

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

medium

`MinterContract::payArtist` can result in double the intended payout

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Open Dollar

Open Dollar

431.05 USDC • 3 total findings • Code4rena • immeas

#13

high

Incorrect calculations for Surplus Auction creation cause massive surplus imbalances

medium

Unable to retrieve price information with CamelotRelayer contract

medium

Due to extremely short `votingDelay` and `votingPeriod`, governance is practically impossible.

Brahma

Brahma

197.77 USDC • Code4rena • immeas

#6

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

16,263.43 USDC • Code4rena • immeas

silver
veRWA

veRWA

289.11 USDC • 3 total findings • Code4rena • immeas

#15

high

Voters from VotingEscrow can vote infinite times in vote_for_gauge_weights() of GaugeController

high

User don't have to deposit for a week into the market to get his weekly reward from the `LendingLedger`

high

If governance removes a gauge, user's voting power for that gauge will be lost.

Tangible Caviar

Tangible Caviar

1,814.97 USDC • Code4rena • immeas

#9

Jul '23

Moonwell

Moonwell

15,362.75 USDC • 7 total findings • Code4rena • immeas

gold

medium

Initial deploy won't succeed because of too high `initialMintAmount` for USDC market

medium

Proposals which intend to send native tokens to target addresses can't be executed

medium

`fastTrackProposalExecution` doesn't check `intendedRecipient`

medium

`TemporalGovernor` can be bricked by `guardian`

medium

only `guardian` can change `guardian`

medium

malicious `emissionToken` could poison rewards for a market

medium

`excuteProposal` can fail due to Wormhole guardian change

Axelar Network

Axelar Network

12,679.2 USDC • 6 total findings • Code4rena • immeas

gold

high

`expressReceiveToken` can be abused using reentry

medium

Multisig can execute the same proposal repeatedly

medium

Deployer wallet retains ability to spoof validated senders after ownership transfer

medium

Gas fees are refunded to a wrong address when transferring tokens via `InterchainToken.interchainTransferFrom`

medium

Proposal requiring native coin transfers cannot be executed

medium

`TokenManager`'s flow limit logic is broken for `ERC777` tokens

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

7,938.71 USDC • Code4rena • immeas

gold

Jun '23

Arrakis

Arrakis

1,439.55 USDC • 2 total findings • Sherlock • immeas

#5

medium

repeated rebalances lets an operator steal funds

medium

changing `managerFeeBPS` can cause unfair shares in pool

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

343.12 USDC • Code4rena • immeas

#36

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

31.03 USDC • 8 total findings • Sherlock • immeas

#52

high

Wrong address used for uniswap static oracle

high

uniswap trades are done without slippage

high

`USSD::mintRebalancer` and `USSD::burnRebalancer` and callable by anyone

high

protocol uses uniswap spot price when rebalancing

high

rebalancing calculates wrong sell amount and can revert

high

`StableOracleDAI` uses wrong decimals for chainlink feed

medium

no oracle staleness validation

medium

removing collateral will lock tokens in contract

Apr '23

JOJO Exchange

JOJO Exchange

1,075.85 USDC • 2 total findings • Sherlock • immeas

#15

medium

unborrowed JUSD are stuck in `JUSDBank`

medium

`SubAccount::execute` lacks `payable`

Teller

Teller

2,982.00 USDC • 8 total findings • Sherlock • immeas

gold

high

`CollateralManager::commitCollateral` has no access control

high

`LenderCommitmentForwarder::updateCommitment` allows lender to be changed

medium

defaulting doesn't change the state of the loan

medium

market owner and protocol can game borrowers

medium

market owner can front run bids and lower default duration

medium

bids can be created against markets that doesn't exist

medium

due date and defaulting doesn't align

medium

last repayments are calculated incorrectly for "irregular" loan durations

Rubicon v2

Rubicon v2

1,845.24 USDC • 10 total findings • Code4rena • immeas

#6

high

Wrong calculation of repayment amount in Position contract

high

Position doesn't distribute rewards to users

high

Some positions will get liquidated immediately

high

Reward accounting is incorrect in BathBuddy contract

high

DOS of market operations with malicious offers

medium

Low level calls to accounts with no code will succeed in `FeeWrapper`

medium

Incorrect fee handling in Position.sol's Market Buy/Sell functions

medium

A liquidated position possibly cannot be closed

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Mar '23

Y2K

Y2K

874.75 USDC • 7 total findings • Sherlock • immeas

#17

high

winnings for an epoch is lost when rolling over

high

changing an existing rollover updates the `ownerToRollOverQueueIndex` wrong

high

`depositFee` can be bypassed

high

executed rollovers can be delisted which trades places with last unexecuted one

high

malicious contract can DoS queues

medium

gas costs for minting rollovers is inflated by lost positions

medium

emissions for null epochs are lost

Feb '23

Derby

Derby

734.29 USDC • 9 total findings • Sherlock • immeas

#11

high

`Vault::claimTokens` uniswap swaps can be abused

medium

vault stakers and game players share the same reward pool

medium

multiple withdrawalRequest before the first rebalance will burn LPTokens but only give underlying for the last request

medium

`XChainController::sendFundsToVault` can be griefed and leave `XChainController` in a bad state

medium

calling `pushTotalUnderlyingToController` on an inactive vault will break rebalance

medium

`Vault::pullFunds` doesn't pull funds from underlying providers correctly

medium

allocations to a blacklisted protocol will stop rebalancing

medium

blacklisted protocol still accrues rewards

medium

`Swap::swapStableCoins` assumes 1:1 price

OlympusDAO

OlympusDAO

984.36 USDC • 2 total findings • Sherlock • immeas

#6

high

Trading within threshold can siphon out minted ohm

medium

`ohmRemoved` is calculated incorrectly

Carapace

Carapace

1,519.26 USDC • 5 total findings • Sherlock • immeas

#12

high

a protection seller can deposit and withdraw in the same cycle

high

a secondary market for sTokens is dangerous with how withdrawals work

high

a buyer of protection can overprotect their position

high

non claimed `unlockedFunds` are stuck in `ProtectionPool`

medium

secondary markets are problematic with how `lockCapital` works

Jan '23

Popcorn contest

Popcorn contest

609.17 USDC • 6 total findings • Code4rena • immeas

#35

high

First vault depositor can steal other's assets

high

Staking rewards can be drained

medium

The calculation of ````takeFees```` in ````Vault```` contract is incorrect

medium

Anyone can reset fees to 0 value when Vault is deployed

medium

`Vault::takeFees` can be front run to minimize `accruedPerformanceFee`

medium

`quitPeriod` is effectively always just `1 day`

Ondo Finance contest

Ondo Finance contest

275.25 USDC • 1 total finding • Code4rena • immeas

#15

medium

KYCRegistry is susceptible to signature replay attack.

Reserve contest

Reserve contest

335.43 USDC • 1 total finding • Code4rena • immeas

#23

medium

attacker can prevent vesting for a very long time

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

859.47 USDC • 4 total findings • Code4rena • immeas

#12

high

`FeeRefund.tokenGasPriceFactor` is not included in signed transaction data allowing the submitter to steal funds

high

Arbitrary transactions possible due to insufficient signature validation

medium

methods used by EntryPoint has `onlyOwner` modifier

medium

[Medium-3] Non-compliance with EIP-4337

Dec '22

GoGoPool contest

GoGoPool contest

1,442.56 USDC • 7 total findings • Code4rena • immeas

#21

high

Hijacking of node operators minipool causes loss of staked funds

high

node operator is getting slashed for full duration even though rewards are distributed based on a 14 day cycle

medium

any duration can be passed by node operator

medium

slashing fails when node operator doesn't have enough staked `GGP`

medium

MultisigManager may not be able to add a valid Multisig

medium

State Transition: Minipools can be created using other operator's AVAX deposit via recreateMinipool

medium

NodeOp funds may be trapped by a invalid state transition

Forgeries contest

Forgeries contest

64.93 USDC • 1 total finding • Code4rena • immeas

#20

high

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Caviar contest

Caviar contest

57.15 USDC • 1 total finding • Code4rena • immeas

#39

high

First depositor can break minting of shares

Escher contest

Escher contest

97.84 USDC • 3 total findings • Code4rena • immeas

#34

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

high

`saleReceiver` and `feeReceiver` can steal refunds after sale has ended

medium

ETH will get stuck if all NFTs do not get sold.

Nov '22

Redacted Cartel contest

Redacted Cartel contest

82.25 USDC • 1 total finding • Code4rena • immeas

#41

medium

Anyone can call AutoPxGmx.compound and perform sandwich attacks with control parameters

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

351.12 USDC • 3 total findings • Code4rena • immeas

#32

high

Giant pools can be drained due to weak vault authenticity check

high

Old stakers can steal deposits of new stakers in `StakingFundsVault`

medium

Incorrect implementation of the ETHPoolLPFactory.sol#rotateLPTokens let user stakes ETH more than maxStakingAmountPerValidator in StakingFundsVault, and DOS the stake function in LiquidStakingManager

Debt DAO contest

Debt DAO contest

69.43 USDC • 1 total finding • Code4rena • immeas

#48

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Chainlink Staking contest

Chainlink Staking contest

966.81 USDC • Code4rena • immeas

#14

Oct '22

Inverse Finance contest

Inverse Finance contest

4,809.57 USDC • 4 total findings • Code4rena • immeas

gold

medium

`repay` function can be DOSed

medium

`Market::forceReplenish` can be DoSed

medium

Two day low oracle used in `Market.liquidate()` makes the system highly at risk in an oracle attack

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Trader Joe v2 contest

Trader Joe v2 contest

1,251.26 USDC • Code4rena • immeas

#13

Sep '22

Nouns Builder contest

Nouns Builder contest

49.08 USDC • 1 total finding • Code4rena • immeas

#102

medium

`Token:mint`: infinite loop if the founders' shares sum up to 100

Aug '22

Olympus DAO contest

Olympus DAO contest

1,905.41 USDC • 1 total finding • Code4rena • immeas

#14

medium

low market bonds/swaps not working after loan is taken from treasury

Jul '22

Golom contest

Golom contest

0 USDC • Code4rena • immeas

#92