https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/8d54bbc4-910f-44c8-b3fe-f75ee7e0432e.jpg

innertia

Security Researcher

Web3 Security Researcher / NFT Collector 8c003f719c

Contact Me

High

11

Total

Medium

1

Solo

13

Total

$7.74K

Total Earnings

#631 All Time

12x

Payouts

silver

1x

2nd Places

regular

2x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

CodeHawks

Dec '23

stake.link

stake.link

5,604.42 USDC • 7 total findings • CodeHawks • innertia

silver

high

A user can steal an already transfered and bridged reSDL lock because of approval

high

Not Update Rewards in `handleIncomingUpdate` Function of `SDLPoolPrimary` Leads to Incorrect Reward Calculations

medium

A user can lose funds in `sdlPoolSecondary` if tries to add more sdl tokens to a lock that has been queued to be completely withdrawn

medium

Attacker can exploit lock update logic on secondary chains to increase the amount of rewards sent to a specific secondary chain

low

Insufficient Gas Limit Specification for Cross-Chain Transfers in _buildCCIPMessage() method. WrappedTokenBridge.sol #210

low

Lack of storage gap in SDLPool.sol can lead to upgrade storage slot collision.

low

Can lock Fund for 1 sec and unlock in same transaction to gain profit

Oct '23

NextGen

NextGen

6.91 USDC • 4 total findings • Code4rena • innertia

#96

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Steadefi

Steadefi

588.87 USDC • 2 total findings • CodeHawks • innertia

#13

medium

Missing minimum token amounts in the emergency contract functions allows MEV bots to take advantage of the protocols emergency situation

medium

Setting minSharesAmt high always leads to processDeposit failure

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

248.75 USDC • 2 total findings • CodeHawks • innertia

#28

medium

Fee-on-transfer tokens aren't supported

low

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

May '23

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

255.8 USDC • Code4rena • innertia

#39

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

9.12 USDC • 5 total findings • Sherlock • innertia

#67

high

Disable mint function

high

Hardcoded address error

high

Improper conditioning

high

In the calculation of amountToSellUnits, the scaling of decimal is not properly done.

high

Sandwich attack could result in substantial losses

Footium

Footium

72.79 USDC • 2 total findings • Sherlock • innertia

#27

medium

ERC20 of Missing Return Values causes tokens to get stuck

medium

With an ERC20 token with No Revert on Failure, the token is recognized as withdrawn even though it has not been withdrawn.

Apr '23

Teller

Teller

643.31 USDC • 4 total findings • Sherlock • innertia

#14

high

Collaterals can be stacked in the contract, so if the loan defaults, the lender loses everything.

medium

Disable the liquidation function.

medium

Market owners and protocol owners can steal user funds by front-running transactions and raising commissions.

medium

Fee-on-transfer tokens cannot be deposited.

Mar '23

Gitcoin

Gitcoin

147.96 USDC • Sherlock • innertia

#26

Oct '22

Mycelium

Mycelium

109.26 USDC • 1 total finding • Sherlock • innertia

#8

medium

Shares are not received even though the user has made a deposit

Sep '22

VTVL contest

VTVL contest

19.6 USDC • 1 total finding • Code4rena • innertia

#74

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.6 USDC • Code4rena • innertia

#13