https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/b4f7f7b6-36f2-40da-8f6f-87bb504c6d91.jpg

israeladelaja

Security Researcher

Blockchain Engineer & Security Researcher

Contact Me

High

8

Total

Medium

5

Total

$813.00

Total Earnings

#1390 All Time

4x

Payouts

regular

1x

Top 25

regular

2x

Top 50

All

Code4rena

Feb '24

AI Arena

AI Arena

2.16 USDC • 3 total findings • Code4rena • israeladelaja

#155

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

Salty.IO

Salty.IO

716.57 USDC • 7 total findings • Code4rena • israeladelaja

#19

high

When borrowers repay USDS, it is sent to the wrong address, allowing anyone to burn Protocol Owned Liquidity and build bad debt for USDS

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

high

First Liquidity provider can claim all initial pool rewards

medium

Attacker Can Inflate LP Position Value To Create a Bad Debt Loan

medium

Attacker can take advantage of Chainlink price not occuring within it's 60 minute heartbeat to make PriceAggregator calls fail

medium

Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`

medium

If there is only one USDS borrower, he can never be liquidated

Curves

Curves

6.19 USDC • 3 total findings • Code4rena • israeladelaja

#91

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

medium

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete

reNFT

reNFT

88.09 USDC • Code4rena • israeladelaja

#40