https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/e96cc3db-c986-4784-a5cb-4dd2e32e8d08.jpg

itsabinashb

Security Researcher

https://t.co/NRxWEmUdmX

Contact Me

High

Total

Medium

Solo

Total

$2.32K

Total Earnings

#948 All Time

12x

Payouts

1x

3rd Places

2x

Top 10

7x

Top 25

All

Sherlock

Code4rena

CodeHawks

Hats Finance

Jan '25

Liquid Ron

0 USDC • 1 total finding • Code4rena • itsabinashb

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Aave v3.3

414.34 USDC • Sherlock • itsabinashb

#51

Dec '24

SecondSwap

4.02 USDC • 4 total findings • Code4rena • itsabinashb

#57

high

Users can claim more that their actual allotment

medium

Listing potential can not be purchased with discounted price

medium

maxSellPercent can be buypassed by selling previously bought vestings at a later time

medium

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Nov '24

Euro Dollar

299.9 USDC • 1 total finding • Hats • 0xAbinash

medium

Malicious BLACKLISTER_ROLE can temporarily block burning mechanism blacklisting address(0)

Aug '24

Tadle

74.03 USDC • 9 total findings • CodeHawks • itsabinashb

#58

high

TokenManager - Unlimited withdraw

high

Taker of bid offer will loss assets without any benefit if he calls the DeliveryPlace::settleAskMaker() for partial settlement.

high

Native token withdrawal fails until manually approved

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Token withdrawal fails until someone manually approves spending

low

The referral bonus can't be split correctly between the referrer and the authority referral

Jul '24

CCIP v1.5

341.63 USDC • CodeHawks • itsabinashb

#12

Jun '24

Intuition

200 USDC • 1 total finding • Hats • 0xAbinash

medium

`_createTriple()` logic do not follow the intended design mentioned in documentation

May '24

Munchables

0.01 USDC • 1 total finding • Code4rena • itsabinashb

#16

high

Invalid validation allows users to unlock early

Apr '24

NOYA

3.36 USDC + NOYA stars • 2 total findings • Code4rena • itsabinashb

#107

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

Withdrawals in AccountManager are prone to DOS attacks.

DYAD

16.53 USDC • 6 total findings • Code4rena • itsabinashb

#85

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Value of kerosene can be manipulated to force liquidate users

medium

Incorrect deployment / missing contract will break functionality

Mar '24

vVv Vesting & Staking

61.60 USDC • Sherlock • itsabinashb

#18

Feb '24

Rio Network

901.89 USDC • 1 total finding • Sherlock • itsabinashb

#17

high

OperatorUtilizationHeap::Duplicating last operator in the heap while removing an operator