jayjonah8

Security Researcher

Contact Me

High

Total

Medium

Total

$82.49K

Total Earnings

#124 All Time

44x

Payouts

1x

1st Places

2x

2nd Places

2x

3rd Places

All

Code4rena

Nov '23

ZetaChain

1,896.92 USDC • 1 total finding • Code4rena • jayjonah8

#12

medium

Distribution module address can be used to halt chain breaking all functionality.

Oct '22

zkSync v2 contest

250.77 USDC • Code4rena • jayjonah8

Jul '22

Golom contest

130.02 USDC • Code4rena • jayjonah8

#71

Jun '22

Connext Amarok contest

141.86 USDC • Code4rena • jayjonah8

#52

May '22

Velodrome Finance contest

101.64 USDC • Code4rena • jayjonah8

#47

Rubicon contest

0.1 USDC • 1 total finding • Code4rena • jayjonah8

#87

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Aura Finance contest

233.12 USDC • Code4rena • jayjonah8

#42

Cally contest

48.58 USDC • 2 total findings • Code4rena • jayjonah8

#69

medium

Use safeTransferFrom instead of transferFrom for ERC721 transfers

medium

User's may accidentally overpay in `buyOption()` and the excess will be paid to the vault creator

Enso Finance contest

1,518.55 USDT • Code4rena • jayjonah8

#18

Alchemix contest

188.9 DAI • Code4rena • jayjonah8

#36

FactoryDAO contest

3.18 DAI • 1 total finding • Code4rena • jayjonah8

#62

medium

amount requires to be updated to contract balance increase (1)

Cudos contest

453.22 USDC • Code4rena • jayjonah8

#22

bunker.finance contest

93.58 USDC • Code4rena • jayjonah8

#24

Apr '22

Backd contest

159.31 USDC • Code4rena • jayjonah8

#35

JPEG'd contest

151.35 USDC • Code4rena • jayjonah8

#44

Mar '22

Paladin contest

4,151.74 USDC • 2 total findings • Code4rena • jayjonah8

medium

`HolyPaladinToken.sol` uses `ERC20` token with a highly unsafe pattern

medium

Incorrect number of seconds in `ONE_YEAR` variable

Rolla contest

2,810.53 USDC • 1 total finding • Code4rena • jayjonah8

medium

No use of upgradeable SafeERC20 contract in Controller.sol

Biconomy Hyphen 2.0 contest

120.3 USDT • Code4rena • jayjonah8

#44

Feb '22

Foundation contest

181.02 USDC • Code4rena • jayjonah8

#25

JPYC contest

622.13 USDC • Code4rena • jayjonah8

#20

PoolTogether TWAB Delegator contest

131.19 USDC • Code4rena • jayjonah8

#12

SKALE contest

2,008.75 USDC • 1 total finding • Code4rena • jayjonah8

#12

medium

TokenManagerERC20.sol uses transferFrom() instead of safeTransferFrom()

Hubble contest

142.32 USDC • Code4rena • jayjonah8

#31

Redacted Cartel contest

171.56 USDC • 2 total findings • Code4rena • jayjonah8

#26

medium

SafeERC20.sol is imported but not used in the transferBribes() function

medium

[WP-H0] `DEFAULT_ADMIN_ROLE` of `BribeVault` can steal tokens from users' wallets

Jan '22

OpenLeverage contest

1,627.6 USDT • Code4rena • jayjonah8

#10

Behodler contest

536.72 USDC • 1 total finding • Code4rena • jayjonah8

#17

medium

Lack of access control in the `parameterize` function of proposal contracts

Trader Joe contest

2,109.26 USDT • 1 total finding • Code4rena • jayjonah8

medium

withdrawAVAX() function has call to sender without reentrancy protection

Livepeer contest

0 tokens) • Code4rena • jayjonah8

#25

InsureDAO contest

0 tokens) • Code4rena • jayjonah8

#33

Sandclock contest

3,260.92 USDC • 3 total findings • Code4rena • jayjonah8

high

deposit() function is open to reentrancy attacks

high

sponsor() function in open to reentrancy attacks

medium

no use of safeMint() as safe guard for users

XDEFI contest

37.37 USDC • Code4rena • jayjonah8

#28

Timeswap contest

24,145.68 USDC • 5 total findings • Code4rena • jayjonah8

high

Important state updates are made after the callback in the mint() function

high

In the lend() function state updates are made after the callback

high

borrow() function has state updates after a callback to msg.sender

high

pay() function has callback to msg.sender before important state updates

medium

no reentrancy guard on mint() function that has a callback

Dec '21

Vader Protocol contest

26.21 USDC • 1 total finding • Code4rena • jayjonah8

#17

high

VADER contains a Fee-On-Transfer

Yeti Finance contest

13,963.8 USDC • 1 total finding • Code4rena • jayjonah8

high

receiveCollateral() can be called by anyone

NFTX contest

1,534.61 USDC • 1 total finding • Code4rena • jayjonah8

#13

high

A vault can be locked from MarketplaceZap and StakingZap

Amun contest

1,001.47 USDC • Code4rena • jayjonah8

#15

Maple Finance contest

875.78 USDC • Code4rena • jayjonah8

Nov '21

Streaming Protocol contest

805.82 USDC • Code4rena • jayjonah8

#28

Fei Protocol contest

76.43 USDC • Code4rena • jayjonah8

#12

Malt Finance contest

5,017.02 USDC • 1 total finding • Code4rena • jayjonah8

high

getAuctionCore function returns wrong values out of order

Unlock Protocol contest

398.46 USDC • Code4rena • jayjonah8

#15

Overlay Protocol contest

765.95 ETH • Code4rena • jayjonah8

#12

Nested Finance contest

9,836.01 USDC • 2 total findings • Code4rena • jayjonah8

high

Copy your own portfolio to keep earning royalties

medium

Passing multiple ETH deposits in orders array will use the same msg.value many times

Vader Protocol contest

764.62 USDC • 1 total finding • Code4rena • jayjonah8

#14

high

VADER contains a Fee-On-Transfer