https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0171b507-b95a-4063-8d93-ee96d43f3190.png

jennifer37

Security Researcher

High

2

Solo

25

Total

Medium

1

Solo

21

Total

$24.14K

Total Earnings

#325 All Time

16x

Payouts

gold

3x

1st Places

silver

2x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Feb '25

Yieldoor

Yieldoor

13.80 USDC • 1 total finding • Sherlock • jennifer37

#26

high

Incorrect leverage collateral value's calculation

Dec '24

Idle Finance Credit Vaults

Idle Finance Credit Vaults

1,142.76 USDC • Sherlock • jennifer37

#5

Findings not publicly available for private contests.

Nov '24

Resolv Core

Resolv Core

3,800 OP • Sherlock • jennifer37

gold

Findings not publicly available for private contests.

Extra Finance

Extra Finance

2,817.63 OP • Sherlock • jennifer37

gold

Findings not publicly available for private contests.

Chiliz Chain System Contracts

Chiliz Chain System Contracts

931.85 USDC • Sherlock • jennifer37

#8

Findings not publicly available for private contests.

Oct '24

Covalent - EWM Light Client

Covalent - EWM Light Client

2,182.79 USDC • Sherlock • jennifer37

gold

Findings not publicly available for private contests.

Aug '24

Winnables Raffles

Winnables Raffles

285.43 USDC • 4 total findings • Sherlock • jennifer37

#8

high

Malicious users can cancel all raffles when the raffle status is changed to `PRIZE_LOCKED`

high

Malicious users can manipulate prizeManager/chainSelector in cancelRaffle()

medium

The admin can manipulate the raffle winner after randomword is generated.

medium

Admin role can manipulate the winner role via adding another CCIP counter part

Sentiment V2

Sentiment V2

5.68 USDC • 1 total finding • Sherlock • jennifer37

#45

medium

reallocate() may be dos because of improper approve in USDT

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

8.56 USDC • 5 total findings • Sherlock • jennifer37

#52

high

Funds in MlumStaking may be used to vote twice

high

Non-functional vote() if there is one bribe rewarder for this pool

medium

normal bribe rewarders may be blocked by malicious bribe rewarders

medium

voters may lose some bribe rewarder if bribe rewarder's reward token is token with fee-on-transfer

medium

Users' position in MlumStaking can be extended by malicious users

Velocimeter

Velocimeter

6,714.83 USDC • 6 total findings • Sherlock • jennifer37

silver

high

Some claimable gauge rewards will be locked if the gauge is killed

high

poke() may be dos

high

Users may not create lock in VotingEscrow.sol because of dos

high

Lack of slippage control for exerciseVe()/exerciseLp()

medium

swap may be reverted if the input amount is not large enough, especially for low decimal tokens

medium

first LP provider may cause pool dos

May '24

Elfi

Elfi

3,215.86 USDC • 14 total findings • Sherlock • jennifer37

silver

high

Lack of access control for function batchUpdateAccountToken

high

cancelMintStakeToken might be reverted in some cases

high

redeem stake token may be Dos because there is not enough balance in stake pool.

high

LP holders may lose their stake fee rewards

high

Lack of timely update borrowing fee when update position's margin

high

Uninitialized cache.redeemFee cause 0 redeem fee

high

Incorrect changeAmount calculation in updatePositionFromBalanceMargin

high

Incorrect `reduceAmount` usage in updateAllPositionFromBalanceMargin

high

Users can use weth to replace any margin token in createUpdatePositionMarginRequest()

high

Traders may decrease the loss via decrease the position's margin

medium

Lack of decreasing totalCollateral when withdraw

medium

Incorrect settleFee process for cross-margin account

medium

Lack of execution fee mechanism in AccountFacet

medium

Lack of oracle setting in autoReducePositions

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

49.63 USDC • 6 total findings • Sherlock • jennifer37

#27

high

Incorrect protocol fee split in _splitProtocolFee()

high

Users can pay less minting fees than expected via mintBatch()

medium

Possible signature attack in TitlesGraph::acknowledgeEdge()/unacknowledgeEdge()

medium

_feeReceivers should be updated when transferWork

medium

Non-functional ether refund in Edition::mint()

medium

Function mintBatch() will be reverted if `tokenIds_`'s length is larger than 1

Mar '24

Amphor

Amphor

194.58 USDC • 1 total finding • Sherlock • jennifer37

#11

high

User's requestDeposit funds may be lost via claimAndRequestDeposit()

Feb '24

Napier

Napier

499.37 USDC • 1 total finding • Sherlock • jennifer37

#6

high

Vault inflation attack in StEtherAdapter::prefundedDeposit()

Smilee Finance

Smilee Finance

1,402.12 USDC • 2 total findings • Sherlock • jennifer37

bronze

medium

Malicious DVP can cause dos attack in FeeManager

medium

Trader's position may be locked in DVP

Jan '24

Flat Money

Flat Money

878.61 USDC • 5 total findings • Sherlock • jennifer37

#11

high

Trader can pay less trader fee by limit order

high

Leverage position can be unlocked in one limit order.

medium

repeat deposit/withdraw to earn lot of FMP

medium

improper priceDiff usage when offchain price is invalid

medium

Need timely update stableCollateralTotal before checkSkewMax()