https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_2.png

kennedy1030

Security Researcher

Contact Me

High

20

Total

Medium

19

Total

$4.93K

Total Earnings

#754 All Time

14x

Payouts

bronze

1x

3rd Places

regular

3x

Top 10

regular

10x

Top 25

All

Sherlock

Code4rena

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

80.51 USDC • Sherlock • kennedy1030

#33

Telcoin Update #2

Telcoin Update #2

56.53 USDC • Sherlock • kennedy1030

#24

Oct '24

predict.fun lending market

predict.fun lending market

490.40 USDC • 2 total findings • Sherlock • kennedy1030

#4

medium

Incorrect protocol fee calculations lead to unfair fee payments

medium

A borrower cannot take back his collateral if the lender is blocked.

Jul '24

MakerDAO Endgame

MakerDAO Endgame

67.06 USDC • Sherlock • kennedy1030

#105

Jun '24

Vultisig

Vultisig

167.5 USDC • 2 total findings • Code4rena • kennedy1030

#22

high

Vultisig whitelisting can be bypassed by anyone

high

Most users won't be able to claim their share of Uniswap fees

May '24

Gamma - Locked Staking Contract

Gamma - Locked Staking Contract

133.81 USDC • 1 total finding • Sherlock • kennedy1030

bronze

medium

Early exit near the end of the lock-up period can be risky

Apr '24

Renzo

Renzo

630.73 USDC • 5 total findings • Code4rena • kennedy1030

#19

high

Withdrawals logic allows MEV exploits of TVL changes and zero-slippage zero-fee swaps

high

ETH withdrawals from EigenLayer always fail due to `OperatorDelegator`'s nonReentrant `receive()`

high

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

medium

Pending withdrawals prevent safe removal of collateral assets

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Teller Finance

Teller Finance

347.24 USDC • 7 total findings • Sherlock • kennedy1030

#15

high

Anyone can borrow with a low interest rate in the `LenderCommitmentGroup_Smart`.

high

The protocol dosn't work well for USDT.

high

Incorrect check for `_collateralAmount` in `LenderCommitmentGroup_Smart.acceptFundsForAcceptBid()`.

high

Improper implementation of `TellerV2._lenderCloseLoanWithRecipient()` can result in frozen collateral into `LenderCommitmentGroup_Smart`.

medium

Anyone can bypass the borrowing limitation of `LenderCommitmentGroup_Smart`.

medium

Incorrect function selector in `FlashRolloverLoan_G5._acceptCommitment()`.

medium

`LenderCommitmentGroup_Smart.sol` doesn't work correctly with fee-on-transfer tokens.

TITLES Publishing Protocol

TITLES Publishing Protocol

45.26 USDC • 6 total findings • Sherlock • kennedy1030

#29

high

The fee distribution in the `FeeManager._splitProtocolFee()` function is incorrect.

high

The `Edition.mintBatch()` function pays less fees than expected.

medium

An attacker can invalidate signatures for `TitlesGraph.acknowledgeEdge()` and `TitlesGraph.unacknowledgeEdge` by front running.

medium

Incorrect assigning to memory variable in `TitlesGraph._setAcknowledged()`.

medium

The `Edition.mintBatch()` function always reverts when `tokenIds_.length > 1`.

medium

The excess Ether in the call to `Edition.mint()` is not returned to `msg.sender`.

DYAD

DYAD

327.2 USDC • 6 total findings • Code4rena • kennedy1030

#35

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Kerosene collateral is not being moved on liquidation, exposing liquidators to loss

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Missing enough exogeneous collateral check in `VaultManagerV2::liquidate` makes the liquidation revert even if (DYAD Minted > Non Kerosene Value)

high

User can get their Kerosene stuck because of an invalid check on withdraw

Mar '24

Goat Trading

Goat Trading

686.69 USDC • 1 total finding • Sherlock • kennedy1030

#6

medium

Legitimate pools can be taken over and the penalty is not fair.

Amphor

Amphor

194.58 USDC • 1 total finding • Sherlock • kennedy1030

#11

high

`AsyncSynthVault._claimRedeem()` should check that `lastRedeemRequestId[owner] < epochId`.

Revert Lend

Revert Lend

691.33 USDC • 4 total findings • Code4rena • kennedy1030

#22

medium

`AutoExit` could receive a reward calculated from the entire position's fund even if `onlyFee` is true in `AutoExit.execute()`.

medium

Wrong global lending limit check in `_deposit` function

medium

Large decimal of referenceToken causes overflow at oracle price calculation

medium

Users can lend and borrow above allowed limitations

Feb '24

Rio Network

Rio Network

1,013.49 USDC • 4 total findings • Sherlock • kennedy1030

#13

high

The value of `operatorDetails.shareDetails[newShareCap.strategy].allocation` has to be deleted when `currentShareDetails.cap > 0 && newShareCap.cap == 0` at the function `OperatorRegistryV1Admin.setOperatorStrategyCap()`.

high

`currentEpochsByAsset` must be increased by 1 in `RioLRTWithdrawalQueue.queueCurrentEpochSettlement()`.

medium

In `RioLRTCoordinator.requestWithdrawal`, `availableShares` doesn't consider previous queued withdrawals and users can request withrawal more than available shares.

medium

`rebalance()` could be reverted unreasonably by improper checking in `OperatorOperation.depositTokenToOperators()`.