Security Researcher
never place your private keys in .env
High
Total
Medium
Total Earnings
#1191 All Time
Payouts
1st Places
Top 10
Top 25
All
Sherlock
Cantina
Sep '25
34.34 USDC • 1 total finding • Sherlock • khaye26
#59
medium
Vault Removal Ignores Direct Token Transfers
Aug '25
5.60 USDC • 1 total finding • Sherlock • khaye26
#63
transferFrom in stETH will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance
941.02 USDC • 1 total finding • Sherlock • khaye26
Fully blacklisted users can stake and specify a different receiver address
Jul '25
163.25 USDC • 1 total finding • Sherlock • khaye26
#30
high
Improper Handling of Native ETH in `getLiquidAssets` Leads to Potential Denial of Service
3.63 USDC • Sherlock • khaye26
#96
134.23 USDC • 1 total finding • Sherlock • khaye26
#34
Chain-Specific Interface Mismatch in Convex Deposit Function
Jun '25
393.52 USDC • 1 total finding • Cantina • Khaye
#8
10.81 USDC • 1 total finding • Sherlock • khaye26
#55
`_doMixSwap` blindly approves whatever token is specified in params.fromToken
May '25
2.53 USDC • 2 total findings • Sherlock • khaye26
#105
Borrowers will pay excessive interest due to double interest calculation in `CoreRouter::borrow`
Usage of IERC20 transfer method would fail on some tokens due to lack of return of boolean value
