khaye26

Security Researcher

never place your private keys in .env

Contact Me

High

Total

Medium

Total

$1.72K

Total Earnings

#1209 All Time

10x

Payouts

1x

1st Places

2x

Top 10

2x

Top 25

All

Sherlock

Cantina

Sep '25

Super DCA Liquidity Network

30.55 OP • 2 total findings • Sherlock • khaye26

#32

high

Traders will claim retroactive cashback rewards for ineligible epochs

medium

Wrong Accounting for users

Ammplify

34.34 USDC • 1 total finding • Sherlock • khaye26

#59

medium

Vault Removal Ignores Direct Token Transfers

Aug '25

USG - Tangent

5.60 USDC • 1 total finding • Sherlock • khaye26

#63

medium

transferFrom in stETH will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • khaye26

medium

Fully blacklisted users can stake and specify a different receiver address

Jul '25

Mellow Flexible Vaults

163.25 USDC • 1 total finding • Sherlock • khaye26

#30

high

Improper Handling of Native ETH in `getLiquidAssets` Leads to Potential Denial of Service

DeBank

3.63 USDC • Sherlock • khaye26

#96

Notional Exponent

134.23 USDC • 1 total finding • Sherlock • khaye26

#34

medium

Chain-Specific Interface Mismatch in Convex Deposit Function

Jun '25

solaxy

393.52 USDC • 1 total finding • Cantina • Khaye

medium

Finding not yet public.

DODO Cross-Chain DEX

10.81 USDC • 1 total finding • Sherlock • khaye26

#55

high

`_doMixSwap` blindly approves whatever token is specified in params.fromToken

May '25

LEND

2.53 USDC • 2 total findings • Sherlock • khaye26

#105

medium

Borrowers will pay excessive interest due to double interest calculation in `CoreRouter::borrow`

medium

Usage of IERC20 transfer method would fail on some tokens due to lack of return of boolean value