https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

khaye26

Security Researcher

never place your private keys in .env

Contact Me

High

5

Total

Medium

14

Total

$1.82K

Total Earnings

#1250 All Time

21x

Payouts

gold

1x

1st Places

regular

2x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

Cantina

Jan '26

OpenCover Insured Vaults

OpenCover Insured Vaults

5.27 USDC • Sherlock • khaye26

#98

Hotstuff

Hotstuff

6.96 USDC • Sherlock • khaye26

#66

Findings not publicly available for private contests.

Flying Tulip

Flying Tulip

27.51 USDC • Sherlock • khaye26

#148

Dec '25

Rujira

Rujira

0 USDC • 1 total finding • Code4rena • khaye26

#174

high

Finding not yet public.

Nov '25

SukukFi

SukukFi

0 USDC • 1 total finding • Code4rena • khaye26

#20

medium

Finding not yet public.

stNXM by EaseDeFi

stNXM by EaseDeFi

40.91 USDC • 3 total findings • Sherlock • khaye26

#24

high

Uniswap V3 Spot Price Manipulation Enables Share Price Manipulation in stNXM Vault

medium

Insufficient Uniswap V3 Observation Cardinality in `StNxmOracle::price()`

medium

`StNxmOracle::sanePrice` check will revert on normal price movements

Privacy Cash

Privacy Cash

6.02 USDC • Sherlock • khaye26

#56

Findings not publicly available for private contests.

Megapot

Megapot

0 USDC • 1 total finding • Code4rena • khaye26

#26

medium

Global Variable Manipulation During Active Draw Alters End Result

Oct '25

Reflector V3

Reflector V3

0 USDC • 1 total finding • Code4rena • khaye26

#16

medium

`twap()` under-charges for multi-period queries due to hardcoded `periods=1`

Saffron Fixed Income Vaults

Saffron Fixed Income Vaults

9.25 USDC • Sherlock • khaye26

#53

Hybra Finance

Hybra Finance

1.5 USDC • 1 total finding • Code4rena • khaye26

#32

medium

first depositor attack possible through multiple attack paths because the deposit function does not check 0 shares received.

Sep '25

Super DCA Liquidity Network

Super DCA Liquidity Network

30.55 OP • 2 total findings • Sherlock • khaye26

#32

high

Traders will claim retroactive cashback rewards for ineligible epochs

medium

Wrong Accounting for users

Ammplify

Ammplify

34.34 USDC • 1 total finding • Sherlock • khaye26

#59

medium

Vault Removal Ignores Direct Token Transfers

Aug '25

USG - Tangent

USG - Tangent

5.60 USDC • 1 total finding • Sherlock • khaye26

#63

medium

transferFrom in stETH will transfer 1-2 less way, which would result in revert in consequent functions, because of not enough balance

Neutrl Protocol

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • khaye26

gold

medium

Fully blacklisted users can stake and specify a different receiver address

Jul '25

Mellow Flexible Vaults

Mellow Flexible Vaults

163.25 USDC • 1 total finding • Sherlock • khaye26

#30

high

Improper Handling of Native ETH in `getLiquidAssets` Leads to Potential Denial of Service

DeBank

DeBank

3.63 USDC • Sherlock • khaye26

#96

Notional Exponent

Notional Exponent

134.23 USDC • 1 total finding • Sherlock • khaye26

#34

medium

Chain-Specific Interface Mismatch in Convex Deposit Function

Jun '25

solaxy

solaxy

393.52 USDC • 1 total finding • Cantina • Khaye

#8

medium

Finding not yet public.

DODO Cross-Chain DEX

DODO Cross-Chain DEX

10.81 USDC • 1 total finding • Sherlock • khaye26

#55

high

`_doMixSwap` blindly approves whatever token is specified in params.fromToken

May '25

LEND

LEND

2.53 USDC • 2 total findings • Sherlock • khaye26

#105

medium

Borrowers will pay excessive interest due to double interest calculation in `CoreRouter::borrow`

medium

Usage of IERC20 transfer method would fail on some tokens due to lack of return of boolean value