https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

kirk-baird

Security Researcher

Contact Me

High

24

Total

Medium

48

Total

$96.11K

Total Earnings

#96 All Time

22x

Payouts

gold

1x

1st Places

silver

4x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Feb '23

GMX

GMX

387.21 USDC • 2 total findings • Sherlock • kirk-baird

#22

medium

`ExecuteDepositUtils.getAdjustedLongAndShortTokenAmounts()` Will Always Fail

medium

`getAdjustedLongAndShortTokenAmounts()` Incorrectly Calculates Amounts

Nov '22

Bull v Bear

Bull v Bear

613.67 USDC • 2 total findings • Sherlock • kirk-baird

#4

high

`reclaimContract()` Can Be Called On Non-Existent Orders

high

Reentrancy in `withdrawToken()` May Delete The Next User's Balance

Aug '22

Sentiment

Sentiment

290.24 USDC • 2 total findings • Sherlock • kirk-baird

#20

medium

HIGH: Malicious Assets Can Be Added By Calling `removeLiquidity()` in SushiSwap

medium

MED/HIGH: Blacklisting An Asset Prevents Liquidation

Jun '22

Putty contest

Putty contest

1,679.65 USDC • 4 total findings • Code4rena • kirk-baird

#11

high

`acceptCounterOffer()` May Result In Both Orders Being Filled

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

medium

Malicious Token Contracts May Lead To Locking Orders

medium

Overlap Between `ERC721.transferFrom()` and `ERC20.transferFrom()` Allows `order.erc20Assets` or `order.baseAsset` To Be ERC721 Rather Than ERC20

Illuminate contest

Illuminate contest

3,351.9 USDC • 13 total findings • Code4rena • kirk-baird

#4

high

Allowance check always true in ERC5095 redeem

high

ERC5095 redeem/withdraw does not update allowances

high

Able to mint any amount of PT

high

Funds may be stuck when `redeeming` for Illuminate

high

[H-05] Not minting iPTs for lenders in several lend functions

high

Division Before Multiplication Can Lead To Zero Rounding Of Return Amount

high

Pendle Uses Wrong Return Value For `swapExactTokensForTokens()`

medium

Swivel lend method doesn't pull protocol fee from user

medium

Lend method signature for illuminate does not track the accumulated fee

medium

sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender

medium

`Lender.mint()` May Take The Illuminate PT As Input Which Will Transfer And Mint More Illuminate PT Cause an Infinite Supply

medium

Centralisation Risk: Admin Can Change Important Variables To Steal Funds

medium

Calls To `Swivel.initiate()` Do Not Verify `o.exit` or `o.vault` Allowing An Attacker To Manipulate Accounting In Their Favour

Badger-Vested-Aura contest

Badger-Vested-Aura contest

1,959.18 USDC • 2 total findings • Code4rena • kirk-baird

#5

high

auraBAL can be stuck into the Strategy contract

medium

Badger rewards from Hidden Hand can permanently prevent Strategy from receiving bribes

May '22

veToken Finance contest

veToken Finance contest

3,318 USDT • 4 total findings • Code4rena • kirk-baird

#6

medium

Duplicate LP token could lead to incorrect deposits

medium

`VE3DRewardPool` and `VE3DLocker` adds to an unbounded array which may potentially lock all rewards in the contract

medium

Misconfiguration of Fees Incentive Might Cause Tokens To Be Stuck In `Booster` Contract

medium

Centralisation RIsk: `VoterProxy` owner may set the `operate` to an address they own and drain all token balances

Aura Finance contest

Aura Finance contest

6,739.6 USDC • 2 total findings • Code4rena • kirk-baird

#6

medium

User will lose funds

medium

Integer overflow will lock all rewards in `AuraLocker`

Cudos contest

Cudos contest

690.76 USDC • 1 total finding • Code4rena • kirk-baird

#18

medium

Admin drains all ERC based user funds using withdrawERC20()

Mar '22

Joyn contest

Joyn contest

3,228.28 USDC • 9 total findings • Code4rena • kirk-baird

silver

high

Splitter: Anyone can call incrementWindow to steal the tokens in the contract

high

CoreCollection can be reinitialized

high

ERC20 transferFrom return values not checked

high

DoS: `claimForAllWindows()` May Be Made Unusable By An Attacker

high

Centralisation RIsk: Owner Of `RoyaltyVault` Can Take All Funds

medium

createProject can be frontrun

medium

DoS: Attacker May Front-Run `createSplit()` With A `merkleRoot` Causing Future Transactions With The Same `merkleRoot` to Revert

medium

Ineffective Handling of FoT or Rebasing Tokens

medium

Fixed Amount of Gas Sent in Call May Be Insufficient

LI.FI contest

LI.FI contest

5,507.65 USDC • 7 total findings • Code4rena • kirk-baird

#5

high

Reliance on lifiData.receivingAssetId can cause loss of funds

medium

Swap functions are Reenterable

medium

`AnyswapFacet` can be exploited to approve arbitrary tokens.

medium

ERC20 bridging functions do not revert on non-zero msg.value

medium

Reputation Risks with `contractOwner`

medium

Anyone can get swaps for free given certain conditions in `swap`.

medium

`msg.value` is Sent Multipletimes When Performing a Swap

prePO contest

prePO contest

6,790 USDC • 1 total finding • Code4rena • kirk-baird

gold

high

Strategy Migration May Leave Tokens in the Old Strategy Impacting Share Calculations

Feb '22

Foundation contest

Foundation contest

181.02 USDC • Code4rena • kirk-baird

#25

JPYC contest

JPYC contest

603.43 USDC • Code4rena • kirk-baird

#21

PoolTogether TWAB Delegator contest

PoolTogether TWAB Delegator contest

7,650 USDC • 1 total finding • Code4rena • kirk-baird

silver

medium

`permitAndMulticall()` May Be Used to Steal Funds Or as a Denial Of Service if `_from` Is Not The Message Sender

SKALE contest

SKALE contest

19,182.87 USDC • 4 total findings • Code4rena • kirk-baird

silver

high

Gas Pricing Can Be Used To Extort Funds From Users of SChain Owner

medium

Centralisation Risk: Admin Role of `TokenManagerEth` can Rug Pull All Eth from the Bridge

medium

Not compatible with Rebasing/Deflationary/Inflationary tokens

medium

Schain owners can rug pull users' funds

Hubble contest

Hubble contest

7,209.63 USDC • 4 total findings • Code4rena • kirk-baird

bronze

high

denial fo service

medium

ClearingHouse May Whitelist Duplicate AMMs

medium

AMM Cannot Be `initialize()` Except By Governance

medium

Users are able to front-run bad debt settlements to avoid insurance costs

Redacted Cartel contest

Redacted Cartel contest

759.82 USDC • 1 total finding • Code4rena • kirk-baird

#13

medium

Changing `bribeVault` in `RewardDistributor.sol` will Lock Current ETH Rewards

Concur Finance contest

Concur Finance contest

1,672.15 USDC • 4 total findings • Code4rena • kirk-baird

#12

high

`ConvexStakingWrapper._calcRewardIntegral()` Can Be Manipulated To Steal Tokens From Other Pools

high

[WP-H8] `ConvexStakingWrapper.sol#_calcRewardIntegral` Wrong implementation can disrupt rewards calculation and distribution

medium

`MasterChef.updatePool()` Fails To Update Reward Variables If `block.number >= endBlock`

medium

[ConcurRewardPool] Possible reentrancy when claiming rewards

Jan '22

Behodler contest

Behodler contest

14,906.8 USDC • 6 total findings • Code4rena • kirk-baird

silver

high

Loss Of Flash Governance Tokens If They Are Not Withdrawn Before The Next Request

high

Lack of access control on `assertGovernanceApproved` can cause funds to be locked

medium

Calling `generateFLNQuote` twice in every block prevents any migration

medium

You can flip governance decisions without extending vote duration

medium

Reentrancy on Flash Governance Proposal Withdrawal

medium

Burning a User's Tokens for a Flash Proposal will not Deduct Their Balance

Trader Joe contest

Trader Joe contest

2,063.19 USDT • 2 total findings • Code4rena • kirk-baird

#7

medium

Re-enterable Code When Making a Deposit to Stake

medium

LP Tokens May Be Locked in Contract Due to `allowEmergencyWithdraw()` in Stage 3

Sherlock contest

Sherlock contest

7,330.8 USDC • 1 total finding • Code4rena • kirk-baird

#4

medium

Reenterancy in `_sendSherRewardsToOwner()`