https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/2d3df189-bf4a-47b8-8460-293239338e83.jpg

krikolkk

Security Researcher

gotta catch'em all

Contact Me

High

Solo

Total

Medium

Solo

Total

$196.17K

Total Earnings

#46 All Time

20x

Payouts

3x

1st Places

5x

2nd Places

1x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Hats Finance

May '25

boop.fun Bonding Curve

Collaborative Audit • Sherlock • krikolkk

Mar '25

reserve-index-dtfs-solana

17,953.71 USDC • 8 total findings • Cantina • krikolkk

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '25

infrared-contracts

212.48 USDC • 2 total findings • Cantina • krikolkk

#46

high

Finding not yet public.

medium

Finding not yet public.

ton-pool-contracts

253.06 USDC • 1 total finding • Cantina • krikolkk

#12

medium

Finding not yet public.

Dec '24

aligned-layer

7,885.5 USDC • 2 total findings • Cantina • krikolkk

high

Finding not yet public.

medium

Finding not yet public.

InterPol

10,287.17 USDC • 1 total finding • Cantina • krikolkk

high

Finding not yet public.

Oct '24

tensor-monorepo

38,800.51 USDC • 8 total findings • Cantina • krikolkk

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Orderly Solana Vault Contract

3,967.50 USDC • 3 total findings • Sherlock • krikolkk

high

Attacker will steal tokens from users

high

Attacker will bridge fake tokens to Orderly for USDC

medium

Executor can revert if in order execution is enabled

Sep '24

redstone-oracle

399.87 USDC • 2 total findings • Cantina • krikolkk

high

Finding not yet public.

medium

Finding not yet public.

Staking

1,825.92 USDC • CodeHawks • kriko

#10

Aug '24

Centrifuge

7,889.22 USDC • 9 total findings • Cantina • krikolkk

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jul '24

Reserve Core

31,833.04 USDC • 2 total findings • Code4rena • krikolkk

medium

The default Governor Anastasius is unable to call `resetStakes`

medium

Broken assumptions can lead to the inability to seize RSR

Jun '24

grass

230.58 USDC • 3 total findings • Cantina • krikolkk

#11

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

May '24

Kintsu

8,600 USDC • 2 total findings • Hats • krikoeth

high

KIN-H02: Malicious users can prevent other users from redeeming rewards by manipulating `total_pooled` with duplicate withdrawal requests

medium

Agents amount limitation due to ink! storage `Vec`

Aave v3.1 Competition

8,285.71 GHO • 1 total finding • Cantina • krikolkk

medium

Finding not yet public.

Apr '24

Zivoe

4.12 USDC • 2 total findings • Sherlock • krikolkk

#54

high

Malicious actors can manipulate ZVE staking rewards, extending the time to accrue the whole reward

medium

Incorrect assertion might lead to DoS of `OCL_ZVE`

Feb '24

curvance

9,490.68 USDC • 10 total findings • Cantina • krikolkk

#15

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Althea Liquid Infrastructure

7.18 USDC • 1 total finding • Code4rena • krikolkk

#34

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

AI Arena

3.15 USDC • 3 total findings • Code4rena • krikolkk

#149

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Fighter created by mintFromMergingPool can have arbitrary weight and element

Jan '24

AlephZeroAMM

48,200 USDT • Hats • krikoeth

reNFT

39.87 USDC • Code4rena • krikolkk

#48