https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7354ced0-32c2-40e9-a1f6-d7c76959906f.jpg

kuprum

Security Researcher

I am a security and formal methods researcher with expertise in security audits, protocol and architecture analysis, testing and verification. Get in touch!

Contact Me

High

1

Solo

27

Total

Medium

2

Solo

18

Total

$144.78K

Total Earnings

#63 All Time

20x

Payouts

gold

2x

1st Places

silver

1x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

Mar '25

Lombard - IBC V2 Integration

Lombard - IBC V2 Integration

Collaborative Audit • Sherlock • kuprum

Feb '25

Interchain Labs IBC Eureka

Interchain Labs IBC Eureka

Collaborative Audit • Sherlock • kuprum

Dec '24

story-protocol

story-protocol

22,342.59 USDC • 2 total findings • Cantina • kuprum

#17

high

Finding not yet public.

medium

Finding not yet public.

Oct '24

Omni Network

Omni Network

91,100.48 USDC • 2 total findings • Cantina • kuprum

#6

high

Finding not yet public.

medium

Finding not yet public.

predict.fun lending market

predict.fun lending market

7,050.65 USDC • 1 total finding • Sherlock • kuprum

silver

medium

Using wrong format of `questionId` for `NegRiskCtfAdapter` leads to loan operations on resolved multi-outcome markets

Sep '24

Flayer

Flayer

4,459.73 USDC • 10 total findings • Sherlock • kuprum

gold

high

Frequency-dependent `TaxCalculator.sol::calculateCompoundedFactor` leads to interest loss either for users or for protocol

high

Quorum overflow in `CollectionShutdown` leads to complete drain of contract's funds

high

Stale shutdown params can be reused to drain all funds from `CollectionShutdown` contract

high

Stealing of tax refunds via relisting liquidated protected listings

high

`Listings::reserve` reduces the listing count without deleting them; can be abused to shutdown a collection

high

`Listings::_isLiquidation` flag is not cleaned up; will lead to loss of tax refund for users

high

Wrong divisor in `TaxCalculator.sol::calculateCompoundedFactor` leads to 10x interest rates

medium

`ERC1155Bridgable` is not EIP-1155 compliant

medium

`ERC721Bridgable` and `ERC1155Bridgable` are not EIP-2981 compliant, and fail to correctly collect or attribute royalties to artists

medium

`UniswapImplementation` sets fee exemption erroneously

Aug '24

Phi

Phi

1,435.04 USDC • 6 total findings • Code4rena • kuprum

bronze

high

Unrestricted Changes to Token Settings Allow Artists to Alter Critical Features

high

Signature replay in `signatureClaim` results in unauthorized claiming of rewards

high

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

high

`shareBalance` bloating eventually blocks curator rewards distribution

high

Signature replay in `createArt` allows to impersonate artist and steal royalties

medium

Contract `PhiNFT1155` can't be paused

Winnables Raffles

Winnables Raffles

646.40 USDC • 2 total findings • Sherlock • kuprum

#4

medium

Won prizes may get permanently locked due to out-of-gas reverts

medium

A raffle may be guaranteed won, or canceled despite reaching maxTicketSupply, thus depriving users from winning it

Jul '24

Optimism Superchain

Optimism Superchain

5,823.55 OP • 2 total findings • Code4rena • kuprum

#8

high

An attacker can bypass the challenge period during LPP finalization

high

LPP metadata can be altered after the challenge period is over, allowing incorrect states to be proven

MakerDAO Endgame

MakerDAO Endgame

1,152.37 USDC • Sherlock • CodeWasp

#53

Apr '24

Renzo

Renzo

18.2 USDC • 1 total finding • Code4rena • CodeWasp

#41

medium

Pending withdrawals prevent safe removal of collateral assets

Teller Finance

Teller Finance

456.64 USDC • 1 total finding • Sherlock • CodeWasp

#12

medium

The cycle payment due may span over approx. 2 cycles and block the borrower from paying

TITLES Publishing Protocol

TITLES Publishing Protocol

328.10 USDC • 4 total findings • Sherlock • CodeWasp

#14

high

`Edition.mintBatch(address[], ...)` has disproportionally low mint fee

medium

`Edition.transferWork` does not update fee routes

medium

`Edition` not EIP-1155 compliant

medium

TitlesGraph does not save acknowledgement

DYAD

DYAD

4.1 USDC • 2 total findings • Code4rena • CodeWasp

#106

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

Panoptic

Panoptic

32.96 USDC • Code4rena • CodeWasp

#18

Mar '24

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • kuprum

bronze

high

`_cancelAllBids` allows to cancel the highest bid; can be exploited to steal all contract funds

PoolTogether

PoolTogether

577.45 USDC • 1 total finding • Code4rena • CodeWasp

#10

medium

Funds locked due to missing transfer check

Feb '24

UniStaker Infrastructure

UniStaker Infrastructure

7,783.56 USDC • Code4rena • CodeWasp

gold
Althea Liquid Infrastructure

Althea Liquid Infrastructure

7.18 USDC • 1 total finding • Code4rena • CodeWasp

#34

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

AI Arena

AI Arena

242.1 USDC • 5 total findings • Code4rena • CodeWasp

#23

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Burner role can not be revoked

Jan '24

Curves

Curves

0.19 USDC • 3 total findings • Code4rena • kuprum

#134

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

onBalanceChange causes previously unclaimed rewards to be cleared

Nov '23

ZetaChain

ZetaChain

1,313.25 USDC • 1 total finding • Code4rena • kuprum

#13

high

Tombstoned observer can maliciously add a duplicate observer address resulting in forfeiting voting rewards of targeted observers