https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/a873125e-8c94-49fc-8bfa-fd6aa10d15ed.png

m4ze

Web3 Security Researcher

Auditing the chain. Striking the flaws

Contact Me

High

8

Total

Medium

7

Total

$4.98K

Total Earnings

#803 All Time

12x

Payouts

regular

3x

Top 10

regular

6x

Top 25

regular

7x

Top 50

All

Code4rena

Cantina

CodeHawks

May '25

Audit 507

Audit 507

323.07 USDC • Code4rena • maze

#12

alchemix-v3

alchemix-v3

47.7 USDC • 2 total findings • Cantina • maze

#75

high

Finding not yet public.

medium

Finding not yet public.

Apr '25

Cabal Liquid Staking Token

Cabal Liquid Staking Token

249.98 USDC • 1 total finding • Code4rena • maze

#8

medium

Desynchronization of Cabal's internal accounting with actual staked INIT amounts leads to over-minting of sxINIT tokens

mighty-contracts

mighty-contracts

0.07 USDC • 1 total finding • Cantina • maze

#115

high

Finding not yet public.

Kinetiq

Kinetiq

9.35 USDC • 1 total finding • Code4rena • maze

#33

medium

Inconsistent State Restoration in `cancelWithdrawal` Function

Staking Part 2

Staking Part 2

4,103.92 usdc • CodeHawks • maze

#7

Mar '25

Forte: Float128 Solidity Library

Forte: Float128 Solidity Library

49.2 USDC • 2 total findings • Code4rena • maze

#23

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

high

Sqrt function silently reverts the entire control flow when a packed float of 0 value is passed

Feb '25

Virtuals Protocol

Virtuals Protocol

35.33 USDC • 1 total finding • Code4rena • maze

#56

medium

Slippage protection in `AgentTax::dcaSell` and `BondingTax::swapForAsset` is calculated at execution time, effectively retrieving the very same price that the trade will be executing at, ultimately providing no protection

Liquidity Management

Liquidity Management

0.66 usdc • 1 total finding • CodeHawks • maze

#55

low

Incorrect Token Price Validation in KeeperProxy

Core Contracts

Core Contracts

41.64 usdc • 9 total findings • CodeHawks • maze

#201

high

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

high

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

high

Ineffective Time-Weighted Average Implementation in Fee Distribution

high

Hardcoded Exchange Rate Leading to Incorrect Deposits and Redemptions

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

There is no logic checking for RAACNFT price staleness before minting it

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

low

Incorrect Timestamp Tracking in RAACHousePrice contract

low

Inconsistent Voting Power Usage

Jan '25

Aave DIVA Wrapper

Aave DIVA Wrapper

0.04 usdc • 1 total finding • CodeHawks • maze

#9

low

Incorrect sequence of AaveDIVAWrapper constructor parameters

Ignite

Ignite

121.92 usdc • CodeHawks • maze

#18