https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/c06290f1-ddf2-411d-9fda-52ca58dbb227.jpg

mahdiRostami

Security Researcher

Smart contract security researcher. Machine learning engineer and Data Scientist.

Contact Me

High

12

Solo

22

Total

Medium

17

Solo

24

Total

$138.77K

Total Earnings

#68 All Time

28x

Payouts

gold

7x

1st Places

silver

4x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Hats Finance

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

28.71 USDC • 1 total finding • Sherlock • mahdiRostami

#43

medium

Denial of Service in `GatewayCrossChain::onCall` Due to Incorrect Handling of `getPathForTokens`

Apr '25

ZetaChain Cross-Chain

ZetaChain Cross-Chain

762.20 USDC • 1 total finding • Sherlock • mahdiRostami

#14

high

SPL token depositor could deposit a fake token instead of whitelisted token and emit whitelisted token deposit

Sep '24

SeeR-PM

SeeR-PM

10,500 USDC • 1 total finding • Hats • mahdirostami

gold

medium

Denial of Service (DoS) and Gas Grief Attack in Token Redemption Process

Circles

Circles

5,600 USDC • 7 total findings • Hats • mahdirostami

gold

medium

Inefficient Token Transfer Handling for Middle Vertices Groups in `_effectPathTransfers` Function

low

Unnecessary Hourly Check in `_calculateIssuance` Function Prevents Users from Receiving Rewards

low

wrong value for WELCOME_BONUS

low

lack of check in `ensureERC20` compare to `wrap` Function

low

Incorrect Calculation of Remaining Hours in Day B in `_calculateIssuance` Function

low

Zero-Amount Vulnerability in `migrate` Function Allows Unauthorized Migration

low

wrong mint emission in treasury contract

Aug '24

Proof Of Humanity V2

Proof Of Humanity V2

10,000 USDC • 1 total finding • Hats • mahdirostami

bronze

high

Possibility of Holding Humanity ID in Both Chains After Renewal and Transfer

Jul '24

dappslap

dappslap

3,000 USDC • Hats • mahdirostami

silver
Metrom backend

Metrom backend

5,000 USDC • Hats • mahdirostami

#4

Fenix

Fenix

1,600 USDC • Hats • mahdirostami

#4

Jun '24

Palmera

Palmera

16,200 USDC • 13 total findings • Hats • mahdirostami

gold

high

Unbonded `orgHash` Could Result in Denial of Service (DOS)

high

Incomplete Deletion of Organization State Leads to Residual Effects on New Users

high

Insufficient Access Control in execTransactionOnBehalf Due to Broad Lead Role Check

high

Ineffective Revocation of Multiple Roles in `disableSafeLeadRoles` Function

high

`isSafeLead` Function Lacks Role Authorization Check, Leading to Unauthorized Access

high

`setRole` Function Incorrectly Assigns `_safe.lead` without Validating `enabled` Parameter

high

Potential Protocol insolvency in `removeWholeTree` and `disconnectSafe`

high

Unauthorized Role Modification Vulnerability in setRole Function

high

Unauthorized Access Control Due to Retained Root Role When Root Safe Exits and Joins New Org

medium

`registerOrg` Function Vulnerable to DoS and Gas Griefing Attacks

medium

`addSafe` Function Lacks Validation for `superSafeId` State

medium

Missing Validation in addSafe Function for Enabled Guard and Module

medium

Missing `disableSafeLeadRoles` Call for Root in `removeWholeTree` Function**

Inverter Network

Inverter Network

12,000 UMA • Hats • mahdirostami

silver

May '24

Liquity

Liquity

1,200 LUSD • Hats • mahdirostami

bronze
Metrom

Metrom

3,700 DAI • 3 total findings • Hats • mahdirostami

gold

medium

Gas griefing vulnerability in `createCampaigns` function

medium

Incompatibility With Rebasing/Deflationary/Inflationary tokens

low

The emit in the `acceptCampaignOwnership` function omit key information.

Kintsu

Kintsu

23,400 USDC • 8 total findings • Hats • mahdirostami

gold

medium

Inconsistency in Fee Calculation in `update_fees` Function

medium

Inconsistency in Nomination Pool Joining Logic

medium

Potential DOS in `delegate_compound` Function

medium

Minimum Stake Not Checked for Each Nomination Agent

medium

Nomination Agents Linked to Pools in Destroying or Blocked State Cause Revert in Compound and Stake Functions

medium

Dos in send_batch_unlock_requests function due to invalid range for agent's boned AZERO

low

Insufficient Check in `remove_agent` Function

low

Wrong Value in Compound Emit Event

Mar '24

Most: Aleph Zero Bridge

Most: Aleph Zero Bridge

5,000 USDT • 2 total findings • Hats • mahdirostami

gold

high

decrease in pocket_money_balance even if the transfer failed

medium

Inconsistency in Handling WETH in `eth::most::receiveRequest`

Jan '24

AlephZeroAMM

AlephZeroAMM

30,800 USDT • Hats • mahdirostami

silver
Curves

Curves

5.5 USDC • 6 total findings • Code4rena • mahdirostami

#95

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Dec '23

Revolution Protocol

Revolution Protocol

39.71 USDC • 3 total findings • Code4rena • mahdirostami

#60

medium

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

medium

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

medium

Bidder can use donations to get VerbsToken from auction that already ended.

Nov '23

Possum Labs (Portals)

Possum Labs (Portals)

6,000 USDC • 7 total findings • Hats • mahdirostami

gold

high

Portal Ignores Principal Token and PSM Price Ratio

medium

Prevent Victim User From gaining portalEnergyEarned

medium

Lack of Function for Receiving ETH

low

Incorrect Calculation in getUpdateAccount View Function

low

Inadequate Consideration of Decimal Variations in Principal Tokens

low

Incorrect Calculation of availableToWithdraw in Unstake Function

low

Incorrect Calculation of maxStakeDebt in Unstake Function

Kelp DAO | rsETH

Kelp DAO | rsETH

40.69 USDC • 2 total findings • Code4rena • mahdirostami

#44

high

The price of rsEHT could be manipulated by the first staker

high

Protocol mints less rsETH on deposit than intended

Oct '23

zkSync Era

zkSync Era

328.16 USDC • Code4rena • mahdirostami

#34

Sep '23

Venus Prime

Venus Prime

129.33 USDC • 1 total finding • Code4rena • mahdirostami

#26

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

Convergence Finance

Convergence Finance

2,600 DAI • Hats • mahdirostami

silver

Aug '23

StakeWise

StakeWise

600.2 USDC • Hats • mahdirostami

#4

Jul '23

PoolTogether

PoolTogether

2.25 USDC • 1 total finding • Code4rena • mahdirostami

#67

high

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

Basin

Basin

25.41 USDC • Code4rena • mahdirostami

#25

Jun '23

RealWagmi

RealWagmi

136.66 USDC • 1 total finding • Sherlock • mahdiRostami

#16

high

Price slippage in “rebalanceAll” function

Llama

Llama

48.22 USDC • Code4rena • mahdirostami

#23

Mar '23

Asymmetry contest

Asymmetry contest

25.67 USDC • 1 total finding • Code4rena • mahdirostami

#95

high

An attacker can manipulate the preDepositvePrice to steal from other users.