https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/4c1e890a-9d06-4e93-8a82-69444567676b.jpg

mahmud

Security Researcher

Blockchain security researcher

Contact Me

High

2

Total

Medium

6

Total

$2.32K

Total Earnings

#963 All Time

7x

Payouts

silver

1x

2nd Places

regular

2x

Top 10

regular

3x

Top 25

All

Sherlock

Code4rena

Cantina

Feb '24Apr '24May '24Aug '242 findings2 findings3 findings1 finding

Jan '25

Aave v3.3

Aave v3.3

672.54 USDC • Sherlock • mahmud

#34

Aug '24

Winnables Raffles

Winnables Raffles

0.76 USDC • 1 total finding • Sherlock • mahmud

#38

medium

Inability to Revoke Roles Leading to Permanent Privilege Escalation Risk

May '24

Munchables

Munchables

0.02 USDC • 2 total findings • Code4rena • Mahmud

#15

high

Invalid validation allows users to unlock early

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

safe-extensions

safe-extensions

87.5 USDC • 1 total finding • Cantina • Mahmud

#32

medium

Finding not yet public.

Apr '24

DYAD

DYAD

7.54 USDC • 2 total findings • Code4rena • Mahmud

#99

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Incorrect deployment / missing contract will break functionality

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

495.33 USDC • Sherlock • mahmud

#6

Feb '24

Jala Swap

Jala Swap

1,055.07 USDC • 2 total findings • Sherlock • mahmud

silver

medium

DOS in JalaPair contract in critical functions like mint, burn and swap due to overflow.

medium

Less Amount of Wrapped token is sent to the `JalaRouter02` than should be when calling `swapExactTokensForETH` in the `JalaMasterRouter`.