https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

maigadoh

Security Researcher

DAO Contributor | 💼 Investment Strategist | 🌐 Web3 Dev | Prompt Engineer | #Crypto #DAO #Web3

Contact Me

High

6

Total

Medium

15

Total

$5.21K

Total Earnings

#822 All Time

8x

Payouts

gold

1x

1st Places

regular

5x

Top 10

regular

5x

Top 25

All

Sherlock

Sep '25

BMX Deli Swap

BMX Deli Swap

771.50 USDC • 3 total findings • Sherlock • maigadoh

#4

high

Unbounded pendingRemovals sweep in finalize triggers per-epoch settlement DoS (gas exhaustion)

high

Pool-vs-token lastUpdated mismatch over-credits rewards

medium

Zero-Liquidity Burns Incentive Budget

Ammplify

Ammplify

1,455.07 USDC • 8 total findings • Sherlock • maigadoh

#5

high

Inclusive high index to OOB right key; wrong-range settlement & fee mis-accounting

high

chargeTrueFeeRate width-scaling mismatch undercharges takers & underpays makers

high

Missing subtreeBorrowedX/Y Propagation Undercharges Taker Fees and Underpays Makers

medium

Unintended JIT principal penalty via burnAsset mis-sequencing

medium

`ViewWalker.down` misassigns X-fee propagation for the right child

medium

MakerFacet.adjustMaker pays removed liquidity to msg.sender instead of the provided recipient

medium

PoolFacet Mint Callback Zero-Transfer Revert DoS

medium

Shift-Overflow in getEquivalentLiq Inflates LP Shares

Aug '25

USG - Tangent

USG - Tangent

8.78 USDC • 2 total findings • Sherlock • maigadoh

#60

high

Unauthorized Migration via Caller-Supplied ControlTower Parameter

medium

VsTAN.processRewards allows starting a new reward epoch while totalSupplyVsTan == 0

Neutrl Protocol

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • maigadoh

gold

medium

FULL-restricted addresses can bypass staking restrictions via `sNUSD.mint()` and `sNUSD.deposit()`

Yield Basis

Yield Basis

114.27 USDC • 2 total findings • Sherlock • maigadoh

#9

medium

Missing claimed update in claim() enables unlimited re-claims (full drain)

medium

Factory.set_gauge_controller asserts on the input parameter being zero instead of the contract state being unset

Jul '25

Malda

Malda

21.88 USDC • 1 total finding • Sherlock • maigadoh

#43

medium

EverclearBridge fails to pull tokens, locking funds in Rebalancer

Mellow Flexible Vaults

Mellow Flexible Vaults

4.49 USDC • 2 total findings • Sherlock • maigadoh

#39

medium

logic in the ShareManager.updateChecks() function completely inverts the transfer whitelist enforcement

medium

DepositQueue Index Misuse Enables Vault-Wide DoS via Negative Fenwick Prefix

Jun '25

Symbiotic Relay

Symbiotic Relay

1,895.05 USDC • 2 total findings • Sherlock • maigadoh

#9

medium

Unrestricted Operator Registration Leading to Gas-Based Denial of Service in VotingPowerProviderLogic.registerOperator()

medium

Whitelist Bypass in OperatorsWhitelist.sol Enables Unvetted Operators to Gain Voting Power