https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/2bc69a91-e650-42d2-a30d-ec84bacdf7c5.jpg

matejdb

Solidity engineer/Sec Researcher

Love building dApps. Expertise: Solidity, EVM Trying to get better at: Solana, Rust, Poker :) Contact for collab!

Contact Me

High

20

Total

Medium

11

Total

$4.30K

Total Earnings

#793 All Time

12x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

3x

Top 10

All

Sherlock

Code4rena

CodeHawks

Nov '24

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • matejdb

gold

high

Attacker can claim tokens meant for user

Oct '24

Dria

Dria

46.85 USDC • 3 total findings • CodeHawks • matejdb

#30

high

Subtraction in `variance()` will revert due to underflow

high

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

medium

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

Aug '24

Winnables Raffles

Winnables Raffles

6.39 USDC • 3 total findings • Sherlock • matejdb

#29

high

_lockedETH is not decreased on refunding players in WinnablesTicketManager contract

high

Anyone can call propagateRaffleWinner on WinnablesTicketManager with arbitrary function arguments

medium

Roles contract does not implement role invoking

Tadle

Tadle

86.05 USDC • 7 total findings • CodeHawks • matejdb

#50

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode

high

Token withdrawal fails until someone manually approves spending

medium

Unnecessary balance checks and precision issues in TokenManager::_transfer

medium

`WrappedNativeToken` Can Only Work in `NativeToken` Mode

low

[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.

low

`listOffer` Unsafely References Fungible Identifiers

Jul '24

ArkProject: NFT Bridge

ArkProject: NFT Bridge

3.89 USDC • 1 total finding • CodeHawks • matejdb

#46

medium

Starknet tokens deposited with use_withdraw_auto can never be withdrawn

Munchables

Munchables

359.9 USDC • 1 total finding • Code4rena • matejdb

#17

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

TempleGold

TempleGold

28.85 USDC • 2 total findings • CodeHawks • matejdb

#33

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

low

TempleGold tokens cannot be recovered when a `DaiGoldAuction` ends with 0 bids

Feb '24

Althea Liquid Infrastructure

Althea Liquid Infrastructure

87.74 USDC • 2 total findings • Code4rena • matejdb

#24

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

medium

`LiquidInfrastructureERC20.sol` disapproved holders keep part of the supply, diluting approved holders revenue.

AI Arena

AI Arena

2.49 USDC • 4 total findings • Code4rena • matejdb

#152

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

MorpheusAI

MorpheusAI

629.48 USDC • 2 total findings • CodeHawks • matejdb

#10

medium

Due to no access control on `DistributionV2::_authorizeUpgrade()` anyone can change the implementation contract and can destroy the main Proxy contract.

low

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

Curves

Curves

140.42 USDC • 5 total findings • Code4rena • matejdb

#34

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Attack to make ````CurveSubject```` to be a ````HoneyPot````

medium

Single token purchase restriction on curve creation enables sniping

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

Dec '23

The Standard

The Standard

2,817.95 USDC • 6 total findings • CodeHawks • matejdb

silver

high

Rewards can be drained because of lack of access control

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

high

Malicious users can honeypot other users by minting all the ``EURO`` tokens that the vault's ``collateralRate`` allows right before sale

medium

Users can not remove some amount of collateral from contract because of wrong implementation of "canRemoveCollateral()"

low

Removal of approved token from token manager can lead to unintended liquidation of vaults

low

doesn't follow the EIP standard