Solidity engineer/Sec Researcher
Love building dApps. Expertise: Solidity, EVM Trying to get better at: Solana, Rust, Poker :) Contact for collab!
High
Total
Medium
Total
Total Earnings
#780 All Time
Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Code4rena
CodeHawks
Nov '24
Oct '24
high
Subtraction in `variance()` will revert due to underflow
high
Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.
medium
Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers
Aug '24
high
Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort
high
Malicious user can drain protocol by bypassing `ASK` offer abortion validation in `Turbo` mode
high
Token withdrawal fails until someone manually approves spending
medium
Unnecessary balance checks and precision issues in TokenManager::_transfer
medium
`WrappedNativeToken` Can Only Work in `NativeToken` Mode
low
[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.
low
`listOffer` Unsafely References Fungible Identifiers
Jul '24
Feb '24
high
A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters
high
Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType
high
Players have complete freedom to customize the fighter NFT when calling `redeemMintPass` and can redeem fighters of types Dendroid and with rare attributes
high
Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`
Jan '24
high
Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale
high
Attack to make ````CurveSubject```` to be a ````HoneyPot````
medium
Single token purchase restriction on curve creation enables sniping
medium
onBalanceChange causes previously unclaimed rewards to be cleared
medium
Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject
Dec '23
high
Rewards can be drained because of lack of access control
high
Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds
high
Malicious users can honeypot other users by minting all the ``EURO`` tokens that the vault's ``collateralRate`` allows right before sale
medium
Users can not remove some amount of collateral from contract because of wrong implementation of "canRemoveCollateral()"
low
Removal of approved token from token manager can lead to unintended liquidation of vaults
low
doesn't follow the EIP standard