https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/018f3c52-4070-469b-9738-9f5bdc776612.jpeg

merlinboii

Security Researcher

blockchain security researcher & developer

Contact Me

High

33

Total

Medium

20

Total

$13.28K

Total Earnings

#460 All Time

17x

Payouts

gold

3x

1st Places

bronze

3x

3rd Places

regular

9x

Top 10

All

Sherlock

Code4rena

CodeHawks

Immunefi

Mar '25

Audit Comp | Yeet

Audit Comp | Yeet

7,691 USDC • 6 total findings • Immunefi • merlinboii

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • merlinboii

bronze

medium

Incorrect allocation tracking as inconsistent token calculation in `Launch.updateParticipation()`

Nov '24

Superfluid Locker System

Superfluid Locker System

570.28 USDC • 1 total finding • Sherlock • merlinboii

bronze

high

`FluidLocker::_getUnlockingPercentage()` cause incorrect unlock rate calculations for vesting unlock

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • merlinboii

gold

high

Attacker will steal claiming funds from legitimate KYC users

Sep '24

Flayer

Flayer

533.43 USDC • 10 total findings • Sherlock • merlinboii

#28

high

Unable to reclaim votes after collection shutdown cancellation

high

Failure to account for delayed withdrawals in listing checks leads to incorrect listing validation and asset loss

high

Incorrect index handling in checkpoint creation leads to incorrect initial checkpoint retrieval and potential DoS

high

Incorrect tax accounting due to failure in handling liquidation listings in `Listings::relist()`

high

Incorrect use of `1000` for converting basis points to decimals in `compoundedFactor_` calculation

high

Liquidity provider loses Liquidity during collection initialization

high

The attacker will prevent eligible users from claiming the liquidated balance

high

Failure to delete the listing when it is reserved

medium

Inability to shutdown/sunset a newly registered collection after previous shutdown

medium

Refund logic in `Locker::initializeCollection()` incorrectly handles the return of unused tokens.

Aug '24

Midas - Instant Minter/Redeemer

Midas - Instant Minter/Redeemer

607.37 USDC • 1 total finding • Sherlock • merlinboii

#8

medium

Protocol will fail to enforce proper token redemption limits, leading to potential over-redemptions by users.

Jul '24

Munchables

Munchables

1,703.63 USDC • 10 total findings • Code4rena • merlinboii

gold

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Biconomy: Nexus

Biconomy: Nexus

42.22 USDC • 1 total finding • CodeHawks • merlinboii

#17

low

Create account from `RegistryFactory` contract reverts due to unsorted external `attesters[]`

TempleGold

TempleGold

7.79 USDC • 1 total finding • CodeHawks • merlinboii

#39

low

TempleGold tokens cannot be recovered when a `DaiGoldAuction` ends with 0 bids

May '24

Munchables

Munchables

173.86 USDC • 10 total findings • Code4rena • merlinboii

#8

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Apr '24

TITLES Publishing Protocol

TITLES Publishing Protocol

3.79 USDC • 2 total findings • Sherlock • merlinboii

#51

high

Incorrect Fee Distribution: `collectionReferrerShare` Routed to Mint Referrer Instead of Collection Referrer

medium

Excess Funds Not Returned to Sender as Intended in Minting Process

Feb '24

Jala Swap

Jala Swap

799.98 USDC • 1 total finding • Sherlock • merlinboii

bronze

medium

Potential swapping more than the given exact input amount

UniStaker Infrastructure

UniStaker Infrastructure

694.3 USDC • Code4rena • merlinboii

#5

AI Arena

AI Arena

294.06 USDC • 8 total findings • Code4rena • merlinboii

#16

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Minter / Staker / Spender roles can never be revoked`..,

medium

Burner role can not be revoked

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Curves

Curves

53.97 USDC • 3 total findings • Code4rena • merlinboii

#60

high

Unauthorized Access to setCurves Function

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

medium

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

4.08 USDC • Code4rena • merlinboii

#30

Kelp DAO | rsETH

Kelp DAO | rsETH

2.76 USDC • Code4rena • merlinboii

#54