Security Researcher
Security Researcher for EVM based blockchains. Also have expertise in developing and deploying dApps (both front end and contract side). DM for references
High
Total
Medium
Total
Total Earnings
#102 All Time
Payouts
1st Places
2nd Places
3rd Places
All
Sherlock
Code4rena
Nov '23
Oct '23
Sep '23
high
All tokens can be stolen from `VirtualAccount` due to missing access modifier
medium
Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication
medium
Incorrect flag results to _hasFallbackToggled always set to false on createMultipleSettlement.
medium
If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent
Aug '23
Jul '23
high
Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero
high
Incorrect liquidation reward computation causes excess liquidator rewards to be given
medium
BigBang liquidation share is not distributed 100%
medium
Convex `BaseRewardPool` allows Claim on Behalf which causes delta to break - Loss of all Rewards
medium
ConvexTricryptoStrategy does not count CVX reward into compoundAmount and thus _currentBalance leading to an under-estimate of TVL
medium
`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral
Jun '23
Findings not publicly available for private contests.
Apr '23
Mar '23
high
Deposit fees can by bypassed
high
Delisting a processed rollover item causes skip of unprocessed one
high
Entitled shares not handled during rollover
high
Faulty index update of ownerToRollOverQueueIndex could break rollover
medium
Dead queue items not removed from rolloverQueue can disincentivize relayers
medium
Funds from premium vault can get stuck after sending to collateral vault
medium
Inconsistent use of epochBegin could lock user funds
medium
Outdated staleness check of price feed
Feb '23
Jan '23
Dec '22
Nov '22
Oct '22
Sep '22
Aug '22
Jul '22