https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/ca957d9b-fae9-483e-ac11-6c395ed06561.jpg

monrel

Security Researcher

Hunting bugs

Contact Me

High

12

Total

Medium

1

Solo

15

Total

$54.94K

Total Earnings

#174 All Time

9x

Payouts

gold

1x

1st Places

bronze

1x

3rd Places

regular

5x

Top 10

All

Sherlock

Code4rena

Jul '24

LoopFi

LoopFi

804.13 USDC • 2 total findings • Code4rena • monrel

#21

high

Debt position interest is compounded while pool interest is simple causing inconsistency b/w `expectedLiquidity_` and `availableLiquidity_`

medium

`PoolV3#repayCreditAccount()` use incorrect share converting function to calculate profit and loss

Mar '24

Taiko

Taiko

39,108.58 USDC • 6 total findings • Code4rena • monrel

gold

high

Taiko L1 - Proposer can maliciously cause loss of funds by forcing someone else to pay prover's fee

high

Validity and contests bond ca be incorrectly burned for the correct and ultimately verified transition

high

Gas issuance is inflated and will halt the chain or lead to incorrect base fee

medium

First block proposer check in the `LibProposing._isProposerPermitted` function is errorneous

medium

Bridge watcher can forge arbitrary message and drain bridge

medium

A recalled ERC20 bridge transfer can lock tokens in the bridge

Feb '24

Rio Network

Rio Network

3,535.89 USDC • 5 total findings • Sherlock • monrel

#6

high

Epoch is not incremented when withdrawing from EigenLayer

medium

Users can circumvent slashing penalties by front-running EigenLayer updates

medium

Slashing penalty is unfairly paid by a subset of users if a deficit is accumulated.

medium

Incorrect calculation of available shares lead to locked funds

medium

ETH withdrawers do not earn yield while waiting for a withdrawal

Jan '24

Decent

Decent

726.15 USDC • 1 total finding • Code4rena • monrel

#13

medium

Permanent loss of tokens if swap data gets outdated

Nov '23

Panoptic

Panoptic

5,503.88 USDC • 1 total finding • Code4rena • monrel

bronze

high

Attacker can steal all fees from SFPM in pools with ERC777 tokens.

Apr '23

JOJO Exchange

JOJO Exchange

2,856.41 USDC • 2 total findings • Sherlock • monrel

#4

medium

Blacklisted user can front-run liquidation and block liquidation of unsafe position

medium

Liquidator can steal collateral by buying NFTs from a liquidated user

Teller

Teller

310.52 USDC • 3 total findings • Sherlock • monrel

#20

medium

Unauthorized users can accept loans due to faulty update of commitmentBorrowerList

medium

Market owner can change fees to 100% and collect the majority of the principal

medium

Transfer-on-fee/deflationary tokens can lock collateral and cause a borrower to default.

Mar '23

Asymmetry contest

Asymmetry contest

22.21 USDC • 2 total findings • Code4rena • monrel

#100

high

An attacker can manipulate the preDepositvePrice to steal from other users.

high

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

Feb '23

Carapace

Carapace

2,072.49 USDC • 5 total findings • Sherlock • monrel

#10

high

Protection buyers can exploit renewal functionality to enable and disable protection and as a result pay much less premium

high

Protection buyers can receive protection during their final payment period without paying for it

high

Anybody can front-run accruePremium..() and receive rewards as if they had provided protection since last accrual

high

withdrawlRequests and totalSTokenRequested are not updated when sTokens are transferred

medium

Buyers of protection can be protected in the first 90 days without paying a premium