Junior Blockchain Security Researcher
Started my career as a blockchain security researcher in Dec. 2024. Took the 1st rank in multiple competitive audits
High
Solo
Total
Medium
Solo
Total
Total Earnings
#261 All Time
Payouts
1st Places
2nd Places
Top 10
All
Sherlock
Code4rena
Cantina
CodeHawks
May '25
Findings not publicly available for private contests.
Apr '25
Mar '25
high
high
Feb '25
high
Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency
high
ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price
high
Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens
high
RAACNFT mint function receives funds to address(this) but has no way of withdrawing them
high
`BaseGauge` users can claim rewards without staking
high
Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds
high
Wrong use of the `GaugeController::typeWeights` multiplier in `GaugeController::_calculateReward` causes a reduction in gauge rewards instead
high
Multiple issues from unnecessary balance increase calculation in DebtToken.mint
high
Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service
high
RToken's transfer function lead to loss of funds due to incorrect math
high
Users can borrow more assets than they have deposited as collateral
high
Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times
high
NFTs Get Permanently Locked in Stability Pool After Liquidation
high
Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance
high
Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic
high
Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.
high
Attackers can double voting power and veToken amount by locking and increasing
high
Gauge stakers won't get any reward due to round-down in user weight calculation
high
Stability pool does not consider RToken balance increase when DEToken is withdrawn
medium
Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.
medium
Gauge reward period can be extended indefinitely
medium
veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.
medium
Incorrect utilization rate forces protocol to issue maximum rewards indefinitely
medium
Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations
medium
LendingPool deposits do not work with CurveVault due to lack of funds
medium
Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check
medium
`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount
medium
LendingPool.getUserDebt returns outdated value and can lead to liquidation failure
medium
Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator
medium
User may not be able to increase the amount of locked RAAC tokens
medium
Permanent boost inflation through delegation removal in Boostcontroller.sol
medium
Unrestricted proposal cancellation allows governance process manipulation
medium
RAACToken burns less tokens than expected when feeCollector is unset
medium
Flawed Boost Multiplier Calculation Always Yields Maximum Boost
medium
User's voting power never decays over time.
low
Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality
low
`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types
low
Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures
low
Invariant broken in `getBoostMultiplier.sol` in the BoostController contract.
Jan '25
high
The Deleverage Will apply twice on market USDtoken minting
high
Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage
high
Underflow when updating credit delegation will result protocol DoS
high
Vaults weth reward is not distributed correctly
high
Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function
high
Market-vault disconnection will bring permanent inconsistent state
high
Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected
high
Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic
high
Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz
medium
No way to set UsdTokenSwapConfig pd curve parameters
medium
Due to not updating the Debt , the protocol will apply untended premium or discount
medium
Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency
medium
rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc
medium
Unable to swap USD token to collateral for vaults in credit
medium
The logic in `getPremiumDiscountFactor` is inverted: a discount is applied when Vault is in credit and a premium is applied if Vault is in debt
medium
Vault accumulated values do not reflect market change correctly
medium
Vault's total credit capacity keeps changing when being recalculated even though there is no market activity
medium
rebalanceVaultAssets will revert with erc20 insufficient balance error
medium
Usd token can be overwithdrawn from market
low
FullFill Swap will Fail due to minAmountOut wrong calculation
low
Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout
low
Total debt used in fulfiling swap actions is wrong because we did not update the vault.
low
Protocol not fully compliant with ERC-7201
Dec '24
high
Denial of service when calculating the new weights if the rule requires previous moving averages
high
GradientBasedRules will not work for >=4 assets with vector lambdas
medium
Incorrect Handling Of Nft Self-Transfer In afterupdate Hook Allows The Owner To Grief A Buyer By Rendering The Nft Unable To Redeem Its Associated Liquidity, Resulting In A Loss Of Funds
medium
Incorrect implementation of QuantammMathGuard.sol#_clampWeights.