Junior Blockchain Security Researcher
Started my career as a blockchain security researcher in Dec. 2024. Took the 1st rank in multiple competitive audits
High
Solo
Total
Medium
Solo
Total
Total Earnings
#322 All Time
Payouts
1st Places
Top 10
Top 25
All
Sherlock
Code4rena
Cantina
CodeHawks
Mar '25
high
high
Feb '25
Jan '25
high
The Deleverage Will apply twice on market USDtoken minting
high
Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage
high
Underflow when updating credit delegation will result protocol DoS
high
Vaults weth reward is not distributed correctly
high
Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function
high
Market-vault disconnection will bring permanent inconsistent state
high
Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected
high
Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic
high
Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz
medium
No way to set UsdTokenSwapConfig pd curve parameters
medium
Due to not updating the Debt , the protocol will apply untended premium or discount
medium
Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency
medium
rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc
medium
Unable to swap USD token to collateral for vaults in credit
medium
The logic in `getPremiumDiscountFactor` is inverted: a discount is applied when Vault is in credit and a premium is applied if Vault is in debt
medium
Vault accumulated values do not reflect market change correctly
medium
Vault's total credit capacity keeps changing when being recalculated even though there is no market activity
medium
rebalanceVaultAssets will revert with erc20 insufficient balance error
medium
Usd token can be overwithdrawn from market
low
FullFill Swap will Fail due to minAmountOut wrong calculation
low
Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout
low
Total debt used in fulfiling swap actions is wrong because we did not update the vault.
low
Protocol not fully compliant with ERC-7201
Dec '24
high
Denial of service when calculating the new weights if the rule requires previous moving averages
high
GradientBasedRules will not work for >=4 assets with vector lambdas
medium
Incorrect Handling Of Nft Self-Transfer In afterupdate Hook Allows The Owner To Grief A Buyer By Rendering The Nft Unable To Redeem Its Associated Liquidity, Resulting In A Loss Of Funds
medium
Incorrect implementation of QuantammMathGuard.sol#_clampWeights.