https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/02d9f5f1-95a3-4e6e-94ca-7f3e6c8e7b29.png

montecristo

Junior Blockchain Security Researcher

Started my career as a blockchain security researcher in Dec. 2024. Took the 1st rank in multiple competitive audits

Contact Me

High

1

Solo

41

Total

Medium

2

Solo

34

Total

$33.52K

Total Earnings

#261 All Time

15x

Payouts

gold

2x

1st Places

silver

1x

2nd Places

regular

8x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

May '25

Native Smart Contract V2

Native Smart Contract V2

3,486.83 USDC • Sherlock • montecristo

silver

Findings not publicly available for private contests.

LayerEdge - Staking

LayerEdge - Staking

237.94 USDC • 1 total finding • Sherlock • montecristo

#6

high

Incorrect tier updates when adding users

Apr '25

Staking Part 2

Staking Part 2

2,149.28 usdc • CodeHawks • glightspeed2

#8

Mar '25

Forte: Float128 Solidity Library

Forte: Float128 Solidity Library

11,397.24 USDC • 3 total findings • Code4rena • montecristo

gold

high

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

medium

Inconsistent mantissa size auto-scaling between packedFloat encoding and calculations will lead to unacceptable rounding errors

StarkWare Perps

StarkWare Perps

3,013.19 USDC • Code4rena • montecristo

#8

badger-ebtc-bsm

badger-ebtc-bsm

29.7 USDC • 2 total findings • Cantina • montecristo

#23

high

Finding not yet public.

high

Finding not yet public.

Feb '25

Yieldoor

Yieldoor

357.18 USDC • 4 total findings • Sherlock • montecristo

#5

high

Users can create 40x leverage position

high

Liquidation fee will not be claimed due to incorrect decimal handling

high

Cannot set liquidation fee recipient

medium

Rebalancing and compounding will fail on pools with negative tick

THORWallet

THORWallet

0 USDC • 1 total finding • Code4rena • montecristo

#10

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Core Contracts

Core Contracts

1,099.72 usdc • 39 total findings • CodeHawks • glightspeed2

#17

high

Faulty Gauge Weight Update Formula: Voting Power Delta Not Considered Leading to Arithmetic Underflow and Vote Weight Inconsistency

high

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

high

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

`BaseGauge` users can claim rewards without staking

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Wrong use of the `GaugeController::typeWeights` multiplier in `GaugeController::_calculateReward` causes a reduction in gauge rewards instead

high

Multiple issues from unnecessary balance increase calculation in DebtToken.mint

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Double Usage Index Scaling in StabilityPool Liquidation Inflates Required CRVUSD Balance

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

high

Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.

high

Attackers can double voting power and veToken amount by locking and increasing

high

Gauge stakers won't get any reward due to round-down in user weight calculation

high

Stability pool does not consider RToken balance increase when DEToken is withdrawn

medium

Timelock Controller Retains Canceled Proposals, Enabling Unauthorized Execution and severe Governance Voting manipulation.

medium

Gauge reward period can be extended indefinitely

medium

veRaac Token Constraint MAX_TOTAL_SUPPLY Can Be Bypassed. Vulnerability Disrupts Protocol Functionality and Undermines Governance Quorum.

medium

Incorrect utilization rate forces protocol to issue maximum rewards indefinitely

medium

Incorrect DebtToken totalSupply Scaling Breaks Interest Rate Calculations

medium

LendingPool deposits do not work with CurveVault due to lack of funds

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

User may not be able to increase the amount of locked RAAC tokens

medium

Permanent boost inflation through delegation removal in Boostcontroller.sol

medium

Unrestricted proposal cancellation allows governance process manipulation

medium

RAACToken burns less tokens than expected when feeCollector is unset

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

medium

User's voting power never decays over time.

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

Insufficient ETH Forwarding in Governance Execution Mechanism Causes Proposal Failures

low

Invariant broken in `getBoostMultiplier.sol` in the BoostController contract.

Jan '25

Part 2

Part 2

10,845.19 usdc • 23 total findings • CodeHawks • glightspeed2

gold

high

The Deleverage Will apply twice on market USDtoken minting

high

Incorrect Credit Capacity Validation in `VaultRouterBranch.redeem` Enables Locked Collateral Drainage

high

Underflow when updating credit delegation will result protocol DoS

high

Vaults weth reward is not distributed correctly

high

Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function

high

Market-vault disconnection will bring permanent inconsistent state

high

Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected

high

Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic

high

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

medium

No way to set UsdTokenSwapConfig pd curve parameters

medium

Due to not updating the Debt , the protocol will apply untended premium or discount

medium

Incorrect weight assignment in Vault::updateVaultAndCreditDelegationWeight leads to overleveraging vault positions and insolvency

medium

rebalanceVaultsAssets incorrectly accounts vaults' depositedUsdc

medium

Unable to swap USD token to collateral for vaults in credit

medium

The logic in `getPremiumDiscountFactor` is inverted: a discount is applied when Vault is in credit and a premium is applied if Vault is in debt

medium

Vault accumulated values do not reflect market change correctly

medium

Vault's total credit capacity keeps changing when being recalculated even though there is no market activity

medium

rebalanceVaultAssets will revert with erc20 insufficient balance error

medium

Usd token can be overwithdrawn from market

low

FullFill Swap will Fail due to minAmountOut wrong calculation

low

Lack of an update of the pool state will cause Initiate Swap to return an incorrect Amountout

low

Total debt used in fulfiling swap actions is wrong because we did not update the vault.

low

Protocol not fully compliant with ERC-7201

Aave v3.3

Aave v3.3

69.26 USDC • Sherlock • montecristo

#87

Dec '24

QuantAMM

QuantAMM

747.49 op • 4 total findings • CodeHawks • glightspeed2

#17

high

Denial of service when calculating the new weights if the rule requires previous moving averages

high

GradientBasedRules will not work for >=4 assets with vector lambdas

medium

Incorrect Handling Of Nft Self-Transfer In afterupdate Hook Allows The Owner To Grief A Buyer By Rendering The Nft Unable To Redeem Its Associated Liquidity, Resulting In A Loss Of Funds

medium

Incorrect implementation of QuantammMathGuard.sol#_clampWeights.

SecondSwap

SecondSwap

60.42 USDC • 3 total findings • Code4rena • montecristo

#38

medium

Listing potential can not be purchased with discounted price

medium

Rounding error in stepDuration calculations.

medium

Underflow in `claimable` DOSing `claim` Function

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

31.83 OP • 2 total findings • Sherlock • montecristo

#36

high

Malicious user will steal USDT from treasury

high

Approved ABONDToken spender will steal yields from treasury

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • montecristo

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()