https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/aeffc58b-3f8c-41d6-9cc2-66cf65f40c76.jpg

mstpr-brainbot

Security Researcher

lovely tapir

Contact Me

High

14

Solo

60

Total

Medium

15

Solo

52

Total

$236.56K

Total Earnings

#37 All Time

27x

Payouts

gold

7x

1st Places

silver

3x

2nd Places

bronze

4x

3rd Places

All

Sherlock

Feb '25

Yieldoor

Yieldoor

25.21 USDC • 2 total findings • Sherlock • mstpr-brainbot

#22

high

Impossible to open positions more than 2x leverage

medium

Secondary position ticks will not work as intended when ticks are negative

Jan '25

Aave v3.3

Aave v3.3

16,365.51 USDC • Sherlock • mstpr-brainbot

silver

Sep '24

MorphL2

MorphL2

34,978.41 USDC • 4 total findings • Sherlock • mstpr-brainbot

bronze

high

If the L1 message is skipped then the tokens will be lost for users bridging via L1ReverseCustomGateway

medium

Challenger will lose the challenge deposit when the batch is reverted and contract is paused

medium

Griefer can permanently DoS the L2 message queue

medium

Sequencers can lose their commission fees if they are removed

Jul '24

MakerDAO Endgame

MakerDAO Endgame

25,835.79 USDC • Sherlock • mstpr-brainbot

#4

May '24

Elfi

Elfi

36,091.40 USDC • 35 total findings • Sherlock • mstpr-brainbot

gold

high

If the stake token is minted from portfolio vault, positions from balances are not decreased

high

Deleveraging can result in a zero borrowed amount while maintaining the leveraged position

high

Excess fromBalance removal not added to other positions fromBalance's when leveraging up

high

Updating leverage changes the cross net and cross available value

high

Minting stake tokens is not updating the pool's borrowing fee rate

high

Mismatching funding fees can result in the protocol incurring a deficit or insolvency risk

high

Users profit in short cross will leave the fees in UsdPool instead of LpPool

high

Keepers can open positions that are already liquidatable

high

ERC20 transfers for stakeToken's is not updating the rewards process

high

The redeem process updates the rewards in the wrong order

high

Anyone can change the balance of an account to drain the entire portfolio vault

high

Pool value does not consider the open funding fees

high

`updateAllPositionFromBalanceMargin` function mistakenly increments positions "fromBalance"

high

`updatePositionFromBalanceMargin` function returns "0" if amount to be updated is negative

high

Closing partial positions miscounts the settled fees

high

Position net value is using outdated fees

high

Cross available value is not accounting the position fees

high

Long orders always pays lesser in fees while short orders always pays higher due to oracle pricing

high

Updating leverage does not accrues the latest borrowing fees for the market

high

Increasing leverage can make the position have "0" `initialMargin`

high

Closing positions does not decrease the pool's entry price, leading to misleading pool value calculations

high

If cross positions use the same margin token as collateral and close without liability, then fee accounting will be completely wrong

high

Pool value calculation skips accounting for stable token losses and short uPnL

high

LpPool's can become insolvent if shorters are in huge profits

high

Canceling a mint stake token can result in the execution fee being sent from the wrong vault

high

If the stake token is minted as collateral, the tokens never leave the portfolio vault for the stake token

medium

If the accounted token balance is higher than actual token balance some transfers can send "0" tokens to destination

medium

Unbacked tokens can be used for opening positions

medium

Withdrawing collateral does not update the total collateral held in the portfolio vault

medium

Users can gas grief or completely block keepers from executing orders

medium

Keepers loss gas is never accounted

medium

Users can have positions with a margin lower than the allowed minimum margin

medium

Cross positions that exceed the allowed margin can be opened

medium

When a position is closed, the execution fees for the canceled stop orders are lost for the user

medium

If stable tokens depeg, short funding fees will not be accounted properly

Mar '24

Seismic Finance

Seismic Finance

15,779.52 USDC • Sherlock • mstpr-brainbot

gold

Findings not publicly available for private contests.

WOOFi Swap

WOOFi Swap

26,080.97 USDC • 5 total findings • Sherlock • mstpr-brainbot

gold

high

Pool can be drained

medium

Selling partial base tokens are more profitable then selling in one go

medium

WooFi oracle can fail to validate its price with Chainlink price feed

medium

Swaps can happen without changing the price for the next trade due to gamma = 0

medium

If the destination swap uses WooFi and fails then the fee charged will not be returned back to user

Feb '24

Rio Network

Rio Network

9,754.00 USDC • 9 total findings • Sherlock • mstpr-brainbot

gold

high

Setting the strategy cap to "0" does not update the total shares held or the withdrawal queue

high

Requested withdrawal can be impossible to settle due to EigenLayer shares value appreciate when there are idle funds in deposit pool

high

Pending EigenLayer withdrawal can stuck

high

`reportOutOfOrderValidatorExits` does not updates the heap order

high

Heap is incorrectly stores the removed operator ID which can lead to division by zero in deposit/withdrawal flow

high

Malicious operators can `undelegate` theirselves to manipulate the LRT exchange rate

medium

All operators can have ETH deposits regardless of the cap setted for them leading to miscalculated TVL

medium

Ether can stuck when an operators validators are removed due to an user front-running

medium

Depositing to EigenLayer can revert due to round downs in converting shares<->assets

Rubicon Finance

Rubicon Finance

5,375 USDC • 1 total finding • Sherlock • mstpr-brainbot

gold

medium

Pairs with "MAX_FEE" can revert due to rounding inconsistencies

Jan '24

Arcadia

Arcadia

36.24 USDC • 1 total finding • Sherlock • mstpr-brainbot

#8

medium

Staked stargate asset module STG reward tracking can underflow blocking all interactions

LooksRare YOLO

LooksRare YOLO

9,859.45 USDC • 2 total findings • Sherlock • mstpr-brainbot

#4

high

Users can deposit "0" ether to any round

medium

Rounds can not be immediately drawn after fulfillRandomWords due to VRF contracts reentrancy guard

Telcoin Platform Audit

Telcoin Platform Audit

3,002.64 USDC • 1 total finding • Sherlock • mstpr-brainbot

#9

high

When governance burns an NFT, the claimable balances of other NFT can be mixed

Truflation

Truflation

263.92 USDC • 3 total findings • Sherlock • mstpr-brainbot

#5

high

Vest owners can drain the TRUF tokens by calling claim many times when the vest is in initialRelease < cliff period

medium

Ended locks can be extended

medium

Migrating user forgets the claimable tokens in the virtual staking rewards contract

Dec '23

Layer3

Layer3

5,181.02 USDC • Sherlock • mstpr-brainbot

gold

Findings not publicly available for private contests.

DODO GSP

DODO GSP

8,033.89 USDC • 3 total findings • Sherlock • mstpr-brainbot

gold

high

Pool can be drained if there are no LP_FEES

medium

Adjusting "_I_" will create a sandwich opportunity because of price changes

medium

First depositor can lock the quote target value to zero

Nov '23

Notional Update #4

Notional Update #4

4,143.51 USDC • 5 total findings • Sherlock • mstpr-brainbot

silver

high

Reward token can be an underlying token and it would not be possible to reinvest rewards

high

Restoring the vault can result in big losses if balances are changed

high

Balancer composable stable pools spot price calculation is wrong

medium

Some curve pools can not be used as a single sided strategy

medium

Emergency withdraw might not be enough if the underlying pool is a nested pool

Oct '23

LooksRare

LooksRare

1,996.65 USDC • 4 total findings • Sherlock • mstpr-brainbot

bronze

high

Agents can instantly die although the active agents are higher than 50

high

If escapes makes an agent winner while there are healing agents the healing agents LOOKS are lost

medium

Strategic escape can block healers

medium

Inconsistency in healing between docs and code, healing is only possible after 2 rounds

Real Wagmi #2

Real Wagmi #2

485.51 USDC • 1 total finding • Sherlock • mstpr-brainbot

#9

high

Liquidity owner can burn the liquidity position to hurt borrower

Aloe

Aloe

2,020.62 USDC • 2 total findings • Sherlock • mstpr-brainbot

#5

high

IV can be manipulated to return the maximum IV value on the next write

high

Liquidations can make debt stuck in the Lenders

Jul '23

GFX Labs

GFX Labs

2,531.76 USDC • 3 total findings • Sherlock • mstpr-brainbot

silver

high

Owner can take the users claimable WETH balances

high

Owner can steal users WETH-ETH by setting gasPrice higher

medium

Users can claim zero assets due to decimal differences between pool tokens

Jun '23

Symmetrical

Symmetrical

4,132.23 USDC • 11 total findings • Sherlock • mstpr-brainbot

#5

high

Accumulating excessive liquidation fees through repeated liquidation cycle

high

Extreme market situations can halt the liquidations

high

Old price signature can be used to liquidate same user in future

high

PartyA can grief the liquidators

medium

Quotes can be opened below the minimum quote value

medium

partyB can leverage emergency mode for quick profits

medium

If partyB is suspended, partyB still can withdraw the stablecoins

medium

Trading fee update can be sandwiched for atomic profits

medium

Rounding issue when closing partial positions

medium

Liquidation fee can be very small for liquidators

medium

partyB liquidation doesn't return trading fee back to partyA

May '23

Perennial

Perennial

15,913.27 USDC • 6 total findings • Sherlock • mstpr-brainbot

bronze

medium

Collateral contract is ignoring maker fee in user liquidation process

medium

Vaults will fail to work if any of the products of vault are paused

medium

Unintended Vault Operation Due to Product Settling and Oracle Version Skips

medium

Market Allows Zero Amount Positions Which Can Cause Vault Rebalancing to Revert

medium

If long and short products has different maker fees, vault rebalance can be spammed to eat vaults balance

medium

Public claim might be problematic

Footium

Footium

283.50 USDC • 3 total findings • Sherlock • mstpr-brainbot

#14

high

When a club sold to a third party, previous approvals from Escrow contract are not revoked

medium

Clubs can mint +1 players more than maxGenerationId

medium

transfer can fail for non standard ERC20 tokens

Apr '23

Splits

Splits

573.45 USDC • 1 total finding • Sherlock • mstpr-brainbot

bronze

medium

Univ3 oracle can be manipulated if pool is illiquid or non-existed

Mar '23

Notional V3

Notional V3

7,092.26 USDC • 4 total findings • Sherlock • mstpr-brainbot

#4

high

Incorrect accounting for idle funds during prime cash withdrawals

medium

Compound exchange rate can be manipulated to withdraw more underlying tokens from NotionalV3

medium

Lack of ERC20 approval on depositing to external money markets Compound V2

medium

Fee on transfer tokens will break the withdrawing process

Y2K

Y2K

513.68 USDC • 4 total findings • Sherlock • mstpr-brainbot

#28

high

User Funds Vulnerable to Index Manipulation

high

Rollover Queue Manipulation

high

Rolling over is never beneficial for users

high

Rollover Queue Underflow Prevents User Participation in Subsequent Epochs

Taurus

Taurus

213.98 USDC • 2 total findings • Sherlock • mstpr-brainbot

#8

high

Misaccounting Decimals

medium

Mislogic on TAU contracts