https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/0e86e9ee-68b6-415e-9be8-ff8e02c52408.jpg

mt030d

Security Researcher

Contact Me

High

12

Total

Medium

14

Total

$42.42K

Total Earnings

#214 All Time

7x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

3x

Top 10

All

Sherlock

Code4rena

Jul '24

MakerDAO Endgame

MakerDAO Endgame

2,049.81 USDC • Sherlock • mt030d

#41

Jun '24

Size

Size

36,381.05 USDC • 6 total findings • Code4rena • mt030d

gold

high

Risk of Overpayment Due to Race Condition Between repay and liquidateWithReplacement Transactions

high

When `sellCreditMarket()` is called to sell credit for a specific cash amount, the protocol might receive a lower swapping fee than expected.

medium

Sandwich attack on loan fulfillment will temporarily prevent users from accessing their borrowed funds

medium

Users may incur an unexpected fragmentation fee in the `compensate()` call

medium

Size uses wrong source to query available liquidity on Aave, resulting in borrow and lend operations being bricked upon mainnet deployment

medium

Multicall does not work as intended

Thorchain

Thorchain

1,994.24 USDC • 3 total findings • Code4rena • mt030d

#5

high

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

high

A malicious user can steal money out of the vault and other users

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

May '24

Predy

Predy

0.17 USDC • 1 total finding • Code4rena • mt030d

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '24

Renzo

Renzo

339.09 USDC • 4 total findings • Code4rena • mt030d

#25

high

The amount of `xezETH` in circulation will not represent the amount of `ezETH` tokens 1:1

high

Incorrect withdraw queue balance in TVL calculation

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

medium

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

TITLES Publishing Protocol

TITLES Publishing Protocol

1,565.76 USDC • 7 total findings • Sherlock • mt030d

silver

high

For each edition, only one collection referrer is stored in `FeeManager`

high

Collection referrers do not receive their revenue share

medium

`Edition.mintBatch()` could fail due to forwarding `msg.value` in a loop

medium

The signature for `TitlesGraph.acknowledgeEdge()` can be used in `TitlesGraph.unacknowledgeEdge()` and vice versa

medium

`Edition.transferWork()` does not update the fee receiver for the work, preventing the new owner from receiving relevant fees

medium

Incorrect encoding of bytes for EIP712 digest in `TitleGraph` causes signatures generated by common EIP712 tools to be unusable

medium

Excess funds are not refunded during the minting

Zivoe

Zivoe

87.94 USDC • 5 total findings • Sherlock • mt030d

#43

high

Late ITO airdrop claimers might get less $ZVE reward than they should

high

Reward rate in ZivoeRewards and ZivoeRewardsVesting can be dragged out and diluted

high

`ZivoeRewardsVesting.revokeVestingSchedule()` leaves phantom voting powers for the revoked account

high

Incorrect `_totalSupply` update in ZivoeRewardsVesting.revokeVestingSchedule() could prevent last users from withdrawing from the contract

medium

OCL_ZVE.pushToLockerMulti is vulnerable to Denial-of-Service (DOS) attacks due to its strict zero allowance checks