https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/8046bd9e-682b-4604-b84c-9114da3985de.png

n4nika

Security Researcher

Contact Me

High

20

Total

Medium

1

Solo

25

Total

$208.75K

Total Earnings

#41 All Time

13x

Payouts

gold

2x

1st Places

silver

2x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Cantina

Immunefi

Hats Finance

Feb '25

Babylon Chain Launch (Phase-2)

Babylon Chain Launch (Phase-2)

15,789.47 USDC • 1 total finding • Sherlock • n4nika

bronze

medium

Btcstaking module allows `stakingTx` to be coinbase transaction which is unslashable for 100 blocks

Jan '25

ton-pool-contracts

ton-pool-contracts

3,692.62 USDC • 4 total findings • Cantina • n4nika

silver

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '24

Attackathon | Stacks

Attackathon | Stacks

84,837 STX • 12 total findings • Immunefi • n4nika

silver

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

low

Finding not yet public.

Sep '24

redstone-oracle

redstone-oracle

399.87 USDC • 2 total findings • Cantina • n4nika

#9

high

Finding not yet public.

medium

Finding not yet public.

MorphL2

MorphL2

5,398.50 USDC • 4 total findings • Sherlock • n4nika

#6

medium

Stakers lose their commission if they unstake as they cannot claim their pending rewards anymore after unstaking

medium

If `withdrawalLockBlocks < proofWindow`, stakers can act maliciously without risking loss of their stake

medium

A single malicious challenger can DoS the L1 rollup permanently because `Rollup.sol::_defenderWin` does not burn a portion of the `challengeDeposit`

medium

Attacker can fill merkle tree in `L2ToL1MessagePasser`, blocking any future withdrawals

Aug '24

zetachain-protocol

zetachain-protocol

13,083.36 USDC • 9 total findings • Cantina • n4nika

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jul '24

dappslap

dappslap

1,800 USDC • Hats • n4nika

#4

Optimism Superchain

Optimism Superchain

5,768.02 OP • 2 total findings • Code4rena • n4nika

#9

high

LPP metadata can be altered after the challenge period is over, allowing incorrect states to be proven

medium

Panic in MIPS VM Could Lead to Unchallengeable L2 Output Root Claim

Jun '24

Attackathon | Fuel Network

Attackathon | Fuel Network

14,838 USDC • 2 total findings • Immunefi • n4nika

#11

medium

Finding not yet public.

medium

Finding not yet public.

May '24

Bitcoin Staking Scripts

Bitcoin Staking Scripts

62,387.16 USDC • 7 total findings • Cantina • n4nika

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Munchables

Munchables

0.01 USDC • 1 total finding • Code4rena • n4nika

#16

high

Invalid validation allows users to unlock early

Apr '24

DYAD

DYAD

7.82 USDC • 3 total findings • Code4rena • n4nika

#96

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

medium

Incorrect deployment / missing contract will break functionality

Mar '24

Acala

Acala

746.92 USDC • 1 total finding • Code4rena • n4nika

#10

medium

Claiming rewards while the deduction rate is != 0, allows for repeated withdrawal of redistributed rewards