Security Researcher
High
Total
Medium
Total Earnings
#1017 All Time
Payouts
Top 25
Top 50
All
Code4rena
CodeHawks
Aug '24
0.19 USDC • 1 total finding • CodeHawks • Ward
#20
medium
[H-01] Auction tokens will be lost forever when auction ends without bids
0.09 USDC • 3 total findings • CodeHawks • Ward
#153
high
Native token withdrawal fails until manually approved
Unnecessary balance checks and precision issues in TokenManager::_transfer
low
[Low-01] Missing Access Control in `CapitalPool::approve()` Function Allows any User to call it to set Allowance Amount `TokenContract` to `type(uint256).max`.
Jul '24
0 USDC • 1 total finding • Code4rena • Ward
#89
Pause and unpause functions are inaccessible
Jan '24
62.25 USDC • 2 total findings • Code4rena • Ward
#84
Chainlink price feed uses BTC, not WBTC. In case of depegging, oracles will become easier to manipulate.
Adversary can prevent updating price feed addresses by creating poisonous proposals ending in `_confirm`
5.79 USDC • Code4rena • Ward
#64
Dec '23
0.00 USDC • 1 total finding • CodeHawks • Ward
#105
Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds
304.35 USDC • 1 total finding • Code4rena • Ward
#21
Malicious delegatees can block delegators from redelegating and from sending their NFTs
1,477.2 USDC • 1 total finding • Code4rena • Ward
#12
No check for sequencer uptime can lead to dutch auctions failing or executing at bad prices
Jul '23
0.14 USDC • 1 total finding • CodeHawks • natzuu
staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.
Sep '22
76.06 USDC • Code4rena • natzuu
#46
40.83 USDC • Code4rena • natzuu
27.95 USDC • Code4rena • natzuu
#71
35.35 USDC • Code4rena • natzuu
#67
Aug '22
86.89 USDC • Code4rena • natzuu
#78
52.1 USDC • Code4rena • natzuu
#38
44.84 USDC • Code4rena • natzuu
#62
67.73 USDC • Code4rena • natzuu
#39
Jun '22
21.17 USDC • Code4rena • natzuu
#86
