https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

neon2835

Security Researcher

Contact Me

High

8

Total

Medium

10

Total

$1.83K

Total Earnings

#1054 All Time

15x

Payouts

bronze

1x

3rd Places

regular

2x

Top 10

regular

5x

Top 25

All

Sherlock

Code4rena

Jan '25

Aave v3.3

Aave v3.3

179.45 USDC • Sherlock • neon2835

#66

Aug '24

ZeroLend One

ZeroLend One

10.48 USDC • 1 total finding • Sherlock • neon2835

#44

high

getSupplyBalance Function's Incorrect Formula May Lead to Loss of Users' Funds or Earnings

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

32.00 USDC • 2 total findings • Sherlock • neon2835

#46

medium

The _requireOnlyOperatorOrOwnerOf function in the MlumStaking contract has a vulnerability, and users can bypass the judgment

medium

The addToPosition function in the MlumStaking contract has a vulnerability, and users may lose their voting eligibility

Velocimeter

Velocimeter

747.73 USDC • 1 total finding • Sherlock • neon2835

#9

medium

The circulating_supply() of the Minter contract may revert, resulting in the inability of the Minter to periodically emit Flow tokens

Apr '24

Renzo

Renzo

0.04 USDC • 1 total finding • Code4rena • Neon2835

#57

medium

Deposits will always revert if the amount being deposited is less than the bufferToFill value

Mar '24

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • neon2835

bronze

high

The _cancelAllBids function has a vulnerability, as it does not verify whether the user at this time is the highest bidder

Abracadabra Mimswap

Abracadabra Mimswap

156.62 USDC • 1 total finding • Code4rena • Neon2835

#21

medium

Permanent loss of yield for stakers in reward pools due to precision loss.

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

46.85 USDC • 1 total finding • Code4rena • Neon2835

#76

high

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

Nov '23

Panoptic

Panoptic

104.17 USDC • 1 total finding • Code4rena • Neon2835

#23

medium

removedLiquidity can be underflowed to lock other user's deposits

Oct '23

Party Protocol

Party Protocol

152.37 USDC • 1 total finding • Code4rena • Neon2835

#25

medium

ETHCrowdfundBase.sol#processContribution - Impossible to finalize crowdfund because of minContribution check

NextGen

NextGen

11.91 USDC • 3 total findings • Code4rena • Neon2835

#91

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Aug '23

Dopex

Dopex

17.31 USDC • 1 total finding • Code4rena • Neon2835

#113

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

Tangible Caviar

Tangible Caviar

99.63 USDC • Code4rena • Neon2835

#49

Jun '23

Lybra Finance

Lybra Finance

204.96 USDC • 2 total findings • Code4rena • Neon2835

#42

high

Incorrectly implemented modifiers in LybraConfigurator.sol allow any address to call functions that are supposed to be restricted

high

There is a vulnerability in the executeFlashloan function of the PeUSDMainnet contract. Hackers can use this vulnerability to burn other people's eUSD token balance without permission

Apr '23

Rubicon v2

Rubicon v2

64.02 USDC • 2 total findings • Code4rena • Neon2835

#68

high

DOS of market operations with malicious offers

medium

Attack on rounding errors to get risk free profit