Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/26268546-8c7c-41bc-894b-12ab62260a52.png

newspacexyz

Security Researcher

Contact Me

High

31

Total

Medium

31

Total

$21.33K

Total Earnings

#345 All Time

33x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

bronze

2x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Immunefi

Apr '25

ZKP2P V2

ZKP2P V2

2,843.20 OP • Sherlock • newspacexyz

gold

Findings not publicly available for private contests.

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

68.35 USDC • 2 total findings • Sherlock • newspacexyz

#10

high

Attacker can decrease the overall reward amount by notifying dust.

medium

Attacker can prevent stakers from claiming all rewards by extending reward period

badger-ebtc-bsm

badger-ebtc-bsm

29.7 USDC • 2 total findings • Cantina • newspacexyz

#23

high

Finding not yet public.

high

Finding not yet public.

Feb '25

Yieldoor

Yieldoor

25.21 USDC • 2 total findings • Sherlock • newspacexyz

#22

high

Incorrect base calculation in Leverager#isLiquidateable() prevents normal liquidations

medium

`secondaryPosition`'s `tickLower` can be equal or larger than `tickUpper`

SEDA Protocol

SEDA Protocol

528.57 USDC • 2 total findings • Sherlock • newspacexyz

#13

high

`Secp256k1ProverV1`.`postBatch` doesn't check duplication of signers

high

Malicious `batchSender` can reject ethers so that only he can claim reward

defi-app-contracts

defi-app-contracts

11.53 USDC • 1 total finding • Cantina • newspacexyz

#26

high

Finding not yet public.

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • newspacexyz

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

IQ AI

IQ AI

551.36 USDC • 1 total finding • Code4rena • newspacexyz

#10

medium

[M-3] Anyone can deploy a new `FraxSwapPair` with a Low fee incurring losses to the protocol

daao-contracts

daao-contracts

3.78 USDC • 1 total finding • Cantina • newspacexyz

#91

high

Finding not yet public.

Beraborrow

Beraborrow

5,719.91 USDC • Sherlock • newspacexyz

#5

Findings not publicly available for private contests.

FlatMoney v2 Update

FlatMoney v2 Update

1,039.73 USDC • Sherlock • newspacexyz

#7

Findings not publicly available for private contests.

Dec '24

QuantAMM

QuantAMM

210.49 op • 3 total findings • CodeHawks • newspacexyz

#35

high

Loss of Fees for Router `UpliftOnlyExample` due to Division Rounding in Admin Fee Calculation, Causing Unfair Fee Distribution

low

Inconsistent timestamp storage when the LPNFT is transferred.

low

Critical Precision Loss in MultiHopOracle Price Calculations

aligned-layer

aligned-layer

375 USDC • Cantina • newspacexyz

#13

Alchemix Transmuter

Alchemix Transmuter

774.62 op • 3 total findings • CodeHawks • newspacexyz

#5

medium

Incorrect Total Assets Calculation in _harvestAndReport Leading to Share Value Manipulation and Irredeemable Assets

medium

Inflated `totalAssets` in `StrategyMainnet`, `StrategyArb`, and `StrategyOp` Contracts

low

Missing Router Update Mechanism in StrategyMainnet Contract

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • newspacexyz

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

Idle Finance Credit Vaults

Idle Finance Credit Vaults

903.86 USDC • Sherlock • newspacexyz

#6

Findings not publicly available for private contests.

SecondSwap

SecondSwap

0.03 USDC • 2 total findings • Code4rena • newspacexyz

#66

high

Users can claim more that their actual allotment

medium

Incorrect referral fee calculations

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.48 OP • 2 total findings • Sherlock • newspacexyz

#60

high

Unauthorized Fund Transfer on `modifyOrder`

high

Stop Limit and Bracket Orders can cause ID collision and fund locking

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

34.60 OP • 8 total findings • Sherlock • newspacexyz

#35

high

Replay attack vulnerability in `withdraw` function due to nonce mismanagement, in `CDS` contract

high

Arbitrary price manipulation in `redeemUSDT` function enables treasury drain

high

Missing access control in `updateDownsideProtected` allows arbitrary manipulation

high

Exploitable high `strikePrice` input allows borrowers to minimize withdrawals

medium

Incorrect borrower count and withdrawal issues due to improper flag handling in `treasury` contract

medium

Inconsistent `lastEthprice` updates impact omnichain data calculations

medium

`calculateCumulativeRate` always returns `lastCumulativeRate` due to incorrect `lastEventTime` update

medium

Excess ether not refunded to users in `depositTokens` function

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • newspacexyz

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

1,240.69 USDC • 4 total findings • Sherlock • newspacexyz

bronze

high

Fee calculation vulnerability will overcharge users during vote purchases

high

Attacker can gain a advantage by manipulating the order in which votes are bought and sold.

medium

`slash` function lacks 24-hour lock mechanism for accused staking and withdrawals

medium

Multiple fee miscalculation leads to inaccurate implementation of the fee model

TermMax

TermMax

521.63 USDC • 1 total finding • Cantina • newspacexyz

#7

high

Finding not yet public.

Superfluid Locker System

Superfluid Locker System

121.22 USDC • 1 total finding • Sherlock • newspacexyz

#4

high

Wrong unlockPeriod behavior in FluidLocker contract

Debita Finance V3

Debita Finance V3

868.46 USDC • 9 total findings • Sherlock • newspacexyz

#9

high

Missing NFT claim mechanism prevents buy order owners from accessing transferred NFTs

medium

Valid lenders and borrowers may not receive their incentives due to sequence of `lenders`

medium

Lack of handling for unclaimed incentives causes permanent lockup of funds

medium

Loan extension miscalculation will cause reversion of extendLoan

medium

Borrowers will face excessive principal loss due to incorrect fee calculation(`feeOfMaxDeadline`) in loan extension

medium

Inconsistent `isActive` state in `DLOImplementation` enables repeated exploitation of `changePerpetual` to clear factory lend orders

medium

Incorrect calculation of extended loan days leads to unfair borrower fees

medium

Incorrect interest handling after loan extension leads to lender losses

medium

Attacker manipulates precision loss to overcharge borrower on APR

Telcoin Update #2

Telcoin Update #2

202.15 USDC • Sherlock • newspacexyz

#12

Oct '24

Era

Era

200.96 USDC • CodeHawks • newspacexyz

#27

Dria

Dria

1,471.70 USDC • 5 total findings • CodeHawks • newspacexyz

#6

high

Subtraction in `variance()` will revert due to underflow

high

Potential underflow vulnerability in score range calculation of `LLMOracleCoordinator::finalizeValidation`, leading to DoS.

medium

Platform fees withdrawal will sweep oracle agents earned fees

medium

Request responses and validations can be mocked leading to extraction of fees and/or forcing other generators to lose their fees by making them outliers

medium

Phase calculation inaccuracy will always extend sell phase and cut withdrawal phase time

Ethos Network Social Contracts

Ethos Network Social Contracts

1,911.58 USDC • 2 total findings • Sherlock • newspacexyz

bronze

medium

checkIsAddressCompromised will always revert on restored addresses (Including inviteAddress)

medium

Compromise check will prevent malicious operations

Gamma Brevis Rewarder

Gamma Brevis Rewarder

314.34 OP • 1 total finding • Sherlock • newspacexyz

silver

medium

Precision loss in createDistribution will accumulate and lock undistributed tokens

Audit Comp | Anvil

Audit Comp | Anvil

139 USDT • 1 total finding • Immunefi • ProfitableFrog6412

#12

low

Finding not yet public.

stakeup-bloomv2

stakeup-bloomv2

926.58 USDC • 5 total findings • Cantina • newspacexyz

#12

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

mev-commit

mev-commit

138.65 USDC • 2 total findings • Cantina • newspacexyz

#34

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

89.86 USDC • 3 total findings • Cantina • newspacexyz

#38

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.