https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/018ff755-4925-4cce-be46-79adaab866aa.jpg

ni8mare

Security Researcher

Doing my bit towards smart contract security.

Contact Me

High

26

Total

Medium

53

Total

$24.87K

Total Earnings

#320 All Time

38x

Payouts

silver

1x

2nd Places

bronze

2x

3rd Places

regular

8x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

68.35 USDC • 2 total findings • Sherlock • SlayerSecurity

#10

high

The reward per token stored can be prevented from being updated

medium

malicious user can extend the reward duration by calling `notifyRewardAmount`

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • SlayerSecurity

bronze

medium

Incorrect accounting of `LaunchToken` with `CurrencyToken` in `updateParticipation`

Jan '25

daao-contracts

daao-contracts

216.12 USDC • 3 total findings • Cantina • ni8mare

#26

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

infrared-contracts

infrared-contracts

12,157.11 USDC • 3 total findings • Cantina • ni8mare

#6

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Oct '24

Gamma Brevis Rewarder

Gamma Brevis Rewarder

131.06 OP • 1 total finding • Sherlock • ni8mare

bronze

high

Users cannot claim rewards for the whole distribution period.

stakeup-bloomv2

stakeup-bloomv2

50.56 USDC • 2 total findings • Cantina • ni8mare

#77

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

symbioticfi-core

symbioticfi-core

3,343.91 USDC • 2 total findings • Cantina • ni8mare

#7

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

zetachain-protocol

zetachain-protocol

2,135.59 USDC • 4 total findings • Cantina • ni8mare

#20

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Winnables Raffles

Winnables Raffles

1.80 USDC • 1 total finding • Sherlock • ni8mare

#37

high

`_lockedETH` is never decremented on the cancellation of a raffle.

Tadle

Tadle

186.55 USDC • 2 total findings • CodeHawks • ni8mare

#34

high

TokenManager - Unlimited withdraw

medium

`mulDiv()` can round down to 0 in realistic cases, allowing for tax avoidance

May '24

Predy

Predy

479.32 USDC • 5 total findings • Code4rena • WinSec

#17

medium

incorrect price for negative ticks due to lack of rounding down

medium

`updateIRMParams` does not call `applyInterestForToken` before updating `irmParams` which leads to incorrect calculation of interest rate for subsequent trades.

medium

Liquidity manipulation is possible when trading

medium

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '24

NOYA

NOYA

695.95 USDC + NOYA stars • 13 total findings • Code4rena • WinSec

#21

high

`PendleConnector` incorrectly sends the redeemed `PT` tokens to the market instead of the

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

high

Numerous errors when calculating the TVL for the MorphoBlue connector

high

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

medium

LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector

medium

Withdrawals in AccountManager are prone to DOS attacks.

medium

The total deposit amount limit in `AccountingManager.sol` can be bypassed

medium

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

medium

Incorrect modifier condition

medium

`AccountingManager` contract's `previewDeposit`, `previewMint`, `previewWithdraw`, and `previewRedeem` functions are not compliant with EIP-4626 standard

medium

Extra rewards are not updated in curve connector when harvestConvexRewards is called

medium

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

medium

Using the same heartbeat for multiple price feeds

Mar '24

Ondo Finance

Ondo Finance

72.43 USDC • 1 total finding • Code4rena • ni8mare

#15

medium

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

vVv Vesting & Staking

vVv Vesting & Staking

13.13 USDC • Sherlock • ni8mare

#33

Feb '24

Perpetual

Perpetual

766.76 USDC • 1 total finding • Sherlock • ni8mare

#10

medium

`deposit` function in `SpotHedgeBaseMaker` and `OracleMaker` is prone to slippage

AI Arena

AI Arena

2.1 USDC • 3 total findings • Code4rena • ni8mare

#156

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction

Jan '24

Flat Money

Flat Money

80.91 USDC • 1 total finding • Sherlock • ni8mare

#17

high

In `settleFundingFees`, `_globalPositions.marginDepositedTotal` can be assigned a wrong value because of improper comparisons.

Avail

Avail

24.97 USDC • Sherlock • ni8mare

#23

Dec '23

The Standard

The Standard

1.47 USDC • 3 total findings • CodeHawks • ni8mare

#84

medium

Missing deadline check allow pending transactions to be maliciously executed

medium

Fees are hardcoded to 3000 in ExactInputSingleParams

low

`costInEuros` calculation will incur precision loss due to division before multiplication

Footium Update

Footium Update

11.91 USDC • Sherlock • ni8mare

#28

Oct '23

Open Dollar

Open Dollar

80.26 USDC • 2 total findings • Code4rena • ni8mare

#39

medium

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

medium

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

Canto Liquidity Mining Protocol

Canto Liquidity Mining Protocol

2,934.85 USDC • 1 total finding • Code4rena • ni8mare

silver

medium

If `dt` is not updated accurately then `timeWeightedWeeklyPositionInRangeConcLiquidity_` might be updated incorrectly.

Aug '23

Cooler Update

Cooler Update

26.24 USDC • 2 total findings • Sherlock • ni8mare

#16

high

Malicious lender can prevent borrowers from repaying their loans.

medium

`rollLoan` function can be called by anyone.

veRWA

veRWA

9.82 USDC • Code4rena • ni8mare

#52

Tangible Caviar

Tangible Caviar

26.58 USDC • Code4rena • ni8mare

#69

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

61.67 USDC • 11 total findings • CodeHawks • ni8mare

#62

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Token spending by Uniswap router doesn't get approved

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

No expiration deadline leads to losing a lot of funds

medium

Fixed fee level is used when swap tokens on Uniswap

medium

Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum

medium

Some ERC20 tokens would revert on zero value fee transfers.

low

Rounding error risk in borrow() function in Lender.sol

gas

Cannot use `_burn` Function in Beedle.sol Contract

gas

Uncheck Arithmetic where overflow/underflow impossible

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

2.02 USDC • 6 total findings • CodeHawks • ni8mare

#112

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

medium

DSC protocol can consume stale price data or cannot operate on some EVM chains

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

medium

All of the USD pair price feeds doesn't have 8 decimals

low

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

2.47 USDC • 1 total finding • CodeHawks • ni8mare

#94

gas

Contract Can Be Deployed Without Funds.

Tokensoft

Tokensoft

239.82 USDC • 2 total findings • Sherlock • ni8mare

#10

high

IVT tokens can be minted many times by calling `initializeDistributionRecord` several times.

medium

`_setTotal` function in `CrosschainDistributor` will revert

Beam

Beam

10.45 USDC • Sherlock • ni8mare

#43

PoolTogether

PoolTogether

446.12 USDC • 2 total findings • Code4rena • ni8mare

#34

high

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

medium

deposit function does not check for the `maxMint` amount.

Jun '23

Hubble Exchange

Hubble Exchange

212.42 USDC • 1 total finding • Sherlock • ni8mare

#25

medium

More checks needed for Chainlink price feed return values

RealWagmi

RealWagmi

126.60 USDC • 1 total finding • Sherlock • ni8mare

#17

high

`getQuoteAtTick` uses `slot0` to calculate prices, which can be manipulated.

May '23

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • ni8mare

#23

medium

Oracle return values are not being checked.

medium

No checks for whether Arbitrum sequencer is down

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

4.78 USDC • 5 total findings • Sherlock • ni8mare

#71

high

`mintRebalancer` and `burnRebalancer` can be called by anyone.

high

No slippage parameter in `UniV3SwapInput` function

high

Wrong addresses are used in Oracle contracts.

high

Using `slot0` to calculate prices can be manipulated.

medium

Chainlink Oracle return values are not being checked.

Juicebox Buyback Delegate

Juicebox Buyback Delegate

16.19 USDC • Code4rena • ni8mare

#18

Footium

Footium

89.85 USDC • 1 total finding • Sherlock • ni8mare

#25

medium

Club owner can mint more players than _maxGenerationId

Mar '23

Y2K

Y2K

138.34 USDC • 1 total finding • Sherlock • ni8mare

#49

medium

Wrong treasury address set in changeTreasury function in VaultFactoryV2 contract