https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/caa78be2-dfbe-4af7-b1e7-3cc205642946.jpg

nicobevi

Security Researcher

Software engineer Crypto enthusiast. @code4rena, @sherlockdefi and @SpearbitDAO auditor (trying at least). whitehat @immunefi

Contact Me

High

Total

Medium

Total

$1.74K

Total Earnings

#1189 All Time

13x

Payouts

1x

Top 10

6x

Top 25

11x

Top 50

All

Sherlock

Code4rena

Apr '23

Teller

184.50 USDC • 1 total finding • Sherlock • nicobevi

#31

high

CollateralManager.setCollateralEscrowBeacon has not access restrictions and could be frontrun

Jan '23

Canto Identity Protocol contest

44.97 CANTO • Code4rena • nicobevi

#13

RabbitHole Quest Protocol contest

17.2 USDC • Code4rena • nicobevi

#74

Ondo Finance contest

36.24 USDC • Code4rena • nicobevi

#19

Astaria contest

253.34 USDC • Code4rena • nicobevi

#40

Dec '22

Forgeries contest

25.95 USDC • Code4rena • nicobevi

#23

Caviar contest

40.26 USDC • 1 total finding • Code4rena • nicobevi

#44

high

Liquidity providers may lose funds when adding liquidity

Escher contest

35.02 USDC • Code4rena • nicobevi

#54

Nov '22

ParaSpace contest

257.37 USDC • 3 total findings • Code4rena • nicobevi

#41

high

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

medium

Front-running admin setPrice call allows a single compromised oracle to set any price, allowing the oracle manipulator to drain all protocol funds

medium

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

Canto contest

207.65 CANTO • Code4rena • nicobevi

Oct '22

Holograph contest

55.67 USDC • Code4rena • nicobevi

#37

The Graph L2 bridge contest

50.28 USDC • Code4rena • nicobevi

#15

Blur Exchange contest

531.64 USDC • 1 total finding • Code4rena • nicobevi

#14

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount