https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/06be7171-9369-4393-8a88-0eb769eb2ddb.jpg

novaman33

Security Researcher

Web3 security researcher

Contact Me

High

1

Solo

53

Total

Medium

28

Total

$32.95K

Total Earnings

#263 All Time

25x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

bronze

3x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • novaman33

#18

medium

'notifyRewardAmount' can be used to grief users

Feb '25

Yieldoor

Yieldoor

13.80 USDC • 1 total finding • Sherlock • novaman33

#26

high

Maximum leverage can be exceeded due to insufficient positionLeverage calculation

Liquidity Management

Liquidity Management

532.69 usdc • 1 total finding • CodeHawks • novaman33

#15

high

If users withdraw while a position is in loss, the whole PNL of the position to their withdrawal amount instead of just their share of it.

Jan '25

Part 2

Part 2

2,809.76 usdc • 11 total findings • CodeHawks • novaman33

#7

high

The Deleverage Will apply twice on market USDtoken minting

high

Vaults weth reward is not distributed correctly

high

Unclaimed Rewards Loss Due to Missing Validation in `VaultRouterBranch.stake()`

high

Incorrect Debt Check in `CreditDelegationBranch::settleVaultsDebt` Function

high

Markets and vaults will not update their state until market fee is received, any deposits before market fee will not be reflected

high

Total market debt > 0 when credit deposits > netusdissuance which breaks key protocol logic

high

Incorrect calculation in CreditDelegationBranch::withdrawUsdTokenFromMarket allows attacker mint any amount of usdz

high

Incorrect vault debt validation logic in rebalanceVaultsAssets causes reverts

medium

Vault accumulated values do not reflect market change correctly

medium

rebalanceVaultAssets will revert with erc20 insufficient balance error

medium

`_fillOrder` should update the vaults before deleveraging

Plaza Finance

Plaza Finance

1,200.87 USDC • 8 total findings • Sherlock • novaman33

#10

high

Stuck tokens in `BalancerRouter`

high

Users will be able to manipulate redemptions because of flawed logic

high

`transferReserveToAuction` will always revert

high

Broken cAMM curve when `Collateral Level ≤ 1.2`

high

Users can perform fee manipulations to limit their fee exposure

medium

A user will be able to always sabotage auctions

medium

A user will be able to steal funds from the protocol by getting blacklisted

medium

Users may not be able to claim their coupons in some cases

Dec '24

Idle Finance Credit Vaults

Idle Finance Credit Vaults

1,446.18 USDC • Sherlock • novaman33

#4

Findings not publicly available for private contests.

Numa

Numa

579.94 USDC • 1 total finding • Sherlock • novaman33

#10

high

First depositor attack in CNumaToken and CNumaLst

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

72.48 USDC • 2 total findings • Sherlock • novaman33

#25

high

`buyVotes` function will overcharge users with fee

high

`withdrawGraduatedMarketFunds` will try to send more eth than there actually is

Extra Finance

Extra Finance

1,665.90 OP • Sherlock • novaman33

bronze

Findings not publicly available for private contests.

Chiliz Chain System Contracts

Chiliz Chain System Contracts

808.18 USDC • Sherlock • novaman33

#9

Findings not publicly available for private contests.

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • novaman33

gold

high

An attacker could front-run user's claim and steal their tokens

Telcoin Update #2

Telcoin Update #2

181.36 USDC • Sherlock • novaman33

#13

Oct '24

stakeup-bloomv2

stakeup-bloomv2

942.3 USDC • 6 total findings • Cantina • 0xnovaman33

#15

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

Flayer

Flayer

784.42 USDC • 5 total findings • Sherlock • novaman33

#22

high

Missing implementation to claim ERC1155 royalties

high

Bridging from L1 to L2 will always result in DOS

medium

Wrong refund logic in Locker.sol `initializeCollection`

medium

A collection will not be shutdown in an edge case

medium

claimRoyalties will use wrong receiver

Jul '24

LoopFi

LoopFi

16,509.76 USDC • 10 total findings • Code4rena • novamanbg

silver

high

Availability of deposit invariant can be bypassed

high

`vestTokens` bug in MultiFeeDistribution.sol causes new incentives to erase previous incentives

high

There is a calculation error in AuraVault::redeem().

high

Directly sending dust token amount will slow down distribution in `MultiFeeDistribution.sol`

high

An infinite loop in `MultiFeeDistribution.sol` withdraw

medium

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

medium

Usage of `lastEligibleStatus` can cause user to miss out on rewards on `manualStopEmissionsFor` invocation

medium

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

medium

ChefIncentivesController caches endRewardTime, which is not required, and may cause issues during reward update.

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

73.78 USDC • 4 total findings • Sherlock • novaman33

#32

high

Unclaimed rewards are not sent back to the briber in `BribeRewarder.sol`

high

Positions with expired locks can still vote and earn rewards

medium

Wrong amount is used when calculation avgDuration in MlumStaking.sol

medium

`harvestPositionsTo` will not work as expected

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

2,334.95 USDC • 2 total findings • Sherlock • novaman33

bronze

high

Lido withdraw limitation will brick the withdraw process in an edge case

high

`_splitWithdrawRequest` will make invalid withdraw requests in an edge case

May '24

LoopFi

LoopFi

386.08 USDC • 10 total findings • Code4rena • novamanbg

bronze

high

Availability of deposit invariant can be bypassed

high

`vestTokens` bug in MultiFeeDistribution.sol causes new incentives to erase previous incentives

high

There is a calculation error in AuraVault::redeem().

high

Directly sending dust token amount will slow down distribution in `MultiFeeDistribution.sol`

high

An infinite loop in `MultiFeeDistribution.sol` withdraw

medium

Discrepency b/w the `lastRewadTime` and the `lastAllPoolUpdate` can allow for incorrect reward distribution to pools if `registerRewardDeposit` deposits less assets

medium

Usage of `lastEligibleStatus` can cause user to miss out on rewards on `manualStopEmissionsFor` invocation

medium

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

medium

ChefIncentivesController caches endRewardTime, which is not required, and may cause issues during reward update.

Apr '24

NOYA

NOYA

2.38 USDC + NOYA stars • 3 total findings • Code4rena • novamanbg

#115

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

Zivoe

Zivoe

2.24 USDC • 1 total finding • Sherlock • novaman33

#55

high

Incorrect depositReward function slows down reward vesting

Mar '24

Axis Finance

Axis Finance

1,629.38 USDC • 5 total findings • Sherlock • novaman33

#8

high

New auctions override old ones in `lotRouting` mapping

high

Bidders will not be able to claim bids

high

Some tokens will cause DOS of claimProceeds function

high

Malicious seller can cancel batch auction and freeze user's bids

medium

All funds for the current lot will be frozen if seller does not give the private key

Zap Protocol

Zap Protocol

9.97 USDC • 1 total finding • Sherlock • novaman33

#12

high

Users can drain the vesting contract with reentrancy

Revert Lend

Revert Lend

742.93 USDC • 3 total findings • Code4rena • novamanbg

#17

high

V3Utils.execute() does not have caller validation, leading to stolen NFT positions from users

high

Owner of a position can prevent liquidation due to the 'onERC721Received' callback

medium

Protocol can be repeatedly gas griefed in `AutoRange` external call

Feb '24

AI Arena

AI Arena

1.22 USDC • 3 total findings • Code4rena • novamanbg

#168

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

Flat Money

Flat Money

122.01 USDC • 2 total findings • Sherlock • novaman33

#16

high

ERC721 locking mechanism does not work

medium

Users can mint as many `Flat.money Points` as they want