https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

oualidpro

Security Researcher

Contact Me

High

8

Total

Medium

11

Total

$3.55K

Total Earnings

#848 All Time

24x

Payouts

regular

4x

Top 10

regular

11x

Top 25

regular

17x

Top 50

All

Sherlock

Code4rena

CodeHawks

Mar '25

PinLink: RWA-Tokenized DePIN Marketplace

PinLink: RWA-Tokenized DePIN Marketplace

1.59 USDC • Sherlock • oualidpro

#80

Crestal Network

Crestal Network

77.23 USDC • 1 total finding • Sherlock • oualidpro

#5

medium

Users can create agents without being Whitelisted

Dec '24

Tally ARB Staker

Tally ARB Staker

8.39 USDC • Sherlock • oualidpro

#36

SecondSwap

SecondSwap

571.64 USDC • 4 total findings • Code4rena • oualidpro

#10

high

Users can claim more that their actual allotment

medium

Incorrect referral fee calculations

medium

Incorrect listing type validation bypasses enforcement of minimum purchase amount

medium

Rounding error in stepDuration calculations.

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.75 OP • 3 total findings • Sherlock • oualidpro

#58

high

A user will Drain The StopLimit contract Funds by modifying an order `amountIn`

high

A user will drain both StopLimit and Bracket contracts funds due to non-uniqueness of `orderId`

medium

Attacker will Lock users funds by creating unlimited dust orders

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

39.78 USDC • 2 total findings • Sherlock • oualidpro

#43

medium

It is possible to earn rewards in `MlumStaking` staking contract without locking tokens for a period of time

medium

DoSing the rewarding system by flooding the `onRegister()` function with fake rewarders

May '24

LoopFi

LoopFi

0 USDC • Code4rena • oualidpro

#10

Apr '24

Renzo

Renzo

0 USDC • Code4rena • oualidpro

#58

Panoptic

Panoptic

32.96 USDC • Code4rena • oualidpro

#18

Mar '24

Ondo Finance

Ondo Finance

8.28 USDC • Code4rena • oualidpro

#17

DittoETH

DittoETH

191.73 USDC • Code4rena • oualidpro

#18

Abracadabra Mimswap

Abracadabra Mimswap

184.9 USDC • Code4rena • oualidpro

#19

zkSync Era

zkSync Era

619.88 USDC • Code4rena • oualidpro

#10

Taiko

Taiko

60.3 USDC • Code4rena • oualidpro

#34

Feb '24

AI Arena

AI Arena

22.54 USDC • 2 total findings • Code4rena • oualidpro

#108

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

MorpheusAI

MorpheusAI

79.79 USDC • 5 total findings • CodeHawks • oualidpro

#15

low

Any User can mint any amount of WStETH in the WStETHMock.sol and StETHMock.sol

low

Use custom gas in `sendMintMessage` instead of default gas

low

Create Pool in Mock Distribution is missing validations; allowing duplicates, wrong decreaseInterval value and payoutStart value

low

Do not hardcode `_zroPaymentAddress` field to `address(0)`

low

LayerZeroEndpoint.send() in L1Sender.sol may revert if the user does not provide enough native gas as specified

Oct '23

NextGen

NextGen

25.74 USDC • 2 total findings • Code4rena • oualidpro

#79

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Badger eBTC Audit + Certora Formal Verification Competition

Badger eBTC Audit + Certora Formal Verification Competition

162.76 USDC • Code4rena • oualidpro

#13

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

78.19 USDC • Code4rena • oualidpro

#43

DittoETH

DittoETH

1,136.51 USDC • 2 total findings • CodeHawks • oualidpro

#12

high

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

high

New orders can overwrite active orders when order id reaches 65000

Aug '23

Sparkn

Sparkn

7.67 USDC • 3 total findings • CodeHawks • oualidpro

#57

low

If a winner is blacklisted on any of the tokens they can't receive their funds

low

Lack of checking the existence of the Proxy contract

low

Using basis points for percentage is not precise enough for realistic use-cases

Jul '23

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

173.85 USDC • 11 total findings • CodeHawks • oualidpro

#32

gas

Check price != 0 before interacting with IERC20

gas

Use assembly to check for `address(0)`

gas

The `nonReentrant` `modifier` should occur before all other modifiers

gas

NatSpec `@param` is missing

gas

NatSpec `@return` argument is missing

gas

Constants in comparisons should appear on the left side

gas

Use nested `if` statements instead of logical AND (`&&`)

gas

Non-strict inequalities (>=) are cheaper than strict ones (>).

gas

Events may be emitted out of order due to reentrancy

gas

Imports could be organized more systematically

gas

Constants should be defined rather than using magic numbers

May '23

Footium

Footium

1.15 USDC • 2 total findings • Sherlock • oualidpro

#30

medium

Use safeTransfer() instead of transfer().

medium

NFT can be locked when calling _mint to a contract that does not support ERC721 protocol

Apr '23

Rubicon v2

Rubicon v2

61.45 USDC • 1 total finding • Code4rena • oualidpro

#72

medium

Low level calls to accounts with no code will succeed in `FeeWrapper`