oyc_109

Security Researcher

Contact Me

High

Total

Medium

Total

$23.71K

Total Earnings

#338 All Time

78x

Payouts

9x

Top 10

27x

Top 25

67x

Top 50

All

Sherlock

Code4rena

Mar '23

Neo Tokyo contest

179.56 USDC • Code4rena • oyc_109

#16

Feb '23

Ethos Reserve contest

42.07 USDC • Code4rena • oyc_109

#34

Jan '23

Numoen contest

45.43 USDC • Code4rena • oyc_109

#20

OpenSea Seaport 1.2 contest

140.67 USDC • Code4rena • oyc_109

Ondo Finance contest

36.24 USDC • Code4rena • oyc_109

#19

Reserve contest

72.44 USDC • Code4rena • oyc_109

#27

Astaria contest

51.32 USDC • Code4rena • oyc_109

#52

Biconomy - Smart Contract Wallet contest

120.09 USDC • 1 total finding • Code4rena • oyc_109

#44

medium

SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps

Dec '22

Papr contest

43.54 USDC • Code4rena • oyc_109

#26

Forgeries contest

45.71 USDC • Code4rena • oyc_109

#21

Caviar contest

14.83 USDC • Code4rena • oyc_109

#45

prePO contest

28.12 USDC • Code4rena • oyc_109

#31

Escher contest

31.16 USDC • Code4rena • oyc_109

#57

Nov '22

ParaSpace contest

882.55 USDC • Code4rena • oyc_109

#26

Canto contest

13.69 CANTO • 1 total finding • Code4rena • oyc_109

#12

high

Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed

Redacted Cartel contest

93.14 USDC • Code4rena • oyc_109

#40

LSD Network - Stakehouse contest

52.03 USDC • Code4rena • oyc_109

#52

SIZE contest

21.13 USDC • Code4rena • oyc_109

#39

Debt DAO contest

110.58 USDC • Code4rena • oyc_109

#43

Chainlink Staking contest

139.59 USDC • Code4rena • oyc_109

#17

Oct '22

Paladin - Warden Pledges contest

31.16 USDC • Code4rena • oyc_109

#30

Inverse Finance contest

55.74 USDC • Code4rena • oyc_109

#41

Holograph contest

837.97 USDC • Code4rena • oyc_109

#12

The Graph L2 bridge contest

71.07 USDC • Code4rena • oyc_109

#14

Sep '22

QuickSwap and StellaSwap contest

78.53 USDC • Code4rena • oyc_109

#37

Frax Ether Liquid Staking contest

147.69 USDC • 1 total finding • Code4rena • oyc_109

#22

medium

removeValidator() and removeMinter() may fail due to exceeding gas limit

VTVL contest

31.1 USDC • Code4rena • oyc_109

#57

Art Gobblers contest

55.2 USDC • Code4rena • oyc_109

#21

Y2k Finance contest

89.45 USDC • Code4rena • oyc_109

#44

FEI and TRIBE Redemption contest

33.58 USDC • Code4rena • oyc_109

#14

Canto Dex Oracle contest

146.62 CANTO • 1 total finding • Code4rena • oyc_109

#10

medium

unbounded loop length dos

Nouns Builder contest

107.46 USDC • Code4rena • oyc_109

#79

Aug '22

Sentiment

3.50 USDC • 1 total finding • Sherlock • oyc_109

#26

medium

Chainlink oracle aggregator data is insufficiently validated

Olympus DAO contest

91.18 USDC • Code4rena • oyc_109

#59

Nouns DAO contest

54.91 USDC • Code4rena • oyc_109

#28

FIAT DAO veFDT contest

625.18 USDC • 1 total finding • Code4rena • oyc_109

high

Unsafe usage of ERC20 transfer and transferFrom

Fraxlend (Frax Finance) contest

91.36 USDC • Code4rena • oyc_109

#29

Foundation Drop contest

83.43 USDC • 1 total finding • Code4rena • oyc_109

#29

medium

NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol

Mimo August 2022 contest

243.96 USDC • Code4rena • oyc_109

#19

Rigor Protocol contest

64.58 USDC • Code4rena • oyc_109

#54

Jul '22

Axelar Network v2 contest

608.6 USDC • Code4rena • oyc_109

Golom contest

129.98 USDC • Code4rena • oyc_109

#72

Swivel v3 contest

2,358.52 USDC • 2 total findings • Code4rena • oyc_109

medium

Error in allowance logic

medium

should use >= instead of >

Fractional v2 contest

452.61 USDC • 4 total findings • Code4rena • oyc_109

#31

high

Malicious User Could Burn The Assets After A Successful Migration

medium

A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES

medium

Delegate call in `Vault#_execute` can alter Vault's ownership

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

927.29 USDC • 3 total findings • Code4rena • oyc_109

#14

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

Use a safe transfer helper library for ERC20 transfers

medium

processFees() may fail due to exceed gas limit

Jun '22

Putty contest

73.82 USDC • 1 total finding • Code4rena • oyc_109

#57

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Canto v2 contest

1,114.53 USDC • 2 total findings • Code4rena • oyc_109

#10

medium

missing zero address check can cause initialize to be called more than once

medium

Multiple initialization in `NoteInterest`

Nibbl contest

45.81 USDC • Code4rena • oyc_109

#41

Yieldy contest

199.16 USDC • 1 total finding • Code4rena • oyc_109

#32

medium

Burn access control can be bypassed

Illuminate contest

178.19 USDC • 1 total finding • Code4rena • oyc_109

#38

high

Able to mint any amount of PT

Nested Finance contest

116.54 USDC • Code4rena • oyc_109

#13

Badger-Vested-Aura contest

157.72 USDC • 1 total finding • Code4rena • oyc_109

#17

medium

`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`

Infinity NFT Marketplace contest

188.99 USDC • 2 total findings • Code4rena • oyc_109

#34

high

Overpayment of native ETH is not refunded to buyer

high

Accumulated ETH fees of InfinityExchange cannot be retrieved

Canto contest

640.15 USDC • 1 total finding • Code4rena • oyc_109

#29

high

Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed

Connext Amarok contest

283.8 USDC • Code4rena • oyc_109

#29

Notional x Index Coop

136.79 USDC • Code4rena • oyc_109

#32

May '22

Backd Tokenomics contest

171.81 USDC • Code4rena • oyc_109

#26

veToken Finance contest

2,234.6 USDT • 1 total finding • Code4rena • oyc_109

#10

medium

malicious operator can rug pull

Velodrome Finance contest

151.4 USDC • Code4rena • oyc_109

#42

Rubicon contest

239.54 USDC • 4 total findings • Code4rena • oyc_109

#33

high

First depositor can break minting of shares

medium

Strategists can take more rewards than they should using the function strategistBootyClaim().

medium

Admin rug vectors

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

OpenSea Seaport contest

2,341.16 USDC • Code4rena • oyc_109

#24

Sturdy contest

88.6 USDC • 1 total finding • Code4rena • oyc_109

#26

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Aura Finance contest

233.2 USDC • Code4rena • oyc_109

#40

Cally contest

3,101.14 USDC • 1 total finding • Code4rena • oyc_109

high

no-revert-on-transfer ERC20 tokens can be drained

Enso Finance contest

281.12 USDT • Code4rena • oyc_109

#36

Alchemix contest

271.81 DAI • Code4rena • oyc_109

#26

FactoryDAO contest

134.53 DAI • Code4rena • oyc_109

#33

Cudos contest

189.18 USDC • Code4rena • oyc_109

#29

Forgotten Runes Warrior Guild contest

45.77 USDC • Code4rena • oyc_109

#52

bunker.finance contest

444.64 USDC • 1 total finding • Code4rena • oyc_109

medium

Chainlink pricer is using a deprecated API

Apr '22

Mimo DeFi contest

59.06 USDC • Code4rena • oyc_109

#26

AbraNFT contest

140.53 MIM • Code4rena • oyc_109

#26

Backd contest

244.27 USDC • Code4rena • oyc_109

#33

xTRIBE contest

240.75 USDC • Code4rena • oyc_109

#17

Phuture Finance contest

94.37 USDC • Code4rena • oyc_109

#22

Badger Citadel contest

143.43 USDC • Code4rena • oyc_109

#48

Mar '22

prePO contest

79.47 USDC • Code4rena • oyc_109

#27

Biconomy Hyphen 2.0 contest

59.59 USDT • Code4rena • oyc_109

#51