Security Researcher
High
Total
Medium
Total Earnings
#377 All Time
Payouts
Top 10
Top 25
Top 50
All
Sherlock
Code4rena
Jan '23
120.09 USDC • 1 total finding • Code4rena • oyc_109
#44
medium
SmartAccount.sol is intended to be upgradable but inherits from contracts that contain storage and no gaps
Nov '22
13.69 CANTO • 1 total finding • Code4rena • oyc_109
#12
high
Anyone can set the `baseRatePerYear` after the `updateFrequency` has passed
Sep '22
147.69 USDC • 1 total finding • Code4rena • oyc_109
#22
removeValidator() and removeMinter() may fail due to exceeding gas limit
146.62 CANTO • 1 total finding • Code4rena • oyc_109
#10
unbounded loop length dos
Aug '22
3.50 USDC • 1 total finding • Sherlock • oyc_109
#26
Chainlink oracle aggregator data is insufficiently validated
625.18 USDC • 1 total finding • Code4rena • oyc_109
#6
Unsafe usage of ERC20 transfer and transferFrom
83.43 USDC • 1 total finding • Code4rena • oyc_109
#29
NFT of NFT collection or NFT drop collection can be locked when calling _mint or mintCountTo function to mint it to a contract that does not support ERC721 protocol
Jul '22
2,358.52 USDC • 2 total findings • Code4rena • oyc_109
Error in allowance logic
should use >= instead of >
452.61 USDC • 4 total findings • Code4rena • oyc_109
#31
Malicious User Could Burn The Assets After A Successful Migration
A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES
Delegate call in `Vault#_execute` can alter Vault's ownership
Use of `payable.transfer()` may lock user funds
927.29 USDC • 3 total findings • Code4rena • oyc_109
#14
ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC
Use a safe transfer helper library for ERC20 transfers
processFees() may fail due to exceed gas limit
Jun '22
73.82 USDC • 1 total finding • Code4rena • oyc_109
#57
`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever
1,114.53 USDC • 2 total findings • Code4rena • oyc_109
missing zero address check can cause initialize to be called more than once
Multiple initialization in `NoteInterest`
199.16 USDC • 1 total finding • Code4rena • oyc_109
#32
Burn access control can be bypassed
178.19 USDC • 1 total finding • Code4rena • oyc_109
#38
Able to mint any amount of PT
157.72 USDC • 1 total finding • Code4rena • oyc_109
#17
`_harvest` has no slippage protection when swapping `auraBAL` for `AURA`
188.99 USDC • 2 total findings • Code4rena • oyc_109
#34
Overpayment of native ETH is not refunded to buyer
Accumulated ETH fees of InfinityExchange cannot be retrieved
640.15 USDC • 1 total finding • Code4rena • oyc_109
May '22
2,234.6 USDT • 1 total finding • Code4rena • oyc_109
malicious operator can rug pull
239.54 USDC • 4 total findings • Code4rena • oyc_109
#33
First depositor can break minting of shares
Strategists can take more rewards than they should using the function strategistBootyClaim().
Admin rug vectors
Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`
88.6 USDC • 1 total finding • Code4rena • oyc_109
The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault
3,101.14 USDC • 1 total finding • Code4rena • oyc_109
#8
no-revert-on-transfer ERC20 tokens can be drained
444.64 USDC • 1 total finding • Code4rena • oyc_109
#7
Chainlink pricer is using a deprecated API
