https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/8c1192f6-a05c-4ccb-92f2-dd4347b66442.jpg

pashov

Security Researcher

Over 40 solo smart contract security reviews done, over 60 Critical & High severity issues found. Trusted by multiple 8 & 9 figure TVL protocols

Contact Me

High

12

Total

Medium

59

Total

$20.14K

Total Earnings

#358 All Time

45x

Payouts

gold

1x

1st Places

bronze

2x

3rd Places

regular

14x

Top 10

All

Sherlock

Code4rena

Dec '22

Rain

Rain

453.45 USDC • Sherlock • pashov

#6

Findings not publicly available for private contests.

Escher contest

Escher contest

29.42 USDC • 2 total findings • Code4rena • pashov

#62

medium

selfdestruct() will not be available after EIP-4758

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

NounsDAO

NounsDAO

464.15 USDC • 2 total findings • Sherlock • pashov

#4

medium

Missing input validation can result in `Stream` `recipient` instantly receiving all tokens

medium

`Payer` can rug `recipient` if a special ERC20 is used

Nov '22

ParaSpace contest

ParaSpace contest

764.31 USDC • 3 total findings • Code4rena • pashov

#30

high

Anyone can prevent themselves from being liquidated as long as they hold one of the supported NFTs

medium

Centralization risk: admin can with rug the project by removing asset and price manipulation on oracle.

medium

Pausing assets only affects future price updates, not previous malicious updates.

Redacted Cartel contest

Redacted Cartel contest

190.31 USDC • 4 total findings • Code4rena • pashov

#30

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

medium

Reward tokens mismanagement can cause users losing rewards

Telcoin

Telcoin

30.30 USDC • 1 total finding • Sherlock • pashov

#6

medium

`FeeBuyback` does not utilize OpenZeppelin's SafeERC20 library, even though the rest of the codebase does

Buffer Finance

Buffer Finance

71.36 USDC • 2 total findings • Sherlock • pashov

#9

medium

Protocol won't work with `USDT`, `BNB` and other tokens that do not return a bool on `transfer`

medium

The protocol won't work correctly with fee-on-transfer tokens or tokens with rebasing mechanism

Bull v Bear

Bull v Bear

32.53 USDC • 1 total finding • Sherlock • pashov

#16

medium

The protocol does not support fee-on-transfer or rebasing ERC20 tokens

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

570.4 USDC • 2 total findings • Code4rena • pashov

#24

medium

Node runners can lose all their stake rewards due to how the DAO commissions can be set to a 100%

medium

Calling `updateNodeRunnerWhitelistStatus` function always reverts

DODO

DODO

62.49 USDC • 1 total finding • Sherlock • pashov

#6

medium

Use `call()` with value instead of `transfer()` on `address payable`

LooksRare Aggregator contest

LooksRare Aggregator contest

36.34 USDC • Code4rena • pashov

#24

SIZE contest

SIZE contest

8.54 USDC • 1 total finding • Code4rena • pashov

#41

medium

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Debt DAO contest

Debt DAO contest

115.5 USDC • 2 total findings • Code4rena • pashov

#41

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

Sense

Sense

687.41 USDC • 2 total findings • Sherlock • pashov

#5

medium

Code does not handle ERC20 tokens with special `transfer` implementation

medium

Anyone can steal leftover/mistakenly sent tokens in `RollerPeriphery`

Float Capital

Float Capital

1,771.65 USDC • 1 total finding • Sherlock • pashov

bronze

medium

Protocol won't work with `USDC` even though it is a token specifically mentioned in the docs

Chainlink Staking contest

Chainlink Staking contest

2,016.66 USDC • Code4rena • pashov

#11

Sentiment Update

Sentiment Update

535.71 USDC • 1 total finding • Sherlock • pashov

bronze

medium

`WSTETHOracle` needs to check for sequencer availability

Oct '22

zkSync v2 contest

zkSync v2 contest

250.77 USDC • Code4rena • pashov

#8

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

1,308.38 USDC • 2 total findings • Code4rena • pashov

#6

medium

WardenPledge accidentally inherits Ownable instead of Owner which removes an important safeguard without sponsor knowledge

medium

Owner can transfer all ERC20 reward token out using function recoverERC20

Inverse Finance contest

Inverse Finance contest

58.23 USDC • 3 total findings • Code4rena • pashov

#39

medium

Protocol withdrawals of collateral can be unexpectedly locked if governance sets the `collateralFactorBps` to 0.

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Illuminate

Illuminate

670.65 USDC • 4 total findings • Sherlock • pashov

#13

high

Griefing attack vector in `Lender.sol` `mint()` can result in big value loss for users

medium

Some tokens (USDT) expect to always have zero allowances before approving a non-uint256.max amount

medium

Missing token approvals can result in DoS in `Marketplace.sol`

medium

ERC5095::mint checks slippage with underlying amount when it should check with principal (shares) amount

Astaria

Astaria

87.42 USDC • 2 total findings • Sherlock • pashov

#21

medium

ERC4626 does not work with fee-on-transfer tokens

medium

First ERC4626 deposit can break share calculation

NFTPort

NFTPort

76.98 USDC • 1 total finding • Sherlock • pashov

#10

medium

EIP-2981 royalties can be > `salePrice`

Holograph contest

Holograph contest

0.02 USDC • 1 total finding • Code4rena • pashov

#43

medium

`_payoutToken[s]()` is not compatible with tokens with missing return value

3xcalibur contest

3xcalibur contest

5.94 USDC • Code4rena • pashov

#36

Trader Joe v2 contest

Trader Joe v2 contest

280.79 USDC • Code4rena • pashov

#18

Sep '22

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

135.62 USDC • 3 total findings • Code4rena • pashov

#25

medium

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

medium

removeValidator() and removeMinter() may fail due to exceeding gas limit

medium

frxETHMinter: Non-conforming ERC20 tokens not recoverable

VTVL contest

VTVL contest

3,561.2 USDC • 3 total findings • Code4rena • pashov

gold

medium

Tokens with lower number of decimals can result in postponed linear vesting for user

medium

Vesting Schedule Start and End Time can be Set in The Past

medium

Supply cap of VariableSupplyERC20Token is not properly enforced

Harpie

Harpie

198.49 USDC • 3 total findings • Sherlock • pashov

#10

medium

Using `ERC721::transferFrom` instead of `ERC721::safeTransferFrom` can result in NFTs stuck forever

medium

Using external library code with High severity vulnerability

medium

`call()` should be used instead of `transfer()` on an address payable

Y2k Finance contest

Y2k Finance contest

470.89 USDC • 3 total findings • Code4rena • pashov

#23

medium

StakingRewards: recoverERC20() can be used as a backdoor by the owner to retrieve rewardsToken

medium

StakingRewards.sol#notifyRewardAmount() Improper reward balance checks can make some users unable to withdraw their rewards

medium

Different Oracle issues can return outdated prices

PartyDAO contest

PartyDAO contest

35.35 USDC • Code4rena • pashov

#67

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

38.41 USDC • Code4rena • pashov

#9

Canto Dex Oracle contest

Canto Dex Oracle contest

39.22 CANTO • Code4rena • pashov

#12

Nouns Builder contest

Nouns Builder contest

531.99 USDC • 2 total findings • Code4rena • pashov

#36

medium

Delegation should not be allowed to address(0)

medium

Quorum votes have no effect for determining whether proposal is defeated or succeeded when token supply is low

Aug '22

Sentiment

Sentiment

1,203.82 USDC • 3 total findings • Sherlock • pashov

#12

high

Some functionalities in `LEther.sol` & `LToken.sol` are not calling `beforeDeposit` and `beforeWithdraw` hooks

high

Price decimals assumptions in `ChainlinkOracle.sol` & `ArbiChainlinkOracle.sol` can lead to incorrect calculation of price

medium

Incomplete price validation for Chainlink’s `latestRoundData` in `ChainlinkOracle.sol` & `ArbiChainlinkOracle.sol` can lead to overleveraged borrowing

Olympus DAO contest

Olympus DAO contest

493.23 USDC • 2 total findings • Code4rena • pashov

#36

high

TRSRY: front-runnable `setApprovalFor`

medium

[NAZ-M1] Chainlink's `latestRoundData` Might Return Stale Results

Nouns DAO contest

Nouns DAO contest

35.44 USDC • Code4rena • pashov

#41

Jul '22

Yield Witch v2 contest

Yield Witch v2 contest

55.91 USDC • Code4rena • pashov

#30

Swivel v3 contest

Swivel v3 contest

44.25 USDC • Code4rena • pashov

#57

ENS contest

ENS contest

84.32 USDC • 1 total finding • Code4rena • pashov

#61

medium

transfer() depends on gas consts

Fractional v2 contest

Fractional v2 contest

327.79 USDC • 3 total findings • Code4rena • pashov

#40

medium

A VAULT OWNER CAN BE ALSO THE CONTROLLER AND ARBITRARILY SET THE SECONDARY MARKET ROYALTIES

medium

A VAULT OWNER CAN FRONTRUN A PLUGIN CALL AND CHANGE ITS IMPLEMENTATION

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

Juicebox V2 contest

885.64 USDC • 2 total findings • Code4rena • pashov

#16

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

medium

processFees() may fail due to exceed gas limit

Jun '22

Nibbl contest

Nibbl contest

46.04 USDC • Code4rena • pashov

#37

Yieldy contest

Yieldy contest

448.23 USDC • 2 total findings • Code4rena • pashov

#22

high

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

medium

Burn access control can be bypassed

Illuminate contest

Illuminate contest

926.63 USDC • 6 total findings • Code4rena • pashov

#15

high

Redeemer.redeem() for Element withdraws PT to wrong address.

high

Funds may be stuck when `redeeming` for Illuminate

high

Illuminate PT redeeming allows for burning from other accounts

medium

Lend method signature for illuminate does not track the accumulated fee

medium

sellPrincipalToken, buyPrincipalToken, sellUnderlying, buyUnderlying uses pool funds but pays msg.sender

medium

Centralisation Risk: Admin Can Change Important Variables To Steal Funds