https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_8.png

pfapostol

Security Researcher

Contact Me

High

10

Total

Medium

8

Total

$13.57K

Total Earnings

#453 All Time

41x

Payouts

regular

3x

Top 10

regular

22x

Top 25

regular

32x

Top 50

All

Sherlock

Code4rena

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • pfapostol

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

Dec '24

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • pfapostol

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Aug '24

The Wildcat Protocol

The Wildcat Protocol

2,582.07 USDC • 1 total finding • Code4rena • pfapostol

#4

medium

Role providers cannot be EOAs as stated in the documentation.

Phi

Phi

9.65 USDC • 3 total findings • Code4rena • pfapostol

#45

high

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

high

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

medium

Refunds sent to incorrect addresses in certain cases

Jul '24

TraitForge

TraitForge

934.19 USDC • 5 total findings • Code4rena • pfapostol

#5

high

The maximum number of generations is infinite

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

`Golden God` Tokens can be minted twice per generation

medium

Lack of ability to make an some external function calls makes the DAO stage unreachable.

May '24

Munchables

Munchables

0.02 USDC • 2 total findings • Code4rena • pfapostol

#15

high

Invalid validation allows users to unlock early

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Apr '24

Panoptic

Panoptic

32.96 USDC • Code4rena • pfapostol

#18

Mar '24

Ondo Finance

Ondo Finance

8.28 USDC • Code4rena • pfapostol

#17

DittoETH

DittoETH

17.99 USDC • Code4rena • pfapostol

#26

Abracadabra Mimswap

Abracadabra Mimswap

40.2 USDC • Code4rena • pfapostol

#22

Taiko

Taiko

221.41 USDC • Code4rena • pfapostol

#27

Oct '23

ENS

ENS

85.67 USDC • Code4rena • pfapostol

#12

zkSync Era

zkSync Era

3,839.27 USDC • Code4rena • pfapostol

#17

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

347.31 USDC • 1 total finding • Code4rena • pfapostol

#21

high

All tokens can be stolen from `VirtualAccount` due to missing access modifier

Delegate

Delegate

927.61 USDC • Code4rena • pfapostol

#4

Aug '23

Shell Protocol

Shell Protocol

53.83 USDC • Code4rena • pfapostol

#14

Jul '23

Basin

Basin

25.41 USDC • Code4rena • pfapostol

#25

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

195.31 USDC • Code4rena • pfapostol

#53

Juicebox Buyback Delegate

Juicebox Buyback Delegate

27.98 USDC • Code4rena • pfapostol

#17

Apr '23

Frankencoin

Frankencoin

21.03 USDC • Code4rena • pfapostol

#68

Mar '23

Asymmetry contest

Asymmetry contest

11.13 USDC • 1 total finding • Code4rena • pfapostol

#113

medium

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Y2K

Y2K

2.35 USDC • 1 total finding • Sherlock • pfapostol

#59

high

Incorrect rollover index accounting

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

2.59 USDC • 1 total finding • Code4rena • pfapostol

#84

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Astaria contest

Astaria contest

414.48 USDC • Code4rena • pfapostol

#31

Dec '22

Escher contest

Escher contest

423.75 USDC • Code4rena • pfapostol

#15

Oct '22

Inverse Finance contest

Inverse Finance contest

380.1 USDC • Code4rena • pfapostol

#24

Trader Joe v2 contest

Trader Joe v2 contest

613.77 USDC • Code4rena • pfapostol

#16

Blur Exchange contest

Blur Exchange contest

32.65 USDC • Code4rena • pfapostol

#23

Sep '22

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

125.4 USDC • Code4rena • pfapostol

#26

VTVL contest

VTVL contest

44.82 USDC • Code4rena • pfapostol

#51

Art Gobblers contest

Art Gobblers contest

123.86 USDC • Code4rena • pfapostol

#19

Y2k Finance contest

Y2k Finance contest

68.68 USDC • Code4rena • pfapostol

#48

PartyDAO contest

PartyDAO contest

262.74 USDC • Code4rena • pfapostol

#20

Nouns Builder contest

Nouns Builder contest

854.37 USDC • 1 total finding • Code4rena • pfapostol

#25

high

`ERC721Votes`: Token owners can double voting power through self delegation

Aug '22

Olympus DAO contest

Olympus DAO contest

373.26 USDC • Code4rena • pfapostol

#42

Nouns DAO contest

Nouns DAO contest

54.67 USDC • Code4rena • pfapostol

#29

FIAT DAO veFDT contest

FIAT DAO veFDT contest

56.78 USDC • Code4rena • pfapostol

#40

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

247.69 USDC • Code4rena • pfapostol

#21

Foundation Drop contest

Foundation Drop contest

20.6 USDC • Code4rena • pfapostol

#67

Rigor Protocol contest

Rigor Protocol contest

62.91 USDC • Code4rena • pfapostol

#55

Jul '22

Golom contest

Golom contest

21.32 USDC • Code4rena • pfapostol

#89