https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/07669687-a59f-4443-b0c3-e8a2521c0273.jpg

pseudoArtist

Security Researcher

Independent Security Researcher | Ex-ISRO | Ex- Income Tax Department | Served at the Ministry of Defence 1f0f349fd6

Contact Me

High

11

Total

Medium

24

Total

$9.85K

Total Earnings

#550 All Time

23x

Payouts

bronze

2x

3rd Places

regular

6x

Top 10

regular

14x

Top 25

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '25

Beraborrow

Beraborrow

1,216.04 USDC • Sherlock • pseudoArtist

#8

Findings not publicly available for private contests.

Dec '24

Idle Finance Credit Vaults

Idle Finance Credit Vaults

600.44 USDC • Sherlock • pseudoArtist

#7

Findings not publicly available for private contests.

Oct '24

Covalent - EWM Light Client

Covalent - EWM Light Client

453.76 USDC • Sherlock • pseudoArtist

bronze

Findings not publicly available for private contests.

Avantis v1.5: Cross-Asset Leverage

Avantis v1.5: Cross-Asset Leverage

643.38 OP • Sherlock • pseudoArtist

#13

Findings not publicly available for private contests.

Aug '24

zetachain-protocol

zetachain-protocol

2,135.59 USDC • 4 total findings • Cantina • WinSec

#17

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sentiment V2

Sentiment V2

639.72 USDC • 4 total findings • Sherlock • pseudoArtist

#17

medium

Functions in superPool do not check if the pool is paused

medium

`redeem` and `withdraw` do not include slippage protection

medium

`SuperPool` is ERC-4626 compliant, but the `maxWithdraw` & `maxRedeem` functions are not fully up to EIP-4626's specification

medium

No incentive to liquidate small position can lead to bad debts

Jul '24

Velocimeter

Velocimeter

82.07 USDC • 3 total findings • Sherlock • pseudoArtist

#44

high

Claimable gauge distributions are locked when `pauseGauge `is called

high

A user can be made to pay more/less payment tokens than intended when `exerciseLp` is called

medium

First liquidity provider of a stable pair can DOS the pool.

Jun '24

Notional Leveraged Vaults: Pendle PT and Vault Incentives

Notional Leveraged Vaults: Pendle PT and Vault Incentives

87.93 USDC • 1 total finding • Sherlock • pseudoArtist

#13

high

Users can get less amount of tokens while instant redeeming due to lack of slippage checks

May '24

Predy

Predy

479.32 USDC • 5 total findings • Code4rena • WinSec

#17

medium

incorrect price for negative ticks due to lack of rounding down

medium

`updateIRMParams` does not call `applyInterestForToken` before updating `irmParams` which leads to incorrect calculation of interest rate for subsequent trades.

medium

Liquidity manipulation is possible when trading

medium

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Apr '24

NOYA

NOYA

695.95 USDC + NOYA stars • 13 total findings • Code4rena • WinSec

#21

high

`PendleConnector` incorrectly sends the redeemed `PT` tokens to the market instead of the

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

high

Numerous errors when calculating the TVL for the MorphoBlue connector

high

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

medium

LP tokens from Boosted Positions are not included in the TVL calculation of a position held by the MaverickConnector

medium

Withdrawals in AccountManager are prone to DOS attacks.

medium

The total deposit amount limit in `AccountingManager.sol` can be bypassed

medium

Missing calls to `_updateTokenInRegistry` leads to incorrect state of tokens in registry

medium

Incorrect modifier condition

medium

`AccountingManager` contract's `previewDeposit`, `previewMint`, `previewWithdraw`, and `previewRedeem` functions are not compliant with EIP-4626 standard

medium

Extra rewards are not updated in curve connector when harvestConvexRewards is called

medium

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

medium

Using the same heartbeat for multiple price feeds

Zivoe

Zivoe

431.70 USDC • 1 total finding • Sherlock • pseudoArtist

#28

medium

Wrong calculation of ema in `ZivoeMaths.sol` will lead to wrong updates of the Weighted Moving average of Tranche Size.

Mar '24

Ondo Finance

Ondo Finance

8.28 USDC • Code4rena • 0xweb3boy

#17

RadicalxChange

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • pseudoArtist

bronze

high

Highest bidder can cancel his bid and close the auction to win the auction.

Axis Finance

Axis Finance

1,498.63 USDC • 1 total finding • Sherlock • pseudoArtist

#10

high

`EMPAM.sol::_settle()` `settlement_.totalIn` will silently overflow

Feb '24

AI Arena

AI Arena

166.17 USDC • Code4rena • 0xweb3boy

#34

Oct '23

Ethena Labs

Ethena Labs

88.73 USDC • Code4rena • 0xweb3boy

#32

Open Dollar

Open Dollar

41.97 USDC • Code4rena • 0xweb3boy

#46

Brahma

Brahma

113.54 USDC • Code4rena • 0xweb3boy

#11

Canto Liquidity Mining Protocol

Canto Liquidity Mining Protocol

386.19 USDC • Code4rena • 0xweb3boy

#8

Sep '23

Venus Prime

Venus Prime

53.88 USDC • 1 total finding • Code4rena • 0xweb3boy

#32

medium

DoS and gas griefing of calls to Prime.updateScores()

Aug '23

Sparkn

Sparkn

1.32 USDC • 1 total finding • CodeHawks • 0xWeb3boy

#84

low

Lack of checking the existence of the Proxy contract

veRWA

veRWA

4.23 USDC • Code4rena • 0xweb3boy

#53

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

21.95 USDC • 2 total findings • CodeHawks • 0xWeb3boy

#113

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

gas

Use better name in sellProfits function