radevweb3

Security Researcher

Contact Me

High

Total

Medium

Total

$6.84K

Total Earnings

#740 All Time

29x

Payouts

1x

1st Places

1x

3rd Places

10x

Top 10

All

Sherlock

Code4rena

Sep '25

Summer.fi - governance v2

76.81 USDC • 2 total findings • Sherlock • radevweb3

medium

Rewards are lost due to integer division rounding and discrete reward updates

medium

Removing token and adding it back on causes new stakers to receive more rewards than intended

Aug '25

Neutrl Protocol

941.02 USDC • 1 total finding • Sherlock • radevweb3

medium

FULL-restricted user can still stake by depositing to an unrestricted receiver (policy bypass in sNUSD)

Jun '25

DODO Cross-Chain DEX

493.25 USDC • 5 total findings • Sherlock • radevweb3

#11

high

Missing Validation for Native Token Amount in `withdrawToNativeChain`

high

Incorrect Access Control in `claimRefund`: Anyone Can Claim Refunds

high

Token Mismatch Vulnerability in `GatewayTransferNative` Functions

medium

ETH Refund Failure in `GatewaySend::onRevert()` Causes Permanent Loss

medium

USDT Incompatibility in GatewaySend: Assumes Standard ERC20 Behavior

Feb '25

THORWallet

346.49 USDC • 1 total finding • Code4rena • radev_sw

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Jul '24

Munchables

0.39 USDC • 1 total finding • Code4rena • radev_sw

#48

high

Single plot can be occupied by multiple renters

May '24

LoopFi

213.33 USDC • 1 total finding • Code4rena • Pechenite

high

Availability of deposit invariant can be bypassed

Apr '24

DYAD

0.02 USDC • 1 total finding • Code4rena • Pechenite

#114

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Mar '24

Ondo Finance

563.06 USDC • 2 total findings • Code4rena • radev_sw

medium

Users can lose access to funds due to minimum withdrawal limits.

medium

The `BURNER` cannot burn tokens from accounts not KYC verified due to the check in `_beforeTokenTransfer`.

DittoETH

191.73 USDC • Code4rena • Pechenite

#18

zkSync Era

619.88 USDC • Code4rena • Pechenite

#10

Taiko

60.3 USDC • Code4rena • Pechenite

#34

Feb '24

UniStaker Infrastructure

694.3 USDC • Code4rena • radev_sw

AI Arena

107.58 USDC • 2 total findings • Code4rena • radev_sw

#60

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Decent

12.28 USDC • Code4rena • Pechenite

#54

Salty.IO

20.79 USDC • Code4rena • Pechenite

#107

Dec '23

Revolution Protocol

67.06 USDC • 3 total findings • Code4rena • Pechenite

#50

medium

The quorumVotes can be bypassed

medium

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

medium

Bidder can use donations to get VerbsToken from auction that already ended.

Nov '23

Kelp DAO | rsETH

272.35 USDC • 2 total findings • Code4rena • Pechenite

#15

medium

Lack of slippage control on LRTDepositPool.depositAsset

medium

Update in strategy will cause wrong issuance of shares

Oct '23

Party Protocol

884.91 USDC • 2 total findings • Code4rena • Pechenite

medium

ETHCrowdfundBase.sol#processContribution - Impossible to finalize crowdfund because of minContribution check

medium

`PartyGovernanceNFT#rageQuit()` can lead to token loss for users when dealing with zero-balance ERC20 during a `rageQuit()`

Ethena Labs

126.34 USDC • Code4rena • radev_sw

#25

The Wildcat Protocol

163.8 USDC • 2 total findings • Code4rena • radev_sw

#39

high

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.