Banner
https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/1ab88d10-4425-4c12-bffb-0a5b29fd9459.png

robertodf

Security Researcher

Contact: robertodf99@gmail.com https://www.linkedin.com/in/roberto-delgado-ferrezuelo-89b543215/

Contact Me

High

15

Total

Medium

17

Total

$6.96K

Total Earnings

#657 All Time

17x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

4x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '25

hmx-orderbook

hmx-orderbook

127.1 USDC • 1 total finding • Cantina • robertodf99

#8

medium

Finding not yet public.

Nov '24

TermMax

TermMax

2,105.47 USDC • 3 total findings • Cantina • robertodf99

#6

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

38.61 USDC • Sherlock • robertodf

#43

Debita Finance V3

Debita Finance V3

78.07 USDC • 2 total findings • Sherlock • robertodf

#33

medium

Overwrite in `interestToClaim` in `DebitaV3Loan::payDebt` causes partial loss of lenders' accrued interest

medium

Biased incentives mechanism unfairly benefits lonely lenders

Oct '24

Dria

Dria

27.24 USDC • 3 total findings • CodeHawks • robertodf99

#39

medium

Platform fees withdrawal will sweep oracle agents earned fees

medium

BuyerAgent Batch Purchase Failure Due to Asset Transfer or Approval Revocation

low

Inaccurate best response selection in `LLMOracleCoordinator::getBestResponse`.

Sep '24

Liquid Staking

Liquid Staking

19.41 USDC • 1 total finding • CodeHawks • robertodf99

#39

medium

Remove splitter will always revert if there are some rewards left on splitter contract

Flayer

Flayer

140.87 USDC • 2 total findings • Sherlock • robertodf

#51

high

Incorrect math in `TaxCalculator::calculateCompoundedFactor` will result in inaccurate fees

medium

Inability to Support Multiple Shutdowns for the Same Collection

Aug '24

Rumpel Point Tokenization Protocol

Rumpel Point Tokenization Protocol

32.98 USDC • Sherlock • robertodf

#20

Phi

Phi

17.56 USDC • 2 total findings • Code4rena • robertodf99

#40

high

`shareBalance` bloating eventually blocks curator rewards distribution

medium

Refunds sent to incorrect addresses in certain cases

Tadle

Tadle

3,856.24 USDC • 9 total findings • CodeHawks • robertodf99

gold

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

`DeliveryPlace::settleAskTaker` Has Incorrect Access Control

high

Formulaic Error Rounds Down Causing Total Loss Of Funds For Bid Takers During Abort

high

The `DeliveryPlace::settleAskTaker()` function mistakenly uses `makerInfo.tokenAddress` to update the `TokenBalanceType.PointToken` in the `userTokenBalanceMap` mapping, leading to a critical error.

high

Missing abort status check allows bid taker to steal users funds

high

Missing check for aborted origin offer allows bid takers to relist unbacked offers

medium

Unnecessary balance checks and precision issues in TokenManager::_transfer

low

Trade tax and settled collateral amount are not updated in offer struct

low

When the `DeliveryPlace::settleAskMaker()` function calls `tokenManager.addTokenBalance()` to update the user balance, the `TokenBalanceType` parameter uses an operation, resulting in a balance update error

Jul '24

TraitForge

TraitForge

0.04 USDC • 2 total findings • Code4rena • robertodf99

#86

medium

Forger Entities can forge more times than intended

medium

`Golden God` Tokens can be minted twice per generation

Munchables

Munchables

29.18 USDC • 2 total findings • Code4rena • robertodf99

#44

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

165.18 USDC • 3 total findings • Sherlock • robertodf

#20

high

Incorrect access control in `BribeRewarder::_modify` blocks users deposits

medium

`MlumStaking::addToPosition` should assing the amount multiplier based on the new lock duration instead of initial lock duration.

medium

Users can extend current position's lock duration during emergency unlock

Jun '24

Vultisig

Vultisig

6.78 USDC • 1 total finding • Code4rena • robertodf99

#31

high

Vultisig whitelisting can be bypassed by anyone

May '24

Tokensoft Distributor Contracts Update

Tokensoft Distributor Contracts Update

303.16 USDC • 1 total finding • Sherlock • robertodf

silver

medium

Empty input bytes array in function call `PerAddressContinuousVestingMerkle::claim` will result in a wrong claim execution

Munchables

Munchables

0.02 USDC • 2 total findings • Code4rena • robertodf99

#15

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Apr '24

NOYA

NOYA

8.21 USDC + NOYA stars • 1 total finding • Code4rena • robertodf99

#99

high

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used