https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/f26542ac-c634-44ed-9623-801519fe7a86.png

rotcivegaf

Security Researcher

Solidity auditor in: @code4rena, @sherlockdefi, @immunefi

Contact Me

High

23

Total

Medium

1

Solo

27

Total

$36.35K

Total Earnings

#239 All Time

56x

Payouts

gold

2x

1st Places

silver

4x

2nd Places

bronze

1x

3rd Places

All

Sherlock

Code4rena

Cantina

Hats Finance

Jan '25

daao-contracts

daao-contracts

54.94 USDC • 4 total findings • Cantina • rotcivegaf

#66

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Dec '24

aligned-layer

aligned-layer

574.9 USDC • 1 total finding • Cantina • rotcivegaf

#12

medium

Finding not yet public.

Oct '24

Thorn protocol

Thorn protocol

512.9 wROSE • 1 total finding • Hats • rotcivegaf

#4

low

The `amountIn` parameter of the `StableExchange` event is not always correct

Jul '24

illuminex

illuminex

3,000 wROSE • Hats • rotcivegaf

gold

Jun '24

Palmera

Palmera

394.7 USDC • 5 total findings • Hats • rotcivegaf

#8

medium

`PALMERA_TX_TYPEHASH` incorrectly calculated

gas

Gas report

gas

Gas Report

gas

Code Refactor - Gas Report

gas

GAS REPORT

Inverter Network

Inverter Network

385.9 UMA • Hats • rotcivegaf

#14

May '24

Liquity

Liquity

4,000 LUSD • Hats • rotcivegaf

gold
safe-extensions

safe-extensions

87.5 USDC • 1 total finding • Cantina • rotcivegaf

#32

medium

Finding not yet public.

Mar '24

Smart-contracts

Smart-contracts

298.91 USDC • 5 total findings • Cantina • rotcivegaf

#26

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Oct '23

NextGen

NextGen

176.99 USDC • 4 total findings • Code4rena • rotcivegaf

#47

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Auction winner can prevent payments via `safeTransferFrom` callback

medium

Artist signatures can be forged to impersonate the artist behind a collection

medium

Auction payout goes to AuctionDemo contract owner, not the token owner

Ethena Labs

Ethena Labs

4.52 USDC • Code4rena • rotcivegaf

#40

SafeStaking (by HOPR)

SafeStaking (by HOPR)

795.5 DAI • Hats • rotcivegaf

silver
SafeStaking by HOPR

SafeStaking by HOPR

1,800 HOPR • Hats • rotcivegaf

silver

Sep '23

Convergence Finance

Convergence Finance

749.1 DAI • Hats • rotcivegaf

#4

Aug '23

StakeWise

StakeWise

1,200 USDC • Hats • rotcivegaf

silver

Jun '23

VMEX

VMEX

990.2 USDC • Hats • rotcivegaf

bronze

May '23

Raft

Raft

163.5 USDC • Hats • rotcivegaf

#5

Apr '23

Gravita

Gravita

1,500 USDC • Hats • rotcivegaf

#6

Mar '23

Asymmetry contest

Asymmetry contest

164.95 USDC • 2 total findings • Code4rena • rotcivegaf

#39

medium

Residual ETH unreachable and unuitilized in SafEth.sol

medium

Stuck ether when use function `stake` with empty `derivatives`(`derivativeCount` = 0)

Lodestar Finance

Lodestar Finance

2,600 USDC • Hats • rotcivegaf

silver

Jan '23

Canto Identity Protocol contest

Canto Identity Protocol contest

44.97 CANTO • Code4rena • rotcivegaf

#13

Reserve contest

Reserve contest

121.59 USDC • Code4rena • rotcivegaf

#26

Dec '22

Papr contest

Papr contest

1,330.41 USDC • 1 total finding • Code4rena • rotcivegaf

#11

high

Collateral NFT deposited to a wrong address, when transferred directly to `PaprController`

Tigris Trade contest

Tigris Trade contest

334.59 USDC • 2 total findings • Code4rena • rotcivegaf

#32

high

reentrancy attack during mint() function in Position contract which can lead to removing of the other user's limit orders or stealing contract funds because initId is set low value

high

Incorrect Assumption of Stablecoin Market Stability

Nov '22

Canto contest

Canto contest

596.84 CANTO • Code4rena • rotcivegaf

#7

Opyn Crab Netting

Opyn Crab Netting

385.06 USDC • 2 total findings • Sherlock • rotcivegaf

#13

high

Front-running to nonce orders signatures

high

Possible DoS in deposit USDC queue

Isomorph

Isomorph

202.56 USDC • 1 total finding • Sherlock • rotcivegaf

#18

high

Anyone can steal `AMMToken` from **Depositer** contract

Redacted Cartel contest

Redacted Cartel contest

53.49 USDC • Code4rena • rotcivegaf

#46

Telcoin

Telcoin

30.30 USDC • 1 total finding • Sherlock • rotcivegaf

#6

medium

Use `safeTransfer`/`safeTransferFrom` instead of `transfer`/`transferFrom` for ERC20 transfer

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

847.5 USDC • 3 total findings • Code4rena • rotcivegaf

#22

high

GiantLP with a transferHookProcessor cant be burned, users' funds will be stuck in the Giant Pool

high

Incorrect accounting in SyndicateRewardsProcessor results in any LP token holder being able to steal other LP tokens holder's ETH from the fees and MEV vault.

high

Possibly reentrancy attacks in `_distributeETHRewardsToUserForToken` function

Blur Exchange contest

Blur Exchange contest

457.83 USDC • 4 total findings • Code4rena • rotcivegaf

#19

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

high

Direct theft of buyers ETH funds.

medium

Protocol can be easily rug-pulled by the owner

medium

Yul `call` return value not checked

Debt DAO contest

Debt DAO contest

110.58 USDC • Code4rena • rotcivegaf

#43

Chainlink Staking contest

Chainlink Staking contest

192.86 USDC • Code4rena • rotcivegaf

#16

Oct '22

Inverse Finance contest

Inverse Finance contest

36.73 USDC • Code4rena • rotcivegaf

#43

Holograph contest

Holograph contest

575.39 USDC • Code4rena • rotcivegaf

#18

3xcalibur contest

3xcalibur contest

1,429.58 USDC • Code4rena • rotcivegaf

#7

The Graph L2 bridge contest

The Graph L2 bridge contest

71.07 USDC • Code4rena • rotcivegaf

#14

Blur Exchange contest

Blur Exchange contest

2,969.45 USDC • 4 total findings • Code4rena • rotcivegaf

#4

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

high

Direct theft of buyers ETH funds.

medium

Protocol can be easily rug-pulled by the owner

medium

Yul `call` return value not checked

Sep '22

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

76.09 USDC • Code4rena • rotcivegaf

#44

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

725.29 USDC • 2 total findings • Code4rena • rotcivegaf

#9

medium

frxETHMinter.depositEther may run out of gas, leading to lost ETH

medium

sfrxETH: The volatile result of previewMint() may prevent mintWithSignature from working

VTVL contest

VTVL contest

75.75 USDC • 1 total finding • Code4rena • rotcivegaf

#39

medium

not able to create claim

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • rotcivegaf

#21

Y2k Finance contest

Y2k Finance contest

102.03 USDC • 1 total finding • Code4rena • rotcivegaf

#42

high

Griefing attack on the Vaults is possible, withdrawing the winning side stakes

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

38.41 USDC • Code4rena • rotcivegaf

#9

Nouns Builder contest

Nouns Builder contest

235.61 USDC • 1 total finding • Code4rena • rotcivegaf

#53

high

Use can get unlimited votes

Aug '22

Nouns DAO contest

Nouns DAO contest

16.66 USDC • Code4rena • rotcivegaf

#44

Rigor Protocol contest

Rigor Protocol contest

246.32 USDC • 1 total finding • Code4rena • rotcivegaf

#31

medium

Anyone can create disputes if `contractor` is not set

Jul '22

Golom contest

Golom contest

569.74 USDC • Code4rena • rotcivegaf

#19

May '22

Velodrome Finance contest

Velodrome Finance contest

3,943.87 USDC • 3 total findings • Code4rena • rotcivegaf

#8

high

VotingEscrow's merge and withdraw aren't available for approved users

medium

Wrong `DOMAIN_TYPEHASH` definition

medium

Voting tokens may be lost when given to non-EOA accounts

Rubicon contest

Rubicon contest

213.47 USDC • 3 total findings • Code4rena • rotcivegaf

#38

medium

No cap on fees can result in a DOS in BathToken.withdraw()

medium

Admin rug vectors

medium

Wrong DOMAIN_SEPARATOR

Sturdy contest

Sturdy contest

381.35 USDC • 2 total findings • Code4rena • rotcivegaf

#15

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

medium

Possible lost msg.value

Cally contest

Cally contest

89.4 USDC • Code4rena • rotcivegaf

#42

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

90.73 USDC • Code4rena • rotcivegaf

#39

Apr '22

PoolTogether Aave v3 contest

PoolTogether Aave v3 contest

34.63 USDC • Code4rena • rotcivegaf

#27

Mimo DeFi contest

Mimo DeFi contest

148.1 USDC • Code4rena • rotcivegaf

#21

xTRIBE contest

xTRIBE contest

65.86 USDC • Code4rena • rotcivegaf

#42