https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/1e2263f6-2837-4cf9-b08b-b89d86fb4f10.png

rscodes

Security Researcher

Cracking codes

Contact Me

High

24

Total

Medium

31

Total

$57.45K

Total Earnings

#166 All Time

13x

Payouts

gold

3x

1st Places

silver

1x

2nd Places

regular

7x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '25

liquity-bold

liquity-bold

4,975.36 USDC • 1 total finding • Cantina • rscodes

#5

medium

Finding not yet public.

Jan '25

dahlia-protocol

dahlia-protocol

10,060.49 USDC • 6 total findings • Cantina • rscodes

gold

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Peapods

Peapods

240.97 USDC • 1 total finding • Sherlock • rscodes

#20

medium

Tokens waiting in `_rewardsSwapAmountInOverride` to be re-tried is not re-tried before `setShares` in `TokenRewards.sol`

infrared-contracts

infrared-contracts

5,026.04 USDC • 3 total findings • Cantina • rscodes

#14

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '24

juicebox-monorepo

juicebox-monorepo

19,609.23 OP • 10 total findings • Cantina • rscodes

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

2.47 USDC • 1 total finding • Sherlock • rscodes

#32

medium

Lack of slippage protection in `sellVotes` causes loss of user funds

hyperlend

hyperlend

43.12 USDC • 1 total finding • Cantina • rscodes

#16

high

Finding not yet public.

Oct '24

Era

Era

5,089.75 USDC • CodeHawks • rscodes

#15

stakeup-bloomv2

stakeup-bloomv2

5,016.09 USDC • 13 total findings • Cantina • rscodes

silver

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

Royco Protocol

Royco Protocol

4,009.94 USDC • 6 total findings • Cantina • rscodes

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Aug '24

Phi

Phi

313.53 USDC • 7 total findings • Code4rena • rscodes

#8

high

Reentrancy Vulnerability Allows Bypass of Cooldown, Leading to Unfair Reward Extraction Through Flash Loan

high

Exposed `_removeCredIdPerAddress` & `_addCredIdPerAddress` allows anyone to cause issues to current holders as well as upcoming ones

high

`shareBalance` bloating eventually blocks curator rewards distribution

high

Signature replay in `createArt` allows to impersonate artist and steal royalties

medium

`PhiFactory:claim` Potentially Causing Loss of Funds If `mintFee` Changed Beforehand

medium

Attacker can DOS user from selling shares of a credId

medium

Lack of data validation when users are claiming their art allows malicious user to bypass signature/merkle hash to provide unapproved `ref_`, `artId_` and `imageURI`

Jul '24

LoopFi

LoopFi

3,060.23 USDC • 5 total findings • Code4rena • rscodes

#7

high

`vestTokens` bug in MultiFeeDistribution.sol causes new incentives to erase previous incentives

medium

bug in `claim` allows users who are disqualified to claim their previously earned emissions

medium

Rewards may be spread out among the **wrong time period** due to the way the protocol calculates it

medium

`lastRPS` could be set to `0` accidentally

medium

Users of a vault can steal other user's rewards when one vault's `lastRewardTime` differs from another vault's `lastRewardTime`

Jun '24

Size

Size

3.43 USDC • 1 total finding • Code4rena • rscodes

#61

medium

Multicall does not work as intended