https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_5.png

rvierdiiev

Security Researcher

Contact Me

High

142

Total

Medium

17

Solo

299

Total

$336.75K

Total Earnings

#25 All Time

135x

Payouts

gold

4x

1st Places

silver

10x

2nd Places

bronze

9x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Mar '24

zkSync Era

zkSync Era

6,276.97 USDC • 2 total findings • Code4rena • rvierdiiev

bronze

medium

L2SharedBridge l1LegacyBridge is not set

medium

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Jan '24

Arcadia

Arcadia

36.24 USDC • 1 total finding • Sherlock • rvierdiiev

#8

medium

assetState_.lastRewardGlobal is not cleared during deposit

JOJO Exchange Update

JOJO Exchange Update

307.00 USDC • 2 total findings • Sherlock • rvierdiiev

#6

medium

Share price manipulation by first depositor in FundingRateArbitrage

medium

Rate calculation inconsistency inside JUSDBankStorage

Curves

Curves

1,225.72 USDC • 4 total findings • Code4rena • rvierdiiev

#11

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Theft of holder fees when `holderFeePercent` was positive and is set to zero

reNFT

reNFT

22.53 USDC • Code4rena • rvierdiiev

#55

Truflation

Truflation

255.72 USDC • 1 total finding • Sherlock • rvierdiiev

#6

medium

TrufVesting.cancelVesting calculates end of vesting incorrectly

Ubiquity

Ubiquity

2,964.50 USDC • 2 total findings • Sherlock • rvierdiiev

bronze

medium

LibTWAPOracle can be manipulated

medium

LibTWAPOracle may use outdated price

Dec '23

The Standard

The Standard

1,733.06 USDC • 4 total findings • CodeHawks • rvierdiiev

#5

high

swap fees going to the liquidation pool manager contract will be accounted for as part of the liquidation amount

medium

Fees are hardcoded to 3000 in ExactInputSingleParams

medium

Wrong Implementation of `LiquidationPool::empty` excludes holder with pending stakes when decreasing a position, resulting in exclusion from asset distribution

medium

Incorrect calculation of amount of EURO to burn during liquidation

stake.link

stake.link

904.44 USDC • 3 total findings • CodeHawks • rvierdiiev

#6

high

A user can steal an already transfered and bridged reSDL lock because of approval

medium

Attacker can exploit lock update logic on secondary chains to increase the amount of rewards sent to a specific secondary chain

low

Updates from the `secondary pool` to the `primary pool` may not be sent because there are `no rewards` for the secondary pool

Olas

Olas

21.9 USDC • Code4rena • rvierdiiev

#20

DODO GSP

DODO GSP

172.15 USDC • 1 total finding • Sherlock • rvierdiiev

#5

medium

Vault token price manipulation by first liquidity minter

Revolution Protocol

Revolution Protocol

815.17 USDC • 7 total findings • Code4rena • rvierdiiev

#11

high

`ArtPiece.totalVotesSupply` and `ArtPiece.quorumVotes` are incorrectly calculated due to inclusion of the inaccessible voting powers of the NFT that is being auctioned at the moment when an art piece is created

medium

Once EntropyRateBps is set too high, can lead to denial-of-service (DoS) due to an invalid ETH amount

medium

`ERC20TokenEmitter::buyToken` function mints more tokens to users than it should do

medium

Since buyToken function has no slippage checking, users can get less tokens than expected when they buy tokens directly

medium

The quorumVotes can be bypassed

medium

CultureIndex.sol#dropTopVotedPiece() - Malicious user can manipulate topVotedPiece to DoS the whole CultureIndex and AuctionHouse

medium

`encodedData` argument of `hashStruct` is not calculated perfectly for EIP712 singed messages in `CultureIndex.sol`

Ethereum Credit Guild

Ethereum Credit Guild

860.47 USDC • 3 total findings • Code4rena • rvierdiiev

#18

medium

Re-triggering the `canOffboard[term]` flag to bypass the DAO vote of the lending term offboarding mechanism

medium

ProfitManager's "creditMultiplier" calculation does not count undistributed rewards; this can cause value losses to users

medium

LendingTerm debtCeiling function uses creditMinterBuffer incorrectly

Olympus RBS 2.0

Olympus RBS 2.0

1,644.51 USDC • 3 total findings • Sherlock • rvierdiiev

#10

medium

BunniPrice.getBunniTokenPrice doesn't include fees

medium

BunniSupply.getProtocolOwnedLiquidityOhm doesn't include ohm fees

medium

OlympusSupply.getReservesByCategory will revert in case if submoduleReservesSelector_ is empty

Nov '23

core-and-erc1155a

core-and-erc1155a

17,631.1 USDC • 5 total findings • Cantina • rvierdiiev

#4

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Nouns Builder

Nouns Builder

21.94 USDC • 1 total finding • Sherlock • rvierdiiev

#9

high

Token.updateFounders will not clear tokenRecipient correctly

Convergence

Convergence

377.77 USDC • 1 total finding • Sherlock • rvierdiiev

#12

medium

LockingPositionService.mintPosition creates 1 week longer lock than user requested

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

208.9 USDC • 2 total findings • Code4rena • rvierdiiev

#15

medium

No slippage protection for Market functions

medium

Users will lose rewards when buying new tokens if they already own some tokens

morpho-blue

morpho-blue

1,243.18 USDC • 1 total finding • Cantina • rvierdiiev

#15

high

Finding not yet public.

Kelp DAO | rsETH

Kelp DAO | rsETH

43.45 USDC • 2 total findings • Code4rena • rvierdiiev

#43

high

The price of rsEHT could be manipulated by the first staker

high

Protocol mints less rsETH on deposit than intended

Oct '23

Party Protocol

Party Protocol

435.06 USDC • 2 total findings • Code4rena • rvierdiiev

#16

high

Single host can unfairly skip veto period for proposal that does not have full host support

medium

PartyGovernanceNFT.sol#mint - User can delegate another user funds to themselves and brick them from changing the delegation

NextGen

NextGen

1.38 USDC • 2 total findings • Code4rena • rvierdiiev

#106

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Adversary can block `claimAuction()` due to push-strategy to transfer assets to multiple bidders

Perennial V2 Update #1

Perennial V2 Update #1

4,902.50 USDC • 3 total findings • Sherlock • rvierdiiev

silver

high

Oracle fees can be drained by calling settle several times

medium

Only one callback per oracle version can be registered in the KeeperOracle callbacks

medium

MultiInvoker doesn't pay keepers refund for l1 calldata

Steadefi

Steadefi

4,586.74 USDC • 13 total findings • CodeHawks • rvierdiiev

silver

high

Block of GMXVault by using GMX UI fee

high

`GMXVault` can be blocked by a malicious actor

high

Incorrect Execution Fee Refund address on Failed Deposits or withdrawals in Strategy Vaults

high

Withdraw function provides more funds to withdrawer

medium

The protocol will mint unnecessary fees if the vault is paused and reopened later.

medium

Missing minimum token amounts in the emergency contract functions allows MEV bots to take advantage of the protocols emergency situation

medium

Incorrect state transition may cause vault in stuck

medium

GMXVault can stop working in case if GMX will change `Keys.MAX_CALLBACK_GAS_LIMIT` to smaller than 2 millions

medium

Rewards from GMX are sent to Trove only in deposit and withdraw functions

medium

In case if withdraw has failed, then processWithdrawFailure will decrease exchange rate of GMXVault shares

medium

All functions that burn or mint shares for user's should mintFee for protocol before

medium

Inaccurate Fee Due to missing lastFeeCollected Update Before feePerSecond Modification

low

ChainlinkARBOracle.consult will revert phase id was increased for chainlink aggregator

Ethena Labs

Ethena Labs

4.52 USDC • Code4rena • rvierdiiev

#40

Badger eBTC Audit + Certora Formal Verification Competition

Badger eBTC Audit + Certora Formal Verification Competition

4,217.14 USDC • 1 total finding • Code4rena • rvierdiiev

#7

medium

Batched liquidations doesn't distribute bad debt on next batches in the list

The Wildcat Protocol

The Wildcat Protocol

563.07 USDC • 6 total findings • Code4rena • rvierdiiev

#12

high

Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts and gain the WithdrawOnly Role on any account they want

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrowers can escape from paying half of the penalty fees by closing the market, and those remaining penalty fees will be covered by the lender who withdraws last

high

Borrower can drain all funds of a sanctioned lender

medium

`setAnnualInterestBips()` can be abused to keep a market's reserve ratio at 90%

medium

Blocked accounts keep earning interest contrary to the WhitePaper

Aloe

Aloe

3,154.30 USDC • 2 total findings • Sherlock • rvierdiiev

#4

high

Borrower can dos liquidations

medium

Courier can be cheated to avoid fees

Brahma

Brahma

23.96 USDC • Code4rena • rvierdiiev

#12

ENS

ENS

5.43 USDC • Code4rena • rvierdiiev

#20

zkSync Era

zkSync Era

17,605.91 USDC • 2 total findings • Code4rena • rvierdiiev

#7

medium

L2SharedBridge l1LegacyBridge is not set

medium

Freezed Chain will never be unfreeze since `StateTransitionManager::unfreezeChain` is calling `freezeDiamond` instead of `unfreezeDiamond`.

Sep '23

Venus Prime

Venus Prime

129.33 USDC • 1 total finding • Code4rena • rvierdiiev

#26

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

Maia DAO - Ulysses

Maia DAO - Ulysses

6,614.45 USDC • 6 total findings • Code4rena • rvierdiiev

#5

high

All tokens can be stolen from `VirtualAccount` due to missing access modifier

medium

ArbitrumCoreBranchRouter.executeNoSettlement can't handle 0x07 function

medium

Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication

medium

If RootBridgeAgent.lzReceiveNonBlocking reverts internally, the native token sent by relayer to RootBridgeAgent is left in RootBridgeAgent

medium

No deposit cross-chain calls/communication can still originate from a removed branch bridge agent

medium

`ArbitrumBranchBridgeAgent::_performFallbackCall` Function Does Not Refund Users Their Excess Native Gas Deposit

Allo V2

Allo V2

631.55 USDC • 7 total findings • Sherlock • rvierdiiev

#11

high

User can frontrun RFPSimpleStrategy._allocate in order to increase his bid

high

Anyone can call RFPSimpleStrategy.setPoolActive

high

QVSimpleStrategy allows allocator to use as many votes as he wishes

medium

Protocol isn't compatible with fee on transfer tokens

medium

RFPSimpleStrategy will not work when useRegistryAnchor is set

medium

Allocator who allocates additional votes to same recipient can provide more votes

medium

In case if QVSimpleStrategy pool will be funded after some user's already received payment, then distribution will be incorrect

Centrifuge

Centrifuge

145.65 USDC • 1 total finding • Code4rena • rvierdiiev

#27

medium

Cached `DOMAIN_SEPARATOR` is incorrect for tranche tokens potentially breaking permit integrations

DittoETH

DittoETH

2,206.01 USDC • 5 total findings • CodeHawks • rvierdiiev

#9

high

Users Lose Funds and Market Functionality Breaks When Market Reachs 65k Id

high

Owner of a bad ShortRecord can front-run flagShort calls AND liquidateSecondary and prevent liquidation

high

Previous NFT owner can burn NFT from the new owner

medium

Possible DOS on deposit(), withdraw() and unstake() for BridgeReth, leading to user loss of funds

medium

User can create small position after exit with bid

Aug '23

Livepeer Onchain Treasury Upgrade

Livepeer Onchain Treasury Upgrade

1,048.07 USDC • 1 total finding • Code4rena • rvierdiiev

#7

medium

withdrawFees does not update checkpoint

Chainlink Staking v0.2

Chainlink Staking v0.2

4,330.81 USDC • Code4rena • rvierdiiev

#14

Dopex

Dopex

1,735.84 USDC • 7 total findings • Code4rena • rvierdiiev

#9

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

Put settlement can be anticipated and lead to user losses and bonding DoS

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

high

`UniV3LiquidityAMO::recoverERC721` will cause `ERC721` tokens to be permanently locked in `rdpxV2Core`

medium

Can not withdraw RDPX if WETH withdrawn is zero

medium

Change of `fundingDuration` causes "time travel" of `PerpetualAtlanticVault.nextFundingPaymentTimestamp()`

PoolTogether V5: Part Deux

PoolTogether V5: Part Deux

148.2 USDC • 1 total finding • Code4rena • rvierdiiev

#19

high

`rngComplete` function should only be called by `rngAuctionRelayer`

Tangible Caviar

Tangible Caviar

1,873.25 USDC • Code4rena • rvierdiiev

#8

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

43.36 USDC • 9 total findings • CodeHawks • rvierdiiev

#77

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Borrower can use Refinance to cancel auctions so they can extend their loan indefinitely

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Fee on transfer tokens will cause users to lose funds

high

Forcing a borrower to pay a huge debt via the giveLoan()

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

medium

No expiration deadline leads to losing a lot of funds

medium

Fixed fee level is used when swap tokens on Uniswap

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1,499.02 USDC • 7 total findings • CodeHawks • rvierdiiev

bronze

high

Theft of collateral tokens with fewer than 18 decimals

high

There is no incentive to liquidate small positions

medium

DSC protocol can consume stale price data or cannot operate on some EVM chains

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

medium

Too many DSC tokens can get minted for fee-on-transfer tokens.

medium

`liquidate` does not allow the liquidator to liquidate a user if the liquidator HF < 1

medium

Protocol can break for a token with a proxy and implementation contract (like `TUSD`)

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

41.06 USDC • 2 total findings • CodeHawks • rvierdiiev

#50

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

medium

High - Funds can be lost if any participant is blacklisted

Tokemak

Tokemak

1,100.11 USDC • 4 total findings • Sherlock • rvierdiiev

#19

high

LMPVault may update idle not accurate

high

LMPVaultRouterBase.mint tries to get payment 2 times in case of native payment

high

MavEthOracle can be manipulated

high

LiquidationRow.liquidateVaultsForToken will never work, so vault depositors will not receive any rewards

PoolTogether

PoolTogether

4,403.17 USDC • 7 total findings • Code4rena • rvierdiiev

silver

high

Resetting delegation will result in user funds being lost forever

high

`Vault.mintYieldFee` FUNCTION CAN BE CALLED BY ANYONE TO MINT `Vault Shares` TO ANY RECIPIENT ADDRESS

high

Vault is not compatible with some erc4626 vaults

medium

depositWithPermit and mintWithPermit are allowed to be called by permit creator only

medium

Claimer.claimPrizes can be frontrunned in order to make losses for the claim bot

medium

`VaultFactory` allows deployment of vaults with non-authentic `TwabController` and `PrizePool`

medium

Unintended or Malicious Use of Prize Winners' Hooks

Tapioca DAO

Tapioca DAO

7,298.83 USDC • 31 total findings • Code4rena • rvierdiiev

#10

high

`_liquidateUser()` should not re-use the same minimum swap amount out for multiple liquidation

high

Liquidated USDO from BigBang not being burned after liquidation inflates USDO supply and can threaten peg permanently

high

`LidoEthStrategy._currentBalance` is subject to price manipulation, allows overborrowing and liquidations

high

Ability to steal user funds and increase collateral share infinitely in BigBang and Singularity

high

Tokens can be stolen from other users who have approved Magnetar

high

twTAP.claimAndSendRewards() will claim the wrong amount for each reward token due to the use of wrong index.

high

Anybody can buy collateral on behalf of other users without having any allowance using the multiHopBuyCollateral()

high

The BigBang contract take more fees than it should

high

Rewards compounded in AaveStrategy are unredeemable

high

[HB10] `AaveStrategy.sol`: Changing swapper breaks the contract

medium

`totalCollateralShare` state variable not updated in `Singularity` market upon liquidation, resulting in an error on `addCollateral` with skim functionality

medium

SGLLeverage/BigBang `buyCollateral` Can Be Exploited to Steal Asset Approvals & Collateral

medium

Tapioca Bar: Unusable Market Add Functions in Penrose Contract

medium

BigBang and Singularity should not pause repay() and liquidate()

medium

Incorrect `eligibleAmount` for `AirdropBroker` Phase 3

medium

`emitForWeek` will lose `emissionForWeek` if one week is skipped

medium

`extractTAP()` function can allow minting an infinite amount in one week, leading to a DoS attack in `emitForWeek()`

medium

TOFT `exerciseOption` fails due to not passing `msg.value` properly

medium

Using `setBigBangEthMarketDebtRate` or `setBigBangConfig` cause incorrect interest calculation due to retroactively applying the interest rate

medium

Missing deadline checks allow pending transactions to be maliciously executed

medium

There is no mechanism to track and resolve bad debt

medium

`MagnetarV2#burst` double counts `msg.value` for `TOFT_WRAP` operation, making the transaction revert unless the user overpays

medium

all deposit and withdraw function in Convex and Curve nativeLP Strategy, apply slippage on internal pricing; which call real-time on chain price from Curve directly and subject to MEV

medium

SGLLeverage.multiHopSellCollateral checks swapper on wrong chain

medium

USDOOptionsModule.exercise doesn't send refund to user

medium

Some actions inside MagnetarV2.burst will not work because msg.value is used inside delegate call

medium

Loss of COMP reward in CompoundStragety.sol

medium

Rebalancing mTapiocaOFT of native token forces admin to pay for rebalance amount

medium

Potential loss of value in YieldBox's `depositETHAsset()`

medium

`SGLBorrow::repay` and `BigBang::repay` uses `allowedBorrow` with the asset amount, whereas other functions use it with share of collateral

medium

[HB09] `emergencyWithdraw` on all strategy contracts useless without a pause mechanism

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

677.54 USDC • Code4rena • rvierdiiev

#5

Jun '23

GLIF

GLIF

6,744.12 USDC • Sherlock • rvierdiiev

silver

Findings not publicly available for private contests.

Symmetrical

Symmetrical

1,541.23 USDC • 11 total findings • Sherlock • rvierdiiev

#10

high

partyA can block partyB from opening position when it's not favorable for it

high

LiquidationFacetImpl.liquidatePositionsPartyB doesn't check provided signature timestamp correctly

high

LibMuon.verifyPrices doesn't check user's nonce, which allows to provide old values

medium

PartyBFacetImpl.openPosition can open position that is not solvent

medium

Some liquidations will not be attractive for liquidators

medium

Fees are not returned for locked or cancel_pending quote, when partyB is liquidated

medium

In case if symbol is not valid it should be not possible to open position

medium

PartyBFacetImpl.acceptCancelRequest function doesn't increase nonce for partyA

medium

In case if trading fee will be changed then refund will be done with wrong amount

medium

Suspended account still can do partyB actions

medium

Payment for liquidation is not fair

Arrakis

Arrakis

1,233.18 USDC • 3 total findings • Sherlock • rvierdiiev

#6

high

ArakkisV2Router.addLiquidityPermit2 eth refund logic is not working

medium

ChainLinkOraclePivot uses same outdated timeout for both price feeds

medium

ArrakisV2Storage.setManagerFeeBPS should collect fees before changing fee

Llama

Llama

2,702.9 USDC • 2 total findings • Code4rena • rvierdiiev

#7

medium

User with disapproval role can gas grief the action executor

medium

It is not possible to execute actions that require ETH (or other protocol token)

Stader Labs

Stader Labs

12,289.77 USDC • 3 total findings • Code4rena • rvierdiiev

gold

medium

Chainlink's `latestRoundData` may return stale or incorrect result

medium

ValidatorWithdrawalVault.settleFunds doesn't check amount that user has inside NodeELRewardVault to pay for penalty

medium

ValidatorWithdrawalVault.distributeRewards can be called to make operator slashable

May '23

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • rvierdiiev

#23

medium

Missing checks for whether Arbitrum Sequencer is active

medium

PriceOracle.getPrice doesn't check for stale price

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

45,347.05 USDC • Code4rena • rvierdiiev

gold
Perennial

Perennial

2,196.09 USDC • 2 total findings • Sherlock • rvierdiiev

#6

medium

Traders should pay fee for the oposite side for the whole time, when protocol was paused

medium

BalancedVault.claim can be called in not favorable situation

Index

Index

302.81 USDC • 3 total findings • Sherlock • rvierdiiev

#14

medium

AmmModule will not work with usdt

medium

Using deprecated Chainlink function latestAnswer

medium

Missing checks for whether Arbitrum Sequencer is active

DODO Margin Trading

DODO Margin Trading

75.64 USDC • 1 total finding • Sherlock • rvierdiiev

#8

high

Anyone can request aave flashloan on behalf of MarginTrading contract to make loses for it

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

6,690.03 USDC • 4 total findings • Code4rena • rvierdiiev

silver

medium

Comptroller.healAccount doesn't distribute rewards for healed borrower

medium

ShortFall contract might transfer incorrect amount of tokens to the highest bidder.

medium

Borrower can cause a DoS by frontrunning a liquidation and repaying as low as 1 wei of the current debt

medium

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

Ajna Protocol

Ajna Protocol

1,152.93 USDC • 4 total findings • Code4rena • rvierdiiev

#8

high

User can avoid bankrupting by calling PositionManager.moveLiquidity where to index is bankrupted index

high

Position NFT can be spammed with insignificant positions by anyone until rewards DoS

medium

Governance attack on Extraordinary Proposals

medium

Calling `StandardFunding.screeningVote` function and `ExtraordinaryFunding.voteExtraordinary` function when `block.number` equals respective start block and when `block.number` is bigger than respective start block can result in different available votes

Apr '23

EigenLayer Contest

EigenLayer Contest

1,063.04 USDC • 1 total finding • Code4rena • rvierdiiev

#17

medium

A malicious strategy can permanently DoS all currently pending withdrawals that contain it

GMX Update

GMX Update

4,128.30 USDC • 1 total finding • Sherlock • rvierdiiev

#8

medium

User can loose funds in case if swapping in DecreaseOrderUtils.processOrder will fail

JOJO Exchange

JOJO Exchange

1,716.17 USDC • 3 total findings • Sherlock • rvierdiiev

#8

medium

Subaccount.execute is not payable, so user can't provide amount along with the call

medium

It's possible to reset primaryCredit and secondaryCredit for insurance account

medium

FlashLoanLiquidate.JOJOFlashLoan function doesn't check for slippage

ENS Contest

ENS Contest

694.56 USDC • 1 total finding • Code4rena • rvierdiiev

#16

medium

Incorrect implementation of RecordParser.readKeyValue()

Frankencoin

Frankencoin

56.5 USDC • 2 total findings • Code4rena • rvierdiiev

#54

medium

Challengers and bidders can collude together to restrict the minting of position owner

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Caviar Private Pools

Caviar Private Pools

2,509.32 USDC • 2 total findings • Code4rena • rvierdiiev

bronze

medium

Loss of funds for traders due to accounting error in royalty calculations

medium

Flashloan fee is not distributed to the factory

Rubicon v2

Rubicon v2

3,010.42 USDC • 9 total findings • Code4rena • rvierdiiev

#4

high

Position doesn't distribute rewards to users

high

Reward accounting is incorrect in BathBuddy contract

high

RubiconMarket checks slippage incorrectly

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Incorrect fee handling in Position.sol's Market Buy/Sell functions

medium

Zero reward rate calculation impedes low-decimals token distributions

medium

Position._borrowLimit doesn't use exisiting collateral in case if user doesn't have any `_bathToken`

medium

Position contract allows to interact with positions that are liquidated

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

Mar '23

Asymmetry contest

Asymmetry contest

762.38 USDC • 5 total findings • Code4rena • rvierdiiev

#9

high

A temporary issue shows in the staking functionality which leads to the users receiving less minted tokens.

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )

high

`WstEth` derivative assumes a ~1=1 peg of stETH to ETH

high

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed

medium

Possible DoS on `unstake()`

zkSync Era System Contracts contest

zkSync Era System Contracts contest

4,939.63 USDC • 2 total findings • Code4rena • rvierdiiev

#7

medium

deploying contracts with forceDeployOnAddress will break contracts when callConstructor is false

medium

time-sensitive contracts deployed on zkSync

Feb '23

Hats

Hats

65.12 USDC • 1 total finding • Sherlock • rvierdiiev

#19

medium

HatsSignerGateBase.setTargetThreshold should adjust minThreshold

Derby

Derby

4,247.22 USDC • 14 total findings • Sherlock • rvierdiiev

bronze

high

Malicious user can trigger XProvider calls with small or 0 relayerFee in order to make txs stuck waiting while someone will execute them

high

Vault.pullFunds decreases `savedTotalUnderlying` param incorrectly sometimes

medium

Game.rebalanceBasket can be called by user, when rewards are not sent yet for the period, in order to avoid slashing dervy token for negative rewards

medium

Vault.rebalance calculates rewards per locked token incorrectly

medium

MainVault.rebalanceXChain doesn't check that savedTotalUnderlying >= reservedFunds

medium

Game doesn't accrued rewards for previous rebalance period in case if rebalanceBasket is called in next period

medium

Rewards per locked token are calculated incorrectly

medium

Vault.claim should be called before `pushTotalUnderlyingToController`

medium

Vault thinks that all stable coins have same cost

medium

exchangeRate is not up to date in case if vault that is off is changed to on

medium

Vault.blacklistProtocol can revert in emergency

medium

Vault.blacklistProtocol doesn't claim rewards

medium

Players are not guaranteed to receive rewards

medium

User should not receive rewards for the rebalance period, when protocol was blacklisted, because of unpredicted behaviour of protocol price

OlympusDAO

OlympusDAO

791.67 USDC • 6 total findings • Sherlock • rvierdiiev

#10

high

User can claim all balance of reward tokens, because of issue in calculations

high

User can claim more rewards, because incorrect order in calculation

high

cachedUserRewards variable is never reset, so user can steal all rewards

medium

SingleSidedLiquidityVault._accumulateInternalRewards will revert with underflow error if rewardToken.lastRewardTime is bigger than current time

medium

When reward token is being removed it should send rewards to users

medium

ohmRemoved is calculated incorrectly inside SingleSidedLiquidityVault.withdraw function

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • rvierdiiev

#33

Volta

Volta

2,012.28 USDC • Sherlock • rvierdiiev

silver

Findings not publicly available for private contests.

Fair Funding by Alchemix & Unstoppable

Fair Funding by Alchemix & Unstoppable

141.53 USDC • 2 total findings • Sherlock • rvierdiiev

#6

medium

Any user can call settle before auction in order to mint all tokens to FALLBACK_RECEIVER and ddos AuctionHouse

medium

Vault.remove_operator allows to remove last operator

GMX

GMX

7,711.54 USDC • 9 total findings • Sherlock • rvierdiiev

#5

high

GasUtils.estimateExecuteWithdrawalGasLimit calculates gas amount incorrectly

high

No slippage for withdrawal without swapping path

high

MarketUtils.claimCollateral implemented incorrectly

high

PositionPricingUtils.getPositionFees takes more fees than should

high

DecreaseOrderUtils.processOrder doesn't have slippage protection, when `order.swapPath().length == 0`

medium

Oracle._setPricesFromPriceFeeds can get stale price from oracle

medium

Oracle._setPricesFromPriceFeeds will set incorrect price for stable coins in case of deppeging

medium

ExecuteDepositUtils.getAdjustedLongAndShortTokenAmounts works incorrectly

medium

When executeDeposit or executeWithdraw feature is disabled, keeper can execute orders in order to cancel them and burn part of execution fee

Carapace

Carapace

3,251.27 USDC • 6 total findings • Sherlock • rvierdiiev

#5

high

User can buy protection for 0 amount for free in order to be able to renew it with not 0 amount when they think pool will default

high

Lending pool state transition will be broken when pool is expired in late state

high

Attacker can withdraw in same or next epoch when he deposited

high

ProtectionPool._accruePremiumAndExpireProtections will stop working when lendingPool will have big number of protections

medium

ProtectionPool.lockCapital doesn't check if protection is already expired

medium

defaultStateManager.getLendingPoolStatus can be stale which allows user to buy/renew protection when he should not

Blueberry

Blueberry

4,541.07 USDC • 10 total findings • Sherlock • rvierdiiev

bronze

high

BlueBerryBank doesn't poke all position debt tokens, before checking getDebtValue

high

In case if user withdrawLend in withdrawVaultFee window, his position.underlyingAmount is not updated correctly

high

Position owner lose ichi farm rewards when he calls openPositionFarm and collateral already exists

high

User lose WERC20 when close position and provides amountLpWithdraw that is not 0

high

BlueBerryBank.liquidate supposes that only 1 token can be borrowed for the position

medium

BlueBerryBank.getPositionRisk shows risk 0, when underlying price is 0

medium

IchiVaultSpell.strategy.maxPositionSize can be bypassed

medium

Fee on transfer tokens are not supported

medium

No ability to provide slippage when closing position

medium

BasicSpell.doCutRewardsFee uses depositFee instead of withdraw fee

OpenQ

OpenQ

1,205.45 USDC • 6 total findings • Sherlock • rvierdiiev

#13

high

DepositManagerV1.refundDeposit will revert when big number of deposits will be created in bounty

high

ClaimManagerV1 will not be able to claim for user if he is blocked by any reward token

high

Attacker can block user from claiming AtomicBountyV1 by depositing token that doesn't support 0 transfer and then refunding

high

BountyCore.claimNft doesn't check that nft is not refunded

medium

DepositManagerV1.fundBountyNFT doesn't check if address limit is reached

medium

TieredFixedBountyV1.setPayoutScheduleFixed will fail in case issuer wants to make less amount of tiers

Jan '23

Popcorn contest

Popcorn contest

8,268.35 USDC • 14 total findings • Code4rena • rvierdiiev

gold

high

Anyone who uses same adapter have ability to pause it

high

Staking rewards can be drained

high

BeefyAdapter() malicious vault owner can use malicious _beefyBooster to steal the adapter's token

high

Protocol loses fees because highWaterMark is updated every time someone deposit, withdraw, mint

medium

DOS any Staking contract with Arithmetic Overflow

medium

`MultiRewardStaking.changeRewardSpeed()` breaks the distribution

medium

Faulty Escrow config will lock up reward tokens in Staking contract

medium

AdpaterBase.harvest should be called before deposit and withdraw

medium

Strategy can't earn yields for user as underlyingBalance is not updated when strategy deposits

medium

Malicious Users Can Drain The Assets Of Vault. (Due to not being ERC4626 Complaint)

medium

[H-01] Management Fee for a vault is charged even when there is no assets under management and subject to manipulation.

medium

cool down time period is not properly respected for the `harvest` method

medium

Anyone can reset fees to 0 value when Vault is deployed

medium

`Vault::takeFees` can be front run to minimize `accruedPerformanceFee`

Numoen contest

Numoen contest

1,631 USDC • 2 total findings • Code4rena • rvierdiiev

#7

medium

Borrower can lose partial fund during minting of Power Token as excess ETH are not refunded automatically

medium

Fee on transfer tokens will not behave as expected

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

48.11 USDC • 4 total findings • Code4rena • rvierdiiev

#46

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

medium

Possible scenario for Signature Replay Attack

medium

Users may not claim Erc1155 rewards when the Quest has ended

medium

User may loose rewards if the receipt is minted after quest end time

Optimism

Optimism

7,579.04 USDC • 1 total finding • Sherlock • rvierdiiev

#12

medium

Deposits from L1 to L2 using L1CrossDomainMessenger will fail and will not be replayable when L2CrossDomainMessenger is paused

Cooler

Cooler

55.05 USDC • 2 total findings • Sherlock • rvierdiiev

#26

high

Protocol doesn't check the result of ERC20.transfer calls

medium

Cooler.repay doesn't repay correctly in some cases

Reserve contest

Reserve contest

258.02 USDC • 1 total finding • Code4rena • rvierdiiev

#24

medium

attacker can prevent vesting for a very long time

Astaria contest

Astaria contest

6,900.43 USDC • 11 total findings • Code4rena • rvierdiiev

silver

high

PublicVault.processEpoch calculates withdrawReserve incorrectly. Users can lose funds.

high

Liquidation will fail if value set as `liquidationInitialAsk` > 2**88-1, causing collateral to be permanently locked

high

Buying out corrupts the slope of a vault, reducing rewards of LPs

high

Deadlock in valuts with underlying token with less then 18 decimals

medium

Adversary can game the liquidation flow by transfering a dust amount of the payment token to ClearingHouse contract to settle the auction if no one buy the auctioned NFT

medium

PublicVault.processEpoch updates YIntercept incorrectly when totalAssets() <= expected

medium

Lack of support for ERC20 token that is not 18 decimals

medium

Approved operator of collateral owner can't liquidate lien

medium

WithdrawProxy allows redeem() to be called before withdraw reserves are transferred in

medium

Users are unable to mint shares from a public vault using `AstariaRouter` contract when share price is bigger than one

medium

LienToken._payment function increases users debt

UXD Protocol

UXD Protocol

1,930.73 USDC • 5 total findings • Sherlock • rvierdiiev

#7

medium

PerpDepository._rebalanceNegativePnlWithSwap doesn't approve spotSwapper before swap

medium

PerpDepository._rebalanceNegativePnlWithSwap doesn't approve vault before deposit

medium

PerpDepository supposes that `clearingHouse.openPosition` returns quoteAmount in e18

medium

PerpDepository calculates fees incorrectly

medium

PerpDepository.netAssetDeposits variable can prevent users to withdraw with underflow error

Dec '22

Papr contest

Papr contest

2,365.25 USDC • 3 total findings • Code4rena • rvierdiiev

#9

high

Stealing fund by applying reentrancy attack on `removeCollateral`, `startLiquidationAuction`, and `purchaseLiquidationAuctionNFT`

high

Borrowers may earn auction proceeds without filling the debt shortfall

medium

`PaprController` pays swap fee in `buyAndReduceDebt`, not user

GoGoPool contest

GoGoPool contest

1,862.32 USDC • 11 total findings • Code4rena • rvierdiiev

#14

high

Inflation of ggAVAX share price by first depositor

high

Hijacking of node operators minipool causes loss of staked funds

high

ProtocolDAO lacks a method to take out GGP

medium

Division by zero error can block RewardsPool#startRewardCycle if all multisig wallet are disabled.

medium

MinipoolManager: recordStakingError function does not decrease minipoolCount leading to too high GGP rewards for staker

medium

Users may not be able to redeem their shares due to underflow

medium

wrong reward distribution between early and late depositors because of the late syncRewards() call in the cycle, syncReward() logic should be executed in each withdraw or deposits (without reverting)

medium

Functions cancelMinipool() doesn't reset the value of the RewardsStartTime for user when user's minipoolcount is zero

medium

Inflation rate can be reduce by half at most if it get called every 1.99 interval.

medium

Bypass `whenNotPaused` modifier

medium

NodeOp funds may be trapped by a invalid state transition

Forgeries contest

Forgeries contest

90.88 USDC • 1 total finding • Code4rena • rvierdiiev

#18

high

Admin does not have to wait to call `lastResortTimelockOwnerClaimNFT()`

Caviar contest

Caviar contest

808.13 USDC • 2 total findings • Code4rena • rvierdiiev

#11

high

Reentrancy in buy function for ERC777 tokens allows buying funds with considerable discount

high

First depositor can break minting of shares

Rain

Rain

203.30 USDC • Sherlock • rvierdiiev

#8

Findings not publicly available for private contests.

Tigris Trade contest

Tigris Trade contest

1,431.34 USDC • 8 total findings • Code4rena • rvierdiiev

#15

high

Malicious user can steal all assets in BondNFT

high

Lock.sol: assets deposited with Lock.extendLock function are lost

high

Not enough margin pulled or burned from user when adding to a position

medium

Must approve 0 first

medium

Approved operators of Position token can't call Trading.initiateCloseOrder

medium

`_handleDeposit` and `_handleWithdraw` do not account for tokens with decimals higher than 18

medium

Unreleased locks cause the reward distribution to be flawed in BondNFT

medium

Chainlink price feed is not sufficiently validated and can return stale price

prePO contest

prePO contest

1,932.93 USDC • 3 total findings • Code4rena • rvierdiiev

#4

high

griefing / blocking / delaying users to withdraw

high

A whale user is able to cause freeze of funds of other users by bypassing withdraw limit

medium

Manager can get around min reserves check, draining all funds from Collateral.sol

Escher contest

Escher contest

91.58 USDC • 4 total findings • Code4rena • rvierdiiev

#37

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

medium

ETH will get stuck if all NFTs do not get sold.

medium

Unsafe downcasting operation truncate user's input

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Maverick contest

Maverick contest

5,995.91 USDC • 1 total finding • Code4rena • rvierdiiev

silver

medium

Router.getOrCreatePoolAndAddLiquidity can be frontrunned which leads to price manipulation

NounsDAO

NounsDAO

2,190.07 USDC • 4 total findings • Sherlock • rvierdiiev

silver

medium

Possible to create Stream with start and stop time in past

medium

Stream doesn't have ability to rescue native token

medium

Stream.rescueERC20 allows to transfer token() in case of 2 address tokens

medium

Not possible to create stream that pays less than 1 token per second

Nov '22

ParaSpace contest

ParaSpace contest

122.23 USDC • 1 total finding • Code4rena • rvierdiiev

#47

medium

During oracle outages or feeder outages/disagreement, the `ParaSpaceFallbackOracle` is not used

Opyn Crab Netting

Opyn Crab Netting

339.24 USDC • 1 total finding • Sherlock • rvierdiiev

#14

high

CrabNetting.depositsQueued and CrabNetting.withdrawsQueued will revert when there are many unprocessed deposits and withdraws

Isomorph

Isomorph

3,305.12 USDC • 6 total findings • Sherlock • rvierdiiev

bronze

high

Vault_Lyra doesn't allow to close loan if Lyra collateral is not active and accrues more fees

medium

CollateralBook.CHANGE_COLLATERAL_DELAY variable is mistakenly set to 200 sec instead of 2 days

medium

Isomorph.ISOUSD_TIME_DELAY uses 3 sec delay instead of 3 days

medium

Vault_Base_ERC20._updateVirtualPrice allows to skip some price updates

medium

Vault_Lyra will continue calculate interests when contract is paused

medium

Vault_Lyra.increaseCollateralAmount doesn't allow borrower to add collateral if total collateral is less than liquidation amount

Redacted Cartel contest

Redacted Cartel contest

2,188.94 USDC • 6 total findings • Code4rena • rvierdiiev

#9

high

The 'redeem' related functions are likely to be blocked

high

Malicious Users Can Drain The Assets Of Auto Compound Vault

high

Underlying assets stealing in `AutoPxGmx` and `AutoPxGlp` via share price manipulation

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

medium

Deposit Feature Of The Vault Will Break If Update To A New Platform

medium

PirexGmx.initiateMigration can be blocked

Telcoin

Telcoin

30.30 USDC • 1 total finding • Sherlock • rvierdiiev

#6

medium

FeeBuyback doesn't use safeTransferFrom for tokens transfering

Buffer Finance

Buffer Finance

40.26 USDC • 2 total findings • Sherlock • rvierdiiev

#11

medium

Fee on transfer tokens are not supported

medium

Result of ERC20 transfer is ignored

Bull v Bear

Bull v Bear

165.48 USDC • 3 total findings • Sherlock • rvierdiiev

#11

high

Replay attack for order is possible

medium

Fee on transfer tokens are not supported

medium

transferPosition function do not transfer withdrawableCollectionTokenId to new recipient

DODO

DODO

62.49 USDC • 1 total finding • Sherlock • rvierdiiev

#6

medium

DODORouteProxy._routeWithdraw uses transfer to send eth

FrankenDAO

FrankenDAO

291.82 USDC • 3 total findings • Sherlock • rvierdiiev

#11

medium

Governance.queue function increases proposalsCreated counter isntead of proposalsPassed

medium

User with delegated votes in amount more then proposalThreshold can block his delegator for undelegating votes

medium

Use safeTransferFrom when unstake token

Bond Protocol

Bond Protocol

5,347.54 USDC • 3 total findings • Sherlock • rvierdiiev

bronze

medium

BondAggregator.liveMarketsBy eventually will revert because of block gas limit

medium

BondBaseSDA.setDefaults doesn't validate inputs

medium

meta.tuneBelowCapacity param is not updated when BondBaseSDA.setIntervals is called

SIZE contest

SIZE contest

526.8 USDC • 3 total findings • Code4rena • rvierdiiev

#8

medium

Seller's ability to decrypt bids before reveal could result in a much higher clearing price than anticpated and make buyers distrust the system

medium

Attacker may DOS auctions using invalid bid parameters

medium

Incompatibility with fee-on-transfer/inflationary/deflationary/rebasing tokens, on both base tokens and quote tokens, with varying impacts

Debt DAO contest

Debt DAO contest

7,858.73 USDC • 7 total findings • Code4rena • rvierdiiev

#4

high

Repaying a line of credit with a higher than necessary claimed revenue amount will force the borrower into liquidation

medium

Borrower can by mistake add own money to credit if credit is in ETH

medium

Whitelisted functions aren't scoped to revenue contracts and may lead to unnoticed calls due to selector clashing

medium

Mutual consent cannot be revoked and stays valid forever

medium

Variable balance ERC20 support

medium

address.call{value:x}() should be used instead of payable.transfer()

medium

Borrower/Lender excessive ETH not refunded and permanently locked in protocol

Chainlink Staking contest

Chainlink Staking contest

6,576.09 USDC • Code4rena • rvierdiiev

#6

Oct '22

Rage Trade

Rage Trade

149.37 USDC • 1 total finding • Sherlock • rvierdiiev

#6

medium

Share price manipulation by first depositor is possible on DnGmxJuniorVault and DnGmxSeniorVault

Paladin - Warden Pledges contest

Paladin - Warden Pledges contest

29.55 USDC • 1 total finding • Code4rena • rvierdiiev

#31

medium

Owner can transfer all ERC20 reward token out using function recoverERC20

Inverse Finance contest

Inverse Finance contest

602.73 USDC • 4 total findings • Code4rena • rvierdiiev

#15

medium

Avoidable misconfiguration could lead to INVEscrow contract not minting xINV tokens

medium

Two day low oracle used in `Market.liquidate()` makes the system highly at risk in an oracle attack

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Illuminate

Illuminate

1,248.41 USDC • 6 total findings • Sherlock • rvierdiiev

#9

high

Redeemer.autoRedeem and Redeemer.authRedeem can be called when paused

medium

ERC5095.deposit doesn't check if received shares is less then provided amount

medium

ERC5095.mint function calculates slippage incorrectly

medium

Redeemer.setFee function will always revert

medium

Marketplace.setPrincipal funtion approves allowance for Notional incorrectly

medium

Marketplace.setPrincipal do not approve needed allowance for Element vault and APWine router

Astaria

Astaria

2,486.60 USDC • 14 total findings • Sherlock • rvierdiiev

#5

high

AstariaRouter.commitToLiens function will always revert

high

ASTARIA_ROUTER.getProtocolFee will always revert

high

Possible to pass signature check and borrow from any Vault for a dummy NFT

high

Potential debt is calculated incorrectly when taking a new borrow

high

LienToken.buyoutLien do not set lienData[lienId].payee to address 0

high

Possible to fully block PublicVault.processEpoch function. No one will be able to receive their funds

high

LiquidationAccountant.claim function can be called any time

medium

CollateralToken should allow to execute token owner's action to approved addresses also

medium

AuctionHouse.createBid will revert when bid is took when `auctions[tokenId].maxDuration - auctions[tokenId].duration < timeBuffer' with oferflow error

medium

Strategist nonce is not checked

medium

LienToken.createLien doesn't check if user should be liquidated and provides new loan

medium

Manipulation of share price by first depositor of IVault

medium

LienToken._payment function do not return overpaid amount to msg.sender

medium

LienToken._payment function increases users debt

NFTPort

NFTPort

3,020.89 USDC • 2 total findings • Sherlock • rvierdiiev

bronze

medium

Factory uses signature that do not have expiration

medium

No royalties bps validation in NFTCollection, ERC721NFTProduct and ERC1155NFTProduct

Holograph contest

Holograph contest

55.67 USDC • Code4rena • rvierdiiev

#37

Trader Joe v2 contest

Trader Joe v2 contest

69.51 USDC • 1 total finding • Code4rena • rvierdiiev

#24

medium

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit

Merit Circle

Merit Circle

323.64 USDC • 2 total findings • Sherlock • rvierdiiev

#6

high

Lock time can be avoided

medium

Curve mess up is posssible that leads to deposit function blocked

Blur Exchange contest

Blur Exchange contest

147.47 USDC • 1 total finding • Code4rena • rvierdiiev

#19

high

StandardPolicyERC1155.sol returns amount == 1 instead of amount == order.amount

Mycelium

Mycelium

99.78 USDC • 1 total finding • Sherlock • rvierdiiev

#9

high

Manipulation of price by first depositor

Sep '22

Knox Finance

Knox Finance

408.66 USDC • 1 total finding • Sherlock • rvierdiiev

#11

medium

Auction.getEpochsByBuyer can be broken

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

87.52 USDC • 1 total finding • Code4rena • rvierdiiev

#29

medium

A "FrontRunning attack" can be made to the `initialize` function

Frax Ether Liquid Staking contest

Frax Ether Liquid Staking contest

630.3 USDC • 2 total findings • Code4rena • rvierdiiev

#11

medium

Centralization risk: admin have privileges: admin can set address to mint any amount of frxETH, can set any address as validator, and change important state in frxETHMinter and withdraw fund from frcETHMinter

medium

Withheld ETH shoud not be sent back to the frxETHMinter contract itself

VTVL contest

VTVL contest

27.95 USDC • Code4rena • rvierdiiev

#71

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • rvierdiiev

#21

Y2k Finance contest

Y2k Finance contest

782.96 USDC • 1 total finding • Code4rena • rvierdiiev

#15

medium

It's possible to change for Vault and lost control on it

PartyDAO contest

PartyDAO contest

606.13 USDC • 1 total finding • Code4rena • rvierdiiev

#13

medium

Early contributor can always become majority of crowdfund leading to rugging risks.

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

18,947.65 USDC • 1 total finding • Code4rena • rvierdiiev

gold

medium

TribeRedeemer will start redeeming incorrectly if someone transfer redeem tokens directly to it

Canto Dex Oracle contest

Canto Dex Oracle contest

39.22 CANTO • Code4rena • rvierdiiev

#12

Nouns Builder contest

Nouns Builder contest

4,647.17 USDC • 6 total findings • Code4rena • rvierdiiev

silver

high

Multiple vote checkpoints per block will lead to incorrect vote accounting

medium

Auction parameters can be changed during ongoing auction

medium

Tokens without properties can be minted and cannot be rendered

medium

Proposals can be bricked and Auctions stalled by bad settings

medium

Compromised or malicious vetoer can veto any proposals with unrestricted power

medium

Owners receive more percentage of total nft if some nfts were burned(because were not sold)

Aug '22

Olympus DAO contest

Olympus DAO contest

2,107.81 USDC • 2 total findings • Code4rena • rvierdiiev

#12

medium

Heart::beat() could be called several times in one block if no one called it for a some time

medium

Operator::setReserveFactor doesn't check if bond market should be changed

Nouns DAO contest

Nouns DAO contest

52.1 USDC • Code4rena • rvierdiiev

#38

FIAT DAO veFDT contest

FIAT DAO veFDT contest

186.99 USDC • 1 total finding • Code4rena • rvierdiiev

#24

medium

Unsafe casting from int128 can cause wrong accounting of locked amounts

Foundation Drop contest

Foundation Drop contest

62 USDC • Code4rena • rvierdiiev

#47