Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/81144da9-7259-46f0-b6a6-adb8ba39d831.jpg

saidam017

Security Researcher

Web3 Security Researcher | DM for Security Review | https://t.co/HqhxHeiiyE

Contact Me

High

56

Total

Medium

74

Total

$87.45K

Total Earnings

#104 All Time

35x

Payouts

gold

1x

1st Places

silver

1x

2nd Places

regular

13x

Top 10

All

Sherlock

Code4rena

Cantina

Oct '24

stakeup-bloomv2

stakeup-bloomv2

3,170.62 USDC • 15 total findings • Cantina • said

#8

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Aug '24

Chakra

Chakra

1,400.14 USDT • 11 total findings • Code4rena • said

#9

high

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

high

`ChakraSettlement.receive_cross_chain_msg` and `ChakraSettlement.receive_cross_chain_callback` functions do not ensure that receiving `ChakraSettlement` contract's `contract_chain_name` must match `to_chain` corresponding to respective `txid` input though

high

Inconsistent Handler Validation Behavior in Cairo ERC20Handler's Cross-Chain Callback

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

high

In Starknet already processed messages can be re-submitted and by anyone

high

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

medium

Settlement contract is mistakenly used for the handler contract when assigning ReceivedCrossChainTx struct

medium

inconsistency in sender address when creating cross chain messages on Starknet can lead to loss of funds

medium

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

medium

Missing `ERC20Method` validation at destination allows non-transfer tx to be handled as transfers.

medium

Excessive Authority Granted to Managers in the `ckr_btc.cairo` Contract Presents Significant Management Risks

zetachain-protocol

zetachain-protocol

1,946.29 USDC • 3 total findings • Cantina • said

#23

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jul '24

MakerDAO Endgame

MakerDAO Endgame

2,549.57 USDC • Sherlock • saidam017

#37

Jun '24

Size

Size

533.45 USDC • 5 total findings • Code4rena • said

#34

high

Users won't liquidate positions because the logic used to calculate the liquidator's profit is incorrect

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

`executeBuyCreditMarket` returns the wrong amount of cash and overestimates the amount that needs to be checked in the variable pool

medium

Users can not to buy/sell minimum credit allowed due to exactAmountIn condition

medium

Multicall does not work as intended

Apr '24

NOYA

NOYA

1,258.18 USDC + NOYA stars • 13 total findings • Code4rena • said

#11

high

Incomplete TVL Calculation in `AerodromeConnector::_getPositionTVL` Function.

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

high

`_getPositionTVL` of `UNIv3Connector` wrongly assumes ownership of all liquidity of the provided ticks inside `positionManager`.

high

Numerous errors when calculating the TVL for the MorphoBlue connector

medium

`veMav` token in `MaverickConnector` does NOT have an existing oracle, so staking Mav would always lead to DoS for TVL calculation

medium

`AccountingManager#totalWithdrawnAmount` should reflect tokens actually transferred to users, instead of expected transfers

medium

The `TVLHelper.sol#getTVL` function is DOSed by the `under collateralized connector`, and as a result, many parts of the protocol may be DOS.

medium

The total deposit amount limit in `AccountingManager.sol` can be bypassed

medium

Lack of function to claim reward in `AaveConnector`

medium

Balancer flashloan contract can be DOSed completely by sending 1 wei to it

medium

Due to missing health factor and hardcoded balance checks on Dolomite, a borrow position can be opened by withdrawing more than the supplied balance leading to possible unwanted liquidations

medium

Lack of functionality for `claimFees` calls to the Aerodrome Pool causes the connector to lose its deserved fees

medium

Camelot and Aerodrome Connector TVL susceptible to manipulation attack

Zivoe

Zivoe

920.39 USDC • 7 total findings • Sherlock • saidam017

#29

high

`revokeVestingSchedule` incorrectly update total supply and checkpoints

high

`revokeVestingSchedule` will not completely remove users voting power

high

`ZivoeITO`'s `claimAirdrop` will be impacted by the new `zSTT` and `zJTT` minting. Users will receive less rewards than they should.

medium

Borrowers could skip at least one period of interest payment when paying off the loan in full and end up paying less interest

medium

Push tokens to `OCL_ZVE` could revert most of the time due to allowance check

medium

`forwardYield` of `OCL_ZVE` can be denied and skipped for another 30 days

medium

`OCY_Convex_A` and `OCY_Convex_C` `claimRewards` can be bricked by poison reward token

Mar '24

Smart-contracts

Smart-contracts

190.21 USDC • 4 total findings • Cantina • said

#28

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '24

Smilee Finance

Smilee Finance

1,309.86 USDC • 1 total finding • Sherlock • saidam017

#4

medium

Position Manager providing the wrong strike when storing user's position data

Jan '24

reNFT

reNFT

3,124.22 USDC • Code4rena • said

#4

Nov '23

core-and-erc1155a

core-and-erc1155a

6,149.04 USDC • 3 total findings • Cantina • said

#7

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

metamorpho-and-periphery

metamorpho-and-periphery

5,000 USDC • Cantina • said

#4

morpho-blue

morpho-blue

4,158.87 USDC • 1 total finding • Cantina • said

#7

medium

Finding not yet public.

Oct '23

The Wildcat Protocol

The Wildcat Protocol

0.06 USDC • 1 total finding • Code4rena • said

#75

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

Sep '23

Venus Prime

Venus Prime

360.08 USDC • 3 total findings • Code4rena • said

#12

high

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

medium

DoS and gas griefing of calls to Prime.updateScores()

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

44.97 USDC • Code4rena • said

#56

Dopex

Dopex

25,152.38 USDC • 10 total findings • Code4rena • said

gold

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

`ReLPContract` wrongfully assumes protocol owns all of the liquidity in the UniswapV2 pool

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Bond operations will always revert at certain time when `putOptionsRequired` is true

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

medium

_curveSwap: getDpxEthPrice and getEthPrice is in wrong order

medium

reLP() mintokenAAmount the calculations are wrong.

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

medium

User can avoid paying high premium price by correctly timing his bond call

medium

User that delegate eth to `RdpxV2Core` will incur loss if his delegated eth fulfilled by decaying bonds

Good Entry

Good Entry

1,595.03 USDC • 3 total findings • Code4rena • said

#5

high

Overflow can still happened when calculating `priceX8` inside `poolMatchesOracle` operation

high

Unused funds are not returned and not counted in `GeVault`

medium

User can steal refunded underlying tokens from `initRange` operation inside `RangeManager`

Jul '23

Moonwell

Moonwell

5,235.33 USDC • 1 total finding • Code4rena • said

#6

medium

User can prevent liquidation by enter another market that have low supply and borrow activity

Amphora Protocol

Amphora Protocol

8,482.66 USDC • 2 total findings • Code4rena • said

silver

high

Rounding error in `WUSDA` can result in loss of user funds, especially when manipulated by an attacker

high

crvRewardsContract `getReward` can be called directly, breaking vaults `claimRewards` functionallity

Tokemak

Tokemak

3,673.27 USDC • 10 total findings • Sherlock • saidam017

#8

high

ether that deposited trough `_processEthIn` is not considered inside router's `mint` and `deposit` operations

high

Destination's vault rewards potentially not accounted when `withdraw` or `redeem` is called

high

Attacker can steal LMPVault's reward by keep transferring LMPVault's share to attacker's another accounts

high

Users can construct redeem operations to extract more value inside LMPVault that have destination vault with rewards

high

`liquidateVaultsForToken` is broken due to mistake when performing swap

high

When `queueNewRewards` is called, caller could transfer tokens more than it should be

high

`MavEthOracle` price susceptible to reserves manipulation attack

high

Wrong decimals used when calculating `averagePrice` inside `IncentivePricingStats.updatePricingInfo`

high

Convex and Aura `getReward` can be called directly, breaking liquidation rows functionality and automation

medium

Calculator's APR can continuously reporting wrong value if first APR result is 0

Nouns DAO

Nouns DAO

4,056.62 USDC • 1 total finding • Code4rena • said

#4

high

User can steal tokens by using duplicated ERC20 tokens as parameter in NounsDAOLogicV1Fork.quit

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

4,051.98 USDC • 6 total findings • Code4rena • said

#17

high

Malicious user can front-run Gauges's `addBribeFlywheel` to steal bribe rewards

high

TalosBaseStrategy#init() lacks slippage protection

high

Rerange/rebalance should not use protocolFee as asset for adding liquidity

medium

`unstakeAndWithdraw` inside `BoostAggregator` could lose pendingRewards in certain case

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

RestakeToken function is not permissionless

Iron Bank

Iron Bank

0.00 USDC • 1 total finding • Sherlock • saidam017

#25

medium

Chainlink oracle data is not validated, could return unwanted price value.

Chainlink Cross-Chain Services: CCIP and ARM Network

Chainlink Cross-Chain Services: CCIP and ARM Network

1,226.45 USDC • Code4rena • said

#23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

156.14 USDC • 9 total findings • Sherlock • saidam017

#14

high

incorrect calculation of `amountToSellUnits` inside `BuyUSSDSellCollateral()` function

high

rebalance process incase of buying the collateral, could revert caused by incorrect condition check

high

`StableOracleWBTC` use wrong chainlink price feed contract address

high

Incorrect decimals assumption used inside `StableOracleDAI` when dealing with `priceFeedDAIETH` returned price value

high

Missing `onlyBalancer` modifier for `mintRebalancer()` and `burnRebalancer()` function

high

`USSD`'s `UniV3SwapInput()` executes swaps without slippage and deadline protection

medium

rebalance process incase of selling the collateral, could revert because of underflow calculation

medium

rebalance process incase of selling the collateral, could revert cause not checking `pathsell.length`

medium

Chainlink oracle data is not validated, could return unwanted `price` value.

Index

Index

0.17 USDC • 1 total finding • Sherlock • saidam017

#25

medium

Chainlink oracle data call in `AaveLeverageStategyExtension` is not validated, could return unwanted price value.

Apr '23

EigenLayer Contest

EigenLayer Contest

71.6 USDC • Code4rena • said

#25

Teller

Teller

610.62 USDC • 3 total findings • Sherlock • saidam017

#15

medium

Accepting loan bid will always revert if ERC20 token that deducts fee on transfer used as the collateral.

medium

updating TellerV2 lender manager will impact existing loan to send repay to previous lender manager

medium

Attacker can front run marketplace creation to create malicious borrow offer

Frankencoin

Frankencoin

118 USDC • 2 total findings • Code4rena • said

#41

high

CHALLENGER_REWARD can be used to drain reserves and free mint

medium

need alternative ways for fund transfer in `end()` to prevent DoS

Caviar Private Pools

Caviar Private Pools

37.62 USDC • 2 total findings • Code4rena • said

#58

high

PrivatePool owner can steal all ERC20 and NFT from user via arbitrary execution

medium

`Factory.create`: Predictability of pool address creates multiple issues.

Rubicon v2

Rubicon v2

458.56 USDC • 7 total findings • Code4rena • said

#32

high

Some offers can't be cancelled

medium

Missing a check for minimum sell amount at make function

medium

BathBuddy contract should implement methods to pause and unpause contract

medium

Fee inclusivity calculations are inaccurate in RubiconMarket

medium

Incorrect calculations can occur when calling `Position._marketBuy` and `Position._marketSell` functions that do not include maker fee in `_fee`

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

medium

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Mar '23

Gitcoin

Gitcoin

44.49 USDC • Sherlock • saidam017

#56

Asymmetry contest

Asymmetry contest

13.13 USDC • Code4rena • said

#110

Feb '23

Derby

Derby

350.88 USDC • 5 total findings • Sherlock • saidam017

#18

medium

In initial protocol state, user can keep calling `withdrawalRequest()`, but resulting in incorrect `user.withdrawalAllowance`.

medium

Vault can be denied from receiving Funds while rebalancing, also leaving the vault to stuck in `State.WaitingForFunds`.

medium

Calls to inactive vault's `pushTotalUnderlyingToController()` cause rebalance process to stuck

medium

Make withdrawal request before vault become inactive could hold user funds

medium

Adding blacklist protocol could break vault rebalance process