Banner
https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/bbdf445c-f7e1-43c3-8fcb-44a39fb700d1.jpg

santipu_

Security Researcher

Lead Senior Watson

Contact Me

High

1

Solo

32

Total

Medium

4

Solo

50

Total

$124.37K

Total Earnings

#73 All Time

23x

Payouts

gold

3x

1st Places

silver

4x

2nd Places

bronze

4x

3rd Places

All

Sherlock

Code4rena

Cantina

May '25

Beraborrow Periphery Security Review

Beraborrow Periphery Security Review

Collaborative Audit • Sherlock • santipu_

Feb '25

beraborrow-blockend

beraborrow-blockend

25,101.81 USDC • 9 total findings • Cantina • santipu

gold

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '25

Next Generation

Next Generation

227.2 USDC • 2 total findings • Code4rena • santipu_

#8

high

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

medium

Lack of deadline check in forwarded request

daao-contracts

daao-contracts

245.9 USDC • 9 total findings • Cantina • santipu

#24

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

FlatMoney v2 Update

FlatMoney v2 Update

5,674.24 USDC • Sherlock • santipu_

silver

Findings not publicly available for private contests.

Dec '24

bima-money

bima-money

36,495.15 USDC • 11 total findings • Cantina • santipu

bronze

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jul '24

Munchables

Munchables

404.19 USDC • 4 total findings • Code4rena • santipu_

#12

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

medium

Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment

Exactly Protocol Update - Staking Contract

Exactly Protocol Update - Staking Contract

363.03 USDC • 2 total findings • Sherlock • santipu_

bronze

medium

Loss of rewards due to rounding when the reward token has low decimals (wbtc)

medium

DoS on deposits when the underlying market is highly utilized

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

8,685.82 USDC • 3 total findings • Sherlock • santipu_

gold

high

Users can vote with expired MLUM staking positions

high

Attacker can block all votes to a specific pool by triggering an overflow error

medium

Attacker can block others from offering bribes

Jun '24

dHEDGE

dHEDGE

14,536.16 USDC • Sherlock • santipu_

gold

Findings not publicly available for private contests.

Apr '24

Exactly Protocol

Exactly Protocol

9,380.78 USDC • 6 total findings • Sherlock • santipu_

silver

high

First Depositor Attack

medium

Bad debt isn't cleared when `earningsAccumulator` is lower than a fixed-pool bad debt

medium

Fixed interest rates can be manipulated by a whale borrower

medium

Theft of unassigned earnings from a fixed pool

medium

DoS on liquidations when utilization rate is high

medium

Manipulation of the floating debt by updating `floatingBackupBorrowed`

Flat Money Fix Review Contest

Flat Money Fix Review Contest

1,442.74 USDC • 2 total findings • Sherlock • santipu_

silver

medium

Large amount of points can STILL be minted without any cost

medium

Attacker can steal LPs funds by using different oracle prices in the same transaction

Mar '24

vVv Vesting & Staking

vVv Vesting & Staking

445.76 USDC • Sherlock • santipu_

#8

Feb '24

Perpetual

Perpetual

4,207.19 USDC • 2 total findings • Sherlock • santipu_

#7

medium

Inability to liquidate whitelisted makers will cause bad debt on the protocol

medium

Attacker can sandwich its own position settlement on `SpotHedgeBaseMaker` to get a better price and have instant profits

Smilee Finance

Smilee Finance

1,402.12 USDC • 2 total findings • Sherlock • santipu_

bronze

medium

Missing Access Control for `trackVaultFee` Leading to a DoS in Trading Operations

medium

Vault Inflation Attack

Jan '24

Flat Money

Flat Money

4,183.33 USDC • 6 total findings • Sherlock • santipu_

silver

high

Permanent lock of all funds when the funding fees are bigger than total margin

high

Attacker can steal funds due to settling PnL with wrong price on a liquidation

high

Users can avoid paying trade fees on limit orders

high

Inability to Liquidate Certain Positions Due to Erroneous Stable Collateral Update

medium

First Depositor of Stable Collateral will cause a System-Wide Denial of Service

medium

Users Can Exceed Maximum Skew Due to Unsettled PnL

Curves

Curves

1,636.89 USDC • 7 total findings • Code4rena • santipu_

#5

high

Whitelised accounts can be forcefully DoSed from buying curveTokens during the presale

high

Unrestricted claiming of fees due to missing balance updates in `FeeSplitter`

high

Unauthorized Access to setCurves Function

medium

Protocol and referral fee would be permanently stuck in the Curves contract when selling a token

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Withdrawing with amount = 0 will forcefully set name and symbol to default and disable some functions for token subject

medium

Theft of holder fees when `holderFeePercent` was positive and is set to zero

Dec '23

Ethereum Credit Guild

Ethereum Credit Guild

4,635.69 USDC • 7 total findings • Code4rena • santipu_

#4

high

The userGaugeProfitIndex is not set correctly, allowing an attacker to receive rewards without waiting

high

Users staking via the `SurplusGuildMinter` can be immediately slashed when staking into a gauge that had previously incurred a loss

medium

Wrong ProfitManager in GuildToken, will always revert for other types of gauges leading to bad debt

medium

`totalBorrowedCredit` can revert, breaking gauges.

medium

Inability to offboard term twice in a 7-day period may lead to bad debt to the market

medium

Incorrect calculations in debtCeiling

medium

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Oct '23

Ajna #2

Ajna #2

4,250 USDC • 2 total findings • Sherlock • santipu_

bronze

medium

Incorrect implementation of `BPF` leads to kicker losing rewards in a `take` action

medium

Function `_indexOf` will cause a settlement to revert if `auctionPrice > MAX_PRICE`

Sep '23

Venus Prime

Venus Prime

786.38 USDC • 2 total findings • Code4rena • santipu_

#8

high

Incorrect decimal usage in score calculation leads to reduced user reward earnings

high

Prime.sol - User can claim Prime token without having any staked XVS, because his `stakedAt` isn't reset whenever he is issued an irrevocable token.

May '23

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • santipu_

#23

medium

Lack of sequencer uptime check when getting oracle data for Arbitrum or Optimism

medium

Lack of checks to avoid stale prices from Chainlink oracle

Footium

Footium

89.86 USDC • 2 total findings • Sherlock • santipu_

#24

medium

Unchecked Return Values in ERC20 Transfer Function

medium

FootiumAcademy allows clubs to mint one extra player each season

Apr '23

Frankencoin

Frankencoin

149.54 USDC • 2 total findings • Code4rena • santipu_

#38

medium

Can't pause or remove a minter

medium

No slippage control when minting and redeeming FPS

Mar '23

Neo Tokyo contest

Neo Tokyo contest

29.67 USDC • Code4rena • santipu_

#21