https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/efaf0751-6d97-403c-a60b-2e1b5f88fad1.jpg

shaflow01

Security Researcher

cf8b01f546

Contact Me

High

77

Total

Medium

46

Total

$58.83K

Total Earnings

#152 All Time

48x

Payouts

gold

3x

1st Places

silver

1x

2nd Places

bronze

6x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Apr '25

ZKP2P V2

ZKP2P V2

307.71 OP • Sherlock • shaflow01

#7

Findings not publicly available for private contests.

Mar '25

reserve-index-dtfs-solana

reserve-index-dtfs-solana

18,664.28 USDC • 9 total findings • Cantina • shaflow01

gold

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '25

THORWallet

THORWallet

653.79 USDC • 3 total findings • Code4rena • shaflow2

gold

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

high

MergeTgt has no handling if TGT_TO_EXCHANGE is exceeded during the exchange period

medium

Improper Transfer Restrictions on Non-Bridged Tokens Due to Boolean Bridged Token Tracking, Allowing a DoS Attack Vector

Jan '25

daao-contracts

daao-contracts

118.75 USDC • 3 total findings • Cantina • shaflow01

#33

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

infrared-contracts

infrared-contracts

92.62 USDC • 1 total finding • Cantina • shaflow01

#55

high

Finding not yet public.

ton-pool-contracts

ton-pool-contracts

1,157.32 USDC • 1 total finding • Cantina • shaflow01

#5

medium

Finding not yet public.

farcasterattestation-monorepo

farcasterattestation-monorepo

3,189.39 OP • 5 total findings • Cantina • shaflow01

#7

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Pump Science

Pump Science

3,041.85 USDC • 2 total findings • Code4rena • shaflow2

silver

high

The lock_pool operation can be dos

medium

Last buy might charge the wrong fee

Dec '24

Soon

Soon

4,192.67 USDC • 3 total findings • Cantina • shaflow01

#8

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

SecondSwap

SecondSwap

4.52 USDC • 3 total findings • Code4rena • shaflow2

#52

high

Users can claim more that their actual allotment

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

medium

Incorrect listing type validation bypasses enforcement of minimum purchase amount

Chainlink Payment Abstraction

Chainlink Payment Abstraction

1,987.07 USDC • Code4rena • shaflow2

bronze
Lambo.win

Lambo.win

22.23 USDC • 2 total findings • Code4rena • shaflow2

#31

high

LamboFactory can be permanently DoS-ed due to createPair call reversal

medium

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Nov '24

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • shaflow01

gold

high

Malicious actors can front-run and steal token from users.

Nibiru

Nibiru

688.06 USDC • 1 total finding • Code4rena • shaflow2

#9

medium

The `bankBalance` function failed to handle errors correctly.

Debita Finance V3

Debita Finance V3

15.67 USDC • 2 total findings • Sherlock • shaflow01

#48

high

The NFT in the buyOrder contract will not be transferred to the owner

medium

The fee calculation in extendLoan function has a error

Chainlink

Chainlink

3,315.79 USDC • Code4rena • shaflow2

bronze

Oct '24

Usual V1

Usual V1

1,013.20 USDC • 1 total finding • Sherlock • shaflow01

bronze

high

The withdrawal fee is not fully deducted from the total deposits.

Ethos Network Social Contracts

Ethos Network Social Contracts

1,485.02 USDC • 2 total findings • Sherlock • shaflow01

#4

medium

Removed addresses should not be able to call archiveProfile(), restoreProfile(), or uninviteUser().

medium

The upgradeable contract lacks a gap

tensor-monorepo

tensor-monorepo

1,241.13 USDC • 1 total finding • Cantina • shaflow01

#9

high

Finding not yet public.

Orderly Solana Vault Contract

Orderly Solana Vault Contract

1,997.97 USDC • 2 total findings • Sherlock • shaflow01

bronze

high

The `allowed_token` account lacks mint account verification.

high

oapp_lz_receive is missing a user check.

Omni Network

Omni Network

392.58 USDC • 1 total finding • Cantina • shaflow01

#19

medium

Finding not yet public.

mev-commit

mev-commit

600.16 USDC • 4 total findings • Cantina • shaflow01

#19

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Sep '24

WOOFi Swap on Solana

WOOFi Swap on Solana

4,859.44 USDC • 2 total findings • Sherlock • shaflow01

bronze

high

`rebate_info` and `rebate_manager` are unable to sign the CPI call due to an incorrect implementation of the `seeds` function

medium

Allow anyone to create new Wooracles and Woopools

Staking

Staking

1,450.92 USDC • CodeHawks • shaflow01

#13

Royco Protocol

Royco Protocol

139.64 USDC • 3 total findings • Cantina • shaflow01

#34

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Flayer

Flayer

83.33 USDC • 2 total findings • Sherlock • shaflow01

#56

high

Anyone can call `claimRoyalties` in `InfernalRiftBelow` contract

medium

Excess eth will not be returned during initialization of initialize collection

Aug '24

The Wildcat Protocol

The Wildcat Protocol

0 USDC • Code4rena • shaflow2

#13

Chakra

Chakra

4,527.02 USDT • 11 total findings • Code4rena • shaflow2

bronze

high

Malicious actors can manipulate the `cross_chain_callback` callback

high

There is no refund mechanism in `ChakraSettlement.processCrossChainCallback` or `ChakraSettlementHandler.receive_cross_chain_callback` function

high

Inconsistent Handler Validation Behavior in Cairo ERC20Handler's Cross-Chain Callback

high

Anyone can manipulate user nonce (nonce_manager) in settlement contract

high

In settlement.cairo::receive_cross_chain_msg - the message will always be marked with Status::SUCCESS

high

The LockMint and BurnUnlock modes cannot be used

high

SettlementSignatureVerifier is missing check for duplicate validator signatures

high

In Starknet already processed messages can be re-submitted and by anyone

high

Invalid token address used in `ChakraSettlementHandler::cross_chain_erc20_settlement(...)` leading to invalid transaction creation and event emission

medium

Does not check if to_chain and to_handler is whitelisted in cross_chain_erc20_settlement

medium

The receive_cross_chain_msg function has potential replay attack risks.

Superposition

Superposition

1,013.69 USDC • 6 total findings • Code4rena • shaflow2

#12

high

Missing `lower<upper` check in `mint_position`

high

update_emergency_council_7_D_0_C_1_C_58() updates nft manager instead of emergency council

high

Parameter Misordering in Fee Collection Function Causes Denial of Service and Fee Loss

medium

If liquidity is insufficient, users may need to pay more tokens in swap2

medium

`decrPosition09293696` will not work due to incorrect function signature

medium

No related function to set fee_protocol

zetachain-protocol

zetachain-protocol

698.97 USDC • 3 total findings • Cantina • shaflow01

#27

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Winnables Raffles

Winnables Raffles

37.23 USDC • 3 total findings • Sherlock • shaflow01

#19

high

An attacker can immediately cancel the raffle

high

The attacker can prevent the winner and the administrator from withdrawing funds from the prize pool.

medium

The Winnables administrator can prevent the winner from claiming the prize.

Tadle

Tadle

0.02 USDC • 3 total findings • CodeHawks • shaflow01

#165

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

high

TokenManager - Unlimited withdraw

high

Native token withdrawal fails until manually approved

Jul '24

Basin

Basin

135.48 USDC • 1 total finding • Code4rena • shaflow2

#7

high

`WellUpgradeable` can be upgraded by anyone

TraitForge

TraitForge

204.11 USDC • 4 total findings • Code4rena • shaflow2

#25

high

Number of entities in generation can surpass the 10k number

medium

Potential Uninitialized `entropySlots` Reading in `getNextEntropy`, Causing 0 Entropy Mint

medium

There is no slippage check in the `nuke()` function.

medium

Forger Entities can forge more times than intended

Munchables

Munchables

515.23 USDC • 5 total findings • Code4rena • shaflow2

#6

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

Zaros Part 1

Zaros Part 1

22.89 USDC • 2 total findings • CodeHawks • shaflow01

#76

high

Inadequate Checking of `isIncreasing` when trader adjusts position size

high

Market Disruption and Financial Loss Post-Liquidation

Jun '24

Vultisig

Vultisig

53.57 USDC • 1 total finding • Code4rena • shaflow2

#25

high

Most users won't be able to claim their share of Uniswap fees

Size

Size

9.6 USDC • 2 total findings • Code4rena • shaflow2

#56

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

Multicall does not work as intended

Thorchain

Thorchain

477.43 USDC • 2 total findings • Code4rena • shaflow2

#12

high

ThorChain will be informed wrongly about the unsuccessful ETH transfers due to the incorrect events emissions

medium

Due to the use of `msg.value` in for loop, anyone can drain all the funds from the `THORChain_Router` contract

May '24

Olas

Olas

0 USDC • Code4rena • shaflow2

#15

Predy

Predy

4.02 USDC • 2 total findings • Code4rena • shaflow2

#35

medium

Vaults can become immune from liquidation by setting `vault.recipient` to a blacklisted quote token address

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Munchables

Munchables

28.8 USDC • 5 total findings • Code4rena • shaflow2

#13

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

in `farmPlots()` an underflow in edge case leading to freeze of funds (NFT)

high

[H-01] Miscalculation in `_farmPlots` function could lead to a user unable to unstake all NFTs

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

medium

Players can gain more NFTs benefiting from that past remainder in subsequent locks

LoopFi

LoopFi

71.11 USDC • 1 total finding • Code4rena • shaflow2

#8

high

Availability of deposit invariant can be bypassed

Apr '24

NOYA

NOYA

123.12 USDC + NOYA stars • 9 total findings • Code4rena • shaflow2

#50

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

high

`NoyaValueOracle.getValue` returns an incorrect price when a multi-token route is used

high

In Dolomite, when opening a borrow position, the holding position in the Registry will never be updated due to the removePosition flag being set to true

medium

Withdrawals in AccountManager are prone to DOS attacks.

medium

Attacker can increase the length of `withdrawQueue` by withdrawing 0 amount of tokens frequently

medium

Incorrect modifier condition

medium

`maxDeposit`, `maxMint`, `maxWithdraw`, and `maxRedeem` functions do not return 0 when they should

medium

Noya is not compatible with tokens whose balance changes outside of transfers causing funds to get stuck in the contract

medium

`depositQueue.queue` in `AccountingManager` can be flooded causing a DoS

DYAD

DYAD

7.94 USDC • 4 total findings • Code4rena • shaflow2

#95

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

Feb '24

Althea Liquid Infrastructure

Althea Liquid Infrastructure

7.18 USDC • 1 total finding • Code4rena • shaflow2

#34

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

AI Arena

AI Arena

61.1 USDC • 4 total findings • Code4rena • shaflow2

#90

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Minter / Staker / Spender roles can never be revoked`..,

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.68 USDC • Code4rena • shaflow2

#55