https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/9181a240-9045-439e-bcad-d66a5044c70a.jpg

shogoki

Security Researcher

Securint Web3 @sherlockdefi

Contact Me

High

14

Total

Medium

14

Total

$10.34K

Total Earnings

#541 All Time

18x

Payouts

silver

1x

2nd Places

regular

8x

Top 10

regular

12x

Top 25

All

Sherlock

Code4rena

CodeHawks

Immunefi

Nov '23

Audit Comp | DeGate

Audit Comp | DeGate

2,500 USDC • 1 total finding • Immunefi • Shogoki

#7

low

Finding not yet public.

Oct '23

Real Wagmi #2

Real Wagmi #2

438.52 USDC • 1 total finding • Sherlock • shogoki

#10

medium

Protocol is not usable & possible lock of funds on zksync because of wrong address computation

ENS

ENS

1,774.19 USDC • 1 total finding • Code4rena • Shogoki

#5

medium

Some tokens enable the direct draining of all approved `ERC20Votes` tokens

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

33.26 USDC • 5 total findings • CodeHawks • Shogoki

#87

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Token spending by Uniswap router doesn't get approved

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

low

Zero address leads to transaction reverts

gas

`PoolBalanceUpdated` event is emitted even when pool balance is not changed.

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.16 USDC • 2 total findings • CodeHawks • Shogoki

#132

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

medium

DSC protocol can consume stale price data or cannot operate on some EVM chains

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

1,849.63 USDC • 5 total findings • CodeHawks • Shogoki

#9

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

medium

Fixed `i_arbiterFee` can prevent payment

low

Constructor of `Escrow` should make sure that `buyer`, `seller`, `arbiter` are different from each other.

gas

Use Openzeppelin Minimal Clones to Save a Lot of Gas

gas

QA - Escrow__FeeExceedsPrice incorrect naming

Tokemak

Tokemak

7.81 USDC • 1 total finding • Sherlock • shogoki

#52

high

Router is requiring twice the tokens when paying with native eth

Beam

Beam

125.24 USDC • Sherlock • shogoki

#13

Jun '23

Canto

Canto

19.36 USDC • Code4rena • Shogoki

#12

RealWagmi

RealWagmi

151.76 USDC • 1 total finding • Sherlock • shogoki

#14

high

DoS - No Rebalance possible if there is no underlying Pool with Fee 500

DODO V3

DODO V3

78.86 USDC • 3 total findings • Sherlock • shogoki

#25

medium

Possible loss of Funds

medium

D3Fundingpool will not work as intended for Tokens with Approval Race Condition check

medium

Missing Check for Arbitrum Sequencer

Unitas Protocol

Unitas Protocol

1,398.52 USDC • 1 total finding • Sherlock • shogoki

#9

high

Unitas swap function is vulnerable to Sandwich Attack at oracle price update

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

20.73 USDC • 5 total findings • Sherlock • shogoki

#61

high

DoS by minting max amount

high

Swaps are suspectible to Sandwich Attacks

high

Rebalancing is suspectible to Flash Loan Attacks

high

Deployment of StableOracleDAI will fail

medium

No Redemption possible, even if Whitepater stated it

Index

Index

1,379.18 USDC • 3 total findings • Sherlock • shogoki

#9

medium

Loss of user funds - unchecked Return of ERC20 Transfer

medium

Possible miscalculation of Leverage Ratio because of unchecked Chainlink values

medium

Leverage Module will not work for some ERC20 Tokens (no allowance to 0 first)

DODO Margin Trading

DODO Margin Trading

116.10 USDC • 1 total finding • Sherlock • shogoki

silver

high

Loss of funds - Attacker can call arbitrary function on any smart contract in context of user´s MarginTrading contract

Ajna Protocol

Ajna Protocol

36.24 USDC • Code4rena • Shogoki

#49

Footium

Footium

409.36 USDC • 3 total findings • Sherlock • shogoki

#8

high

Previous owner can take club tokens (players, etc.) when selling.

high

Previous club owner can steal future bought or minted NFTs (players) from new owner

medium

Minted tokens might be lost when minted to contract that cannot handle it.

Mar '23

Asymmetry contest

Asymmetry contest

0.14 USDC • 1 total finding • Code4rena • Shogoki

#126

high

Staking, unstaking and rebalanceToWeight can be sandwiched (Mainly rETH deposit )