https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/e0cdac90-6b53-40f6-9cd6-744a1c167141.png

shung

Security Researcher

Contact Me

High

Total

Medium

Total

$12.29K

Total Earnings

#514 All Time

9x

Payouts

2x

Top 10

9x

Top 25

9x

Top 50

All

Sherlock

Code4rena

Dec '22

Caviar contest

843.01 USDC • 1 total finding • Code4rena • shung

#10

high

Liquidity providers may lose funds when adding liquidity

Oct '22

Trader Joe v2 contest

2,139.51 USDC • 1 total finding • Code4rena • shung

#12

medium

Attacker can keep fees max at no cost

Sep '22

Knox Finance

1,009.04 USDC • 1 total finding • Sherlock • shung

#10

medium

Internal `OptionMath._getPositivePlaceValues()` function do not handle values below `185`

Art Gobblers contest

594.22 USDC • 1 total finding • Code4rena • shung

#16

medium

The reveal process could brick if `randProvider` stops working

Jun '22

Putty contest

1,397.16 USDC • 2 total findings • Code4rena • shung

#13

medium

Order cancellation is prone to frontrunning and is dependent on a centralized database

medium

Unbounded loops may cause `exercise()`s and `withdraw()`s to fail

Yieldy contest

440.97 USDC • 3 total findings • Code4rena • shung

#23

high

`Staking.sol#stake()` DoS by staking 1 wei for the recipient when `warmUpPeriod > 0`

medium

No way to set CURVE_POOL approval after setting new curve pool address

medium

`_storeRebase()` is called with the wrong parameters

May '22

OpenSea Seaport contest

5,202.73 USDC • Code4rena • shung

#12

Cally contest

319.71 USDC • 1 total finding • Code4rena • shung

#19

medium

Owner can modify the feeRate on existing vaults and steal the strike value on exercise

Forgotten Runes Warrior Guild contest

348.3 USDC • 1 total finding • Code4rena • shung

#22

medium

Many unbounded and under-constrained variables in the system can lead to unfair price or DoS