https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/25cdc1fc-44e1-4271-8801-f9b18701ba64.jpg

shushu

Security Researcher

Web3 Security and Development | Learning in Public

Contact Me

High

13

Total

Medium

13

Total

$1.10K

Total Earnings

#1257 All Time

5x

Payouts

regular

1x

Top 25

regular

4x

Top 50

All

Sherlock

CodeHawks

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

81.40 USDC • 7 total findings • Sherlock • shushu

#37

high

Asset confusion in `withdrawToNativeChain` allows swapping unauthorized funds

high

`GatewayCrossChain::claimRefund` allows anyone to steal Solana refunds

medium

`GatewaySend::onRevert` fails to handle refunds for native gas tokens

medium

`GatewayTransferNative::_doMixSwap` reverts when swapping from native gas token in `GatewayTransferNative::withdrawToNativeChain`

medium

Attacker can overwrite legitimate refundsInfo by triggering `GatewayCrossChain::onRevert`

medium

`GatewayCrossChain::claimRefund` sends refunded BTC to bitcoin address on ZetaChain, instead of a legitimate ZetaChain address.

medium

`GatewaySend::_handleERC20Deposit`approve` will revert for non-standard ERC20 tokens like USDT.

Apr '25

Burve

Burve

333.44 USDC • 2 total findings • Sherlock • shushu

#19

high

VaultE4626Impl::commit causes over-withdrawal of tokens during rehypothecation

high

Fee from Vaults are absorbed by Protocol instead of User

Feb '25

Core Contracts

Core Contracts

466.72 usdc • 16 total findings • CodeHawks • shuernchua

#48

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

RToken's transfer function lead to loss of funds due to incorrect math

high

Users can borrow more assets than they have deposited as collateral

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

high

Any attempt to liquidate a user will fail, because StabilityPool does not hold crvUSD during operational lifecycle

high

Treasury Balance Tracking Bypass in FeeCollector

high

Attackers can double voting power and veToken amount by locking and increasing

medium

Liquidation Cannot Be Closed Even With Healthy Position Due To Strict Debt Check

medium

LendingPool.getUserDebt returns outdated value and can lead to liquidation failure

medium

Emergency revoke in RAACReleaseOrchestrator will freeze revoked RAAC tokens in orchestrator

medium

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

medium

`RAACReleaseOrchestrator::emergencyRevoke()` fails to update `categoryUsed`, leading to token lockup and incorrect accounting

medium

Proposal Front-Running via Predictable Salt in `TimelockController::scheduleBatch`

medium

StabilityVault can be drained of RTokens when LendingPool reserve.liquidityIndex >= 2 RAY

low

Emergency Timelock Bypass: No Enforced 1-Day Delay for Emergency Actions

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

Jan '25

Part 2

Part 2

72.85 usdc • 1 total finding • CodeHawks • shuernchua

#52

medium

Invalid Calls and Reverts Due to Trailing Zeros in FeeConversionKeeper’s Upkeep Data

Plaza Finance

Plaza Finance

144.28 USDC • 2 total findings • Sherlock • shushu

#33

high

BalancerRouter retains unused assets from maxAmountsIn, potentially causing user fund losses

high

Pool uses incorrect `currentPeriod` in `transferReserveToAuction(uint256 amount)`