https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/b559f5ab-a1e3-4d93-bd1f-f6a542b18ace.jpg

simon135

Security Researcher

EVM Security Researcher, Defi Maxi

Contact Me

High

21

Total

Medium

1

Solo

22

Total

$16.19K

Total Earnings

#394 All Time

68x

Payouts

regular

4x

Top 10

regular

20x

Top 25

regular

52x

Top 50

All

Sherlock

Code4rena

Sep '23

Allo V2

Allo V2

224.98 USDC • 3 total findings • Sherlock • simon135

#30

high

`setPool` can be called by anyone

high

`allocator.voiceCerdits` is not used in `QVSimpleStrategy` which the alloactor can vote unlimited times

medium

since `_allocator.voiceCreidtsCastToReceipeints+=totalCredits` is wrong and will be infliated not like the spec

Jul '23

Beam

Beam

143.93 USDC • Sherlock • simon135

#14

Jun '23

Symmetrical

Symmetrical

1,185.29 USDC • 6 total findings • Sherlock • simon135

#14

high

Both Partys can make `CloseQuote` revert by deallocate their funds and allowing the closing/liquidations to go threw

high

no check for exipred Price Timestamp like in PartyB which can cause price staleness

high

PartyA can control liquidations in `liquidatePartyA`

medium

FeeCollector can get ouf WithdrawCooldown in `receiveTradingFees`

medium

`liquidatePendingPositionsPartyA` dosnt give fee back when PartyA has positions in pending and instead liquidates them which should'nt happen

medium

If liquiation is not called in few blocks/timestmaps PartyB other positions can't be liquidated and funds will stuck in ` liquidatePositionsPartyB`

May '23

Iron Bank

Iron Bank

0.03 USDC • 2 total findings • Sherlock • simon135

#23

medium

no check on timestamp for latestRoundData

medium

oracle has no check if the sequencer is alive

Perennial

Perennial

769.62 USDC • 1 total finding • Sherlock • simon135

#15

medium

Some positions wont be able to be liquidated becuase of mistake in the code

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

270.72 USDC • 8 total findings • Sherlock • simon135

#6

high

2 oralces (wbgl,dai) oracle dont work and revert

high

Sandwitch attack will happen because no check on slippage

high

in `getOwnValution` we dont use a twap variable but instead use a not protected manipulates price

high

If `token1=Dai` the rebalance mostly wont work with high USSD value

high

Attackers can control how rebalance happens by changing balances

high

We can profit from public and burn mint function

high

DAI can be overshoot causing a USSD depegg

medium

`LatestRoundata` timestamp is not valiated

Mar '23

Gitcoin

Gitcoin

246.66 USDC • Sherlock • simon135

#18

Feb '23

GMX

GMX

2,520.39 USDC • 3 total findings • Sherlock • simon135

#12

high

slippage set to 0 it can cause users to get sandwiched

medium

keepers might have to pay more fees and not get reimbursed

medium

If block range it big and adl dosnt use currentblock in the order it will cause issues

Jan '23

Popcorn contest

Popcorn contest

35.48 USDC • Code4rena • simon135

#84

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

1,173.86 USDC • 2 total findings • Code4rena • simon135

#7

medium

When `rewardToken` is erc1155/erc777,an attacker can reenter and cause funds to be stuck in the contract forever

medium

DOS risk if enough tokens are minted in Quest.claim can lead, at least, to transaction fee lost

Cooler

Cooler

231.97 USDC • 3 total findings • Sherlock • simon135

#16

high

An attacker can block the contract and cause a dos to users with usdc

high

Since when a loan is cleared rollable=true an attacker can do many diffrent thinks with that like rolling over loan with frontrunning and getting more debt with out paying collateral

medium

Since when a loan is cleared `rollable=true` an attacker can do many diffrent thinks with that like rolling over loan with frontrunning and getting more debt with out paying collateral

Astaria contest

Astaria contest

51.32 USDC • Code4rena • simon135

#52

Dec '22

GoGoPool contest

GoGoPool contest

17.37 USDC • 1 total finding • Code4rena • simon135

#77

medium

`requireNextActiveMultisig` will always return the first enabled multisig which increases the probability of stuck minipools

Escher contest

Escher contest

0.61 USDC • 1 total finding • Code4rena • simon135

#71

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Nov '22

Redacted Cartel contest

Redacted Cartel contest

69.42 USDC • 1 total finding • Code4rena • simon135

#44

medium

Assets may be lost when calling unprotected `AutoPxGlp::compound` function

SIZE contest

SIZE contest

49.89 USDC • 1 total finding • Code4rena • simon135

#32

medium

Attacker may DOS auctions using invalid bid parameters

Oct '22

Rage Trade

Rage Trade

2,529.70 USDC • 1 total finding • Sherlock • simon135

#4

high

There is no input validation on `withdrawToken()` so an attacker can input any address as `from` and cause loss of funds

Inverse Finance contest

Inverse Finance contest

432.45 USDC • 1 total finding • Code4rena • simon135

#21

medium

Protocol withdrawals of collateral can be unexpectedly locked if governance sets the `collateralFactorBps` to 0.

Blur Exchange contest

Blur Exchange contest

50.48 USDC • Code4rena • simon135

#22

Sep '22

Art Gobblers contest

Art Gobblers contest

55.2 USDC • Code4rena • simon135

#21

Y2k Finance contest

Y2k Finance contest

89.45 USDC • Code4rena • simon135

#44

PartyDAO contest

PartyDAO contest

35.35 USDC • Code4rena • simon135

#67

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

33.58 USDC • Code4rena • simon135

#14

Nouns Builder contest

Nouns Builder contest

247.93 USDC • 1 total finding • Code4rena • simon135

#52

medium

Proposals can be bricked and Auctions stalled by bad settings

Aug '22

Olympus DAO contest

Olympus DAO contest

32.58 USDC • Code4rena • simon135

#91

Nouns DAO contest

Nouns DAO contest

52.11 USDC • Code4rena • simon135

#37

FIAT DAO veFDT contest

FIAT DAO veFDT contest

44.84 USDC • Code4rena • simon135

#62

Fraxlend (Frax Finance) contest

Fraxlend (Frax Finance) contest

67.05 USDC • Code4rena • simon135

#52

Foundation Drop contest

Foundation Drop contest

67.43 USDC • Code4rena • simon135

#38

Mimo August 2022 contest

Mimo August 2022 contest

108.93 USDC • Code4rena • simon135

#31

Rigor Protocol contest

Rigor Protocol contest

229.9 USDC • 1 total finding • Code4rena • simon135

#32

high

Builder can halve the interest paid to a community owner due to arithmetic rounding

Jul '22

Axelar Network v2 contest

Axelar Network v2 contest

88.2 USDC • Code4rena • simon135

#28

Golom contest

Golom contest

297.28 USDC • Code4rena • simon135

#39

Yield Witch v2 contest

Yield Witch v2 contest

60.51 USDC • Code4rena • simon135

#17

Swivel v3 contest

Swivel v3 contest

93.75 USDC • Code4rena • simon135

#32

ENS contest

ENS contest

118.73 USDC • Code4rena • simon135

#59

Fractional v2 contest

Fractional v2 contest

218.47 USDC • 2 total findings • Code4rena • simon135

#45

high

Division rounding can make fraction-price lower than intended (down to zero)

medium

Use of `payable.transfer()` may lock user funds

Juicebox V2 contest

Juicebox V2 contest

162.83 USDC • 1 total finding • Code4rena • simon135

#30

high

ORACLE DATA FEED CAN BE OUTDATED YET USED ANYWAYS WHICH WILL IMPACT ON PAYMENT LOGIC

Jun '22

Putty contest

Putty contest

74.6 USDC • 1 total finding • Code4rena • simon135

#56

medium

`fillOrder()` and `exercise()` may lock Ether sent to the contract, forever

Nibbl contest

Nibbl contest

45.56 USDC • Code4rena • simon135

#47

Yieldy contest

Yieldy contest

79.72 USDC • Code4rena • simon135

#57

Illuminate contest

Illuminate contest

158.14 USDC • 1 total finding • Code4rena • simon135

#41

high

Able to mint any amount of PT

Nested Finance contest

Nested Finance contest

189.71 USDC • Code4rena • simon135

#7

Badger-Vested-Aura contest

Badger-Vested-Aura contest

39.19 USDC • Code4rena • simon135

#39

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

83.56 USDC • Code4rena • simon135

#49

Canto contest

Canto contest

289.53 USDC • Code4rena • simon135

#41

Connext Amarok contest

Connext Amarok contest

242.71 USDC • Code4rena • simon135

#32

Notional x Index Coop

Notional x Index Coop

138.25 USDC • Code4rena • simon135

#29

May '22

Backd Tokenomics contest

Backd Tokenomics contest

171.81 USDC • Code4rena • simon135

#26

veToken Finance contest

veToken Finance contest

152.65 USDT • Code4rena • simon135

#45

Velodrome Finance contest

Velodrome Finance contest

157.85 USDC • Code4rena • simon135

#34

Rubicon contest

Rubicon contest

84.12 USDC • 1 total finding • Code4rena • simon135

#63

medium

Use `safeTransfer()`/`safeTransferFrom()` instead of `transfer()`/`transferFrom()`

Sturdy contest

Sturdy contest

105.8 USDC • 1 total finding • Code4rena • simon135

#21

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

Aura Finance contest

Aura Finance contest

234.58 USDC • Code4rena • simon135

#35

Cally contest

Cally contest

30.09 USDC • Code4rena • simon135

#76

Enso Finance contest

Enso Finance contest

287.43 USDT • Code4rena • simon135

#35

Alchemix contest

Alchemix contest

305.22 DAI • Code4rena • simon135

#20

FactoryDAO contest

FactoryDAO contest

114.54 DAI • Code4rena • simon135

#46

Cudos contest

Cudos contest

180.61 USDC • Code4rena • simon135

#35

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

45.73 USDC • Code4rena • simon135

#53

bunker.finance contest

bunker.finance contest

146.06 USDC • Code4rena • simon135

#20

Apr '22

PoolTogether Aave v3 contest

PoolTogether Aave v3 contest

27.86 USDC • Code4rena • simon135

#32

Mimo DeFi contest

Mimo DeFi contest

89.04 USDC • Code4rena • simon135

#24

AbraNFT contest

AbraNFT contest

131.9 MIM • Code4rena • simon135

#28

Backd contest

Backd contest

244.27 USDC • Code4rena • simon135

#33

xTRIBE contest

xTRIBE contest

148.62 USDC • Code4rena • simon135

#29

Phuture Finance contest

Phuture Finance contest

29.26 USDC • Code4rena • simon135

#33

Badger Citadel contest

Badger Citadel contest

52.17 USDC • Code4rena • simon135

#58