https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/b2f7b724-000f-4e8d-a455-6f4a12e4eb33.jpg

sirhashalot

Security Researcher

Honorable knight securing Camelot

Contact Me

High

3

Total

Medium

21

Total

$39.95K

Total Earnings

#228 All Time

24x

Payouts

bronze

2x

3rd Places

regular

12x

Top 10

regular

23x

Top 25

All

Sherlock

Code4rena

Sep '22

Sherlock

Sherlock

774.97 USDC • 1 total finding • Sherlock • sirhashalot

#5

medium

Loss of funds with high liquidExitPenalty

Harpie

Harpie

306.49 USDC • 2 total findings • Sherlock • sirhashalot

#6

medium

Casting overflow can cause locked funds

medium

ECDSA Signature Malleability

May '22

OpenSea Seaport contest

OpenSea Seaport contest

474.36 USDC • Code4rena • sirhashalot

#39

Mar '22

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

2,135.11 USDT • 1 total finding • Code4rena • sirhashalot

#8

medium

Frontrunning of setPerTokenWalletCap edge case

Feb '22

Nested Finance contest

Nested Finance contest

75.57 USDC • Code4rena • sirhashalot

#19

Badger Citadel contest

Badger Citadel contest

1,218.58 USDC • 2 total findings • Code4rena • sirhashalot

#11

medium

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

medium

[WP-H3] `saleRecipient` can rug buyers

Jan '22

Yield-Convex contest

Yield-Convex contest

1,045.22 USDC • 1 total finding • Code4rena • sirhashalot

#5

medium

Oracle data feed is insufficiently validated.

Notional contest

Notional contest

426.35 USDC • 1 total finding • Code4rena • sirhashalot

#16

medium

Usage of deprecated ChainLink API in `EIP1271Wallet`

OpenLeverage contest

OpenLeverage contest

362.8 USDT • Code4rena • sirhashalot

#13

Behodler contest

Behodler contest

7,867.47 USDC • 1 total finding • Code4rena • sirhashalot

#4

high

Flash loan price manipulation in `purchasePyroFlan()`

Trader Joe contest

Trader Joe contest

2,357.4 USDT • 3 total findings • Code4rena • sirhashalot

#5

medium

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

medium

`createPair()` expects zero slippage

medium

Failed transfer with low level call could be overlooked

Sherlock contest

Sherlock contest

3,128.52 USDC • Code4rena • sirhashalot

#8

ElasticSwap contest

ElasticSwap contest

13.86 USDC • Code4rena • sirhashalot

#21

Livepeer contest

Livepeer contest

1,750 tokens) • Code4rena • sirhashalot

#9

InsureDAO contest

InsureDAO contest

4,614.61 tokens) • 1 total finding • Code4rena • sirhashalot

#4

high

Tokens can be burned with no access control

Sandclock contest

Sandclock contest

1,413.46 USDC • 1 total finding • Code4rena • sirhashalot

#14

medium

no use of safeMint() as safe guard for users

XDEFI contest

XDEFI contest

1,026.51 USDC • 1 total finding • Code4rena • sirhashalot

bronze

medium

`_safeMint` Will Fail Due To An Edge Case In Calculating `tokenId` Using The `_generateNewTokenId` Function

Timeswap contest

Timeswap contest

7,476.43 USDC • 4 total findings • Code4rena • sirhashalot

bronze

medium

`burn()` doesn't call ERC721 `_burn()`

medium

safeDecimals can revert causing DoS

medium

`safeName()` can revert causing DoS

medium

`safeSymbol()` can revert causing DoS

Dec '21

Yeti Finance contest

Yeti Finance contest

65.28 USDC • Code4rena • sirhashalot

#23

NFTX contest

NFTX contest

1,323.39 USDC • 2 total findings • Code4rena • sirhashalot

#14

medium

Return variable can remain unassigned in _sendForReceiver

medium

transfer return value is ignored

Amun contest

Amun contest

76.03 USDC • Code4rena • sirhashalot

#25

Sublime contest

Sublime contest

1,014.14 USDC • 1 total finding • Code4rena • sirhashalot

#12

medium

Missing approve(0)

PoolTogether TwabRewards contest

PoolTogether TwabRewards contest

1,005.4 USDC • 2 total findings • Code4rena • sirhashalot

#7

high

Rewards can be claimed multiple times

medium

Unsafe uint64 casting may overflow

Kuiper contest

Kuiper contest

2.45 ETH • Code4rena • sirhashalot

#20