https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/889d7f41-a5cb-4efb-a53a-964eb607d3e4.jpg

sobieski

Security Researcher

Full Stack Developer ⌨️ | BEng Computer Science 🖥️ | BSc Finance 🪙 | 🦅 at @CodeHawks | Web3 development & security enthusiast ⛓️

Contact Me

High

Total

Medium

Total

$775.00

Total Earnings

#1303 All Time

5x

Payouts

1x

Top 10

4x

Top 25

5x

Top 50

All

Sherlock

Code4rena

CodeHawks

Feb '24

AI Arena

239.22 USDC • 4 total findings • Code4rena • sobieski

#24

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Burner role can not be revoked

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.

Jan '24

Telcoin Platform Audit

2.64 USDC • 1 total finding • Sherlock • sobieski

high

Burning CouncilMember NFTs locks the last minter from their balance

Aug '23

Sparkn

198.38 USDC • 1 total finding • CodeHawks • sobieski

#27

high

The same signature can be used in different `distribution` implementation causing that the caller who owns the signature, can distribute on unauthorized implementations

Jul '23

Beedle - Oracle free perpetual lending

244.46 USDC • 12 total findings • CodeHawks • sobieski

#14

high

Lender contract can be drained by re-entrancy in `setPool`

high

During refinance() new Pool balance debt is subtracted twice

high

[H-04] Lender#buyLoan - Malicious user could take over a loan for free without having a pool because of wrong access control

high

Stealing any loan opening for auction through others' lending pool

high

Token spending by Uniswap router doesn't get approved

high

A pool lender can fully drain another user's pool by abusing `buyLoan`

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

high

Lender can Sandwich a borrower to seize his collateral

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Lender contract can be drained by re-entrancy in `seizeLoan`

medium

Lender contract can be drained by re-entrancy in `refinance` (collateral)

gas

Cannot use `_burn` Function in Beedle.sol Contract

Foundry DeFi Stablecoin CodeHawks Audit Contest

90.91 USDC • 9 total findings • CodeHawks • sobieski

#18

medium

DSC protocol can consume stale price data or cannot operate on some EVM chains

medium

All of the USD pair price feeds doesn't have 8 decimals

medium

`liquidate` does not allow the liquidator to liquidate a user if the liquidator HF < 1

low

Improving the burnDsc() to allow users to mitigate their liquidation's impact

gas

Double checks

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

gas

Constants should be be used for hardcoded values

gas

Redundant check for transfer success

gas

Misleading comment in DSCEngine._healthFactor