https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_6.png

sorrynotsorry

Security Researcher

High

10

Total

Medium

19

Total

$50.84K

Total Earnings

#219 All Time

59x

Payouts

silver

2x

2nd Places

regular

14x

Top 10

regular

29x

Top 25

All

Sherlock

Code4rena

Cantina

Jan '25

Aave v3.3

Aave v3.3

190.02 USDC • Sherlock • sorrynotsorry

#63

Dec '24

Tally ARB Staker

Tally ARB Staker

583.61 USDC • Sherlock • sorrynotsorry

#8

Nov '23

morpho-blue

morpho-blue

1,243.18 USDC • 1 total finding • Cantina • sorryNotsorry

#15

high

Finding not yet public.

Oct '23

Ethena Labs

Ethena Labs

123.66 USDC • 1 total finding • Code4rena • sorrynotsorry

#25

medium

``FULL_RESTRICTED`` Stakers can bypass restriction through approvals

Brahma

Brahma

23.96 USDC • Code4rena • sorrynotsorry

#12

Aug '23

Chainlink Staking v0.2

Chainlink Staking v0.2

389.84 USDC • Code4rena • sorrynotsorry

#43

Jul '23

Beam

Beam

136.05 USDC • Sherlock • sorrynotsorry

#11

Apr '23

Frankencoin

Frankencoin

22.6 USDC • Code4rena • sorrynotsorry

#66

Mar '23

Polynomial Protocol contest

Polynomial Protocol contest

78.86 USDC • Code4rena • sorrynotsorry

#30

Jan '23

Popcorn contest

Popcorn contest

35.48 USDC • Code4rena • sorrynotsorry

#84

Canto Identity Protocol contest

Canto Identity Protocol contest

44.97 CANTO • Code4rena • sorrynotsorry

#13

Timeswap contest

Timeswap contest

4,626 USDC • 1 total finding • Code4rena • sorrynotsorry

#4

medium

sqrtDiscriminant can be calculated wrong

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

36.5 USDC • Code4rena • sorrynotsorry

#55

Dec '22

Escher contest

Escher contest

0.84 USDC • 1 total finding • Code4rena • sorrynotsorry

#69

high

`LPDA` price can underflow the price due to bad settings and potentially brick the contract

Nov '22

Canto contest

Canto contest

2,197.91 CANTO • Code4rena • sorrynotsorry

#4

Oct '22

Inverse Finance contest

Inverse Finance contest

24.6 USDC • 2 total findings • Code4rena • sorrynotsorry

#45

medium

Oracle assumes token and feed decimals will be limited to 18 decimals

medium

Chainlink oracle data feed is not sufficiently validated and can return stale `price`

Astaria

Astaria

495.13 USDC • 2 total findings • Sherlock • sorrynotsorry

#13

high

LienToken's `calculateSlope` might panic

medium

LienToken's `_getInterest` function logic is wrong

Trader Joe v2 contest

Trader Joe v2 contest

0.01 USDC • 1 total finding • Code4rena • sorrynotsorry

#32

medium

Very critical `Owner` privileges can cause complete destruction of the project in a possible privateKey exploit

Mycelium

Mycelium

99.78 USDC • 1 total finding • Sherlock • sorrynotsorry

#9

high

DOS with zero share minting

Sep '22

QuickSwap and StellaSwap contest

QuickSwap and StellaSwap contest

52.04 USDC • Code4rena • sorrynotsorry

#50

VTVL contest

VTVL contest

3,030.46 USDC • 1 total finding • Code4rena • sorrynotsorry

silver

medium

_releaseIntervalSecs is not validated

FEI and TRIBE Redemption contest

FEI and TRIBE Redemption contest

34.5 USDC • Code4rena • sorrynotsorry

#10

Canto Dex Oracle contest

Canto Dex Oracle contest

1,212.51 CANTO • Code4rena • sorrynotsorry

#6

Nouns Builder contest

Nouns Builder contest

445.45 USDC • 1 total finding • Code4rena • sorrynotsorry

#39

medium

Auction parameters can be changed during ongoing auction

Aug '22

Sentiment

Sentiment

533.47 USDC • 1 total finding • Sherlock • sorrynotsorry

#17

high

Chainlink price decimals are assumed as 18

Olympus DAO contest

Olympus DAO contest

536.51 USDC • 1 total finding • Code4rena • sorrynotsorry

#33

high

TRSRY: front-runnable `setApprovalFor`

Jul '22

Fractional v2 contest

Fractional v2 contest

329.66 USDC • 1 total finding • Code4rena • sorrynotsorry

#37

high

Vault implementation can be destroyed leading to loss of all assets

Jun '22

Nibbl contest

Nibbl contest

28.42 USDC • Code4rena • sorrynotsorry

#56

Badger-Vested-Aura contest

Badger-Vested-Aura contest

298.2 USDC • Code4rena • sorrynotsorry

#10

Infinity NFT Marketplace contest

Infinity NFT Marketplace contest

49.05 USDC • Code4rena • sorrynotsorry

#66

Connext Amarok contest

Connext Amarok contest

151.39 USDC • Code4rena • sorrynotsorry

#47

Notional x Index Coop

Notional x Index Coop

261.9 USDC • Code4rena • sorrynotsorry

#15

May '22

veToken Finance contest

veToken Finance contest

2,182.56 USDT • 1 total finding • Code4rena • sorrynotsorry

#12

medium

BaseRewardPool's `rewardPerTokenStored` can be inflated and rewards can be stolen

Velodrome Finance contest

Velodrome Finance contest

101.32 USDC • Code4rena • sorrynotsorry

#48

Rubicon contest

Rubicon contest

144.3 USDC • 2 total findings • Code4rena • sorrynotsorry

#44

high

First depositor can break minting of shares

medium

Use `call()` instead of `transfer()` when transferring ETH in RubiconRouter

OpenSea Seaport contest

OpenSea Seaport contest

1,923.74 USDC • Code4rena • sorrynotsorry

#30

Sturdy contest

Sturdy contest

1,786.24 USDC • 3 total findings • Code4rena • sorrynotsorry

#6

high

hard-coded slippage may freeze user funds during market turbulence

high

The check for value transfer success is made after the return statement in _withdrawFromYieldPool of LidoVault

medium

Title: Yield can be unfairly divided because of MEV/Just-in-time stablecoin deposits

Aura Finance contest

Aura Finance contest

151.97 USDC • Code4rena • sorrynotsorry

#44

Cally contest

Cally contest

54.97 USDC • Code4rena • sorrynotsorry

#66

Enso Finance contest

Enso Finance contest

5,264.32 USDT • Code4rena • sorrynotsorry

#7

FactoryDAO contest

FactoryDAO contest

176.09 DAI • Code4rena • sorrynotsorry

#28

Cudos contest

Cudos contest

13,156.6 USDC • 1 total finding • Code4rena • sorrynotsorry

silver

medium

Calls inside loops that may address DoS.

Forgotten Runes Warrior Guild contest

Forgotten Runes Warrior Guild contest

1,216.12 USDC • 2 total findings • Code4rena • sorrynotsorry

#7

medium

Use of `.send()` May Revert if The Recipient's Fallback Function Consumes More Than 2300 Gas

medium

IERC20.transfer does not support all ERC20 token

bunker.finance contest

bunker.finance contest

4,378.51 USDC • 2 total findings • Code4rena • sorrynotsorry

#4

medium

Chainlink pricer is using a deprecated API

medium

`call()` should be used instead of `transfer()` on an `address payable`

Apr '22

Mimo DeFi contest

Mimo DeFi contest

164 USDC • Code4rena • sorrynotsorry

#18

AbraNFT contest

AbraNFT contest

44.82 MIM • Code4rena • sorrynotsorry

#52

Backd contest

Backd contest

411.47 USDC • 1 total finding • Code4rena • sorrynotsorry

#23

medium

Chainlink's latestRoundData might return stale or incorrect results

xTRIBE contest

xTRIBE contest

356.74 USDC • Code4rena • sorrynotsorry

#13

Badger Citadel contest

Badger Citadel contest

428.53 USDC • Code4rena • sorrynotsorry

#27

JPEG'd contest

JPEG'd contest

80.91 USDC • Code4rena • sorrynotsorry

#49

Duality Focus contest

Duality Focus contest

255.68 USDC • Code4rena • sorrynotsorry

#9

Backed Protocol contest

Backed Protocol contest

96.42 USDC • Code4rena • sorrynotsorry

#27

Mar '22

Paladin contest

Paladin contest

121.24 USDC • Code4rena • sorrynotsorry

#30

LI.FI contest

LI.FI contest

632.5 USDC • 2 total findings • Code4rena • sorrynotsorry

#27

medium

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

medium

Reputation Risks with `contractOwner`

prePO contest

prePO contest

60.11 USDC • Code4rena • sorrynotsorry

#28

Feb '22

JPYC contest

JPYC contest

43.82 USDC • Code4rena • sorrynotsorry

#23

PoolTogether TWAB Delegator contest

PoolTogether TWAB Delegator contest

50.77 USDC • Code4rena • sorrynotsorry

#15

Hubble contest

Hubble contest

240.99 USDC • Code4rena • sorrynotsorry

#27

Jan '22

ElasticSwap contest

ElasticSwap contest

3.38 USDC • Code4rena • sorrynotsorry

#23