https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/2aa4a326-f0c0-4126-9383-6aed49816e4f.jpg

steadyman

Security Researcher

Contact Me

High

Total

Medium

Total

$126.00

Total Earnings

#1791 All Time

9x

Payouts

1x

Top 10

3x

Top 25

4x

Top 50

All

Sherlock

Code4rena

Mar '25

Nudge.xyz

0.06 USDC • 1 total finding • Code4rena • steadyman

medium

Unauthorized Reallocation in `NudgeCampaign::handleReallocation` and Reward Disruption Vulnerability in `NudgeCampaign::invalidateParticipations`

PinLink: RWA-Tokenized DePIN Marketplace

0.25 USDC • Sherlock • steadyman

#87

Jan '25

Aave v3.3

14.42 USDC • Sherlock • steadyman

#103

Sep '24

Flayer

8.36 USDC • 1 total finding • Sherlock • steadyman

#68

high

There is a problem with the logic of the function that cancels the shutdown process

Aug '24

Cork Protocol

88.09 USDC • 1 total finding • Sherlock • steadyman

#14

high

Incorrect repurchase logic

May '24

Predy

0.17 USDC • 1 total finding • Code4rena • steadyman

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Munchables

0.01 USDC • 1 total finding • Code4rena • steadyman

#16

high

Invalid validation allows users to unlock early

Apr '24

NOYA

3.36 USDC + NOYA stars • 2 total findings • Code4rena • steadyman

#107

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

Withdrawals in AccountManager are prone to DOS attacks.

DYAD

11.38 USDC • 4 total findings • Code4rena • steadyman

#90

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Incorrect deployment / missing contract will break functionality