https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/2aa4a326-f0c0-4126-9383-6aed49816e4f.jpg

steadyman

Security Researcher

Contact Me

High

Total

Medium

Total

$125.00

Total Earnings

#1746 All Time

7x

Payouts

2x

Top 25

3x

Top 50

All

Sherlock

Code4rena

Jan '25

Aave v3.3

14.42 USDC • Sherlock • steadyman

#103

Sep '24

Flayer

8.36 USDC • 1 total finding • Sherlock • steadyman

#68

high

There is a problem with the logic of the function that cancels the shutdown process

Aug '24

Cork Protocol

88.09 USDC • 1 total finding • Sherlock • steadyman

#14

high

Incorrect repurchase logic

May '24

Predy

0.17 USDC • 1 total finding • Code4rena • steadyman

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Munchables

0.01 USDC • 1 total finding • Code4rena • steadyman

#16

high

Invalid validation allows users to unlock early

Apr '24

NOYA

3.36 USDC + NOYA stars • 2 total findings • Code4rena • steadyman

#107

high

`executeWithdraw` may be blocked if any of the users are blacklisted from the `baseToken`

medium

Withdrawals in AccountManager are prone to DOS attacks.

DYAD

11.38 USDC • 4 total findings • Code4rena • steadyman

#90

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Users can get their Kerosene stuck until TVL becomes greater than Dyad's supply

high

Unable to withdraw Kerosene from `vaultmanagerv2::withdraw` as it expects a `vault.oracle()` method which is missing in Kerosene vaults

medium

Incorrect deployment / missing contract will break functionality