https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

tallo

Security Researcher

Contact Me

High

2

Solo

20

Total

Medium

15

Total

$16.00K

Total Earnings

#399 All Time

20x

Payouts

silver

1x

2nd Places

regular

5x

Top 10

regular

8x

Top 25

All

Sherlock

Code4rena

Cantina

Feb '25

SEDA Protocol

SEDA Protocol

8,448.04 USDC • 6 total findings • Sherlock • tallo

silver

high

ExecuteTallyVM has a memory leak which will lead to nodes eventually crashing

high

Gas costs are severely underpriced for certain WASM instructions which can lead to network DoS

high

VM call_result_value function doesn't charge gas which can result in chain DoS

high

Gas free messages can be used to DoS the network

high

A single valid validator can falsify consensus through signature duplication in postBatch

high

Malicious WASM program can cause denial of service attack against SEDA validators through unbounded stdout/stderr

Jan '25

IQ AI

IQ AI

915.76 USDC • 1 total finding • Code4rena • tallo

#5

medium

Attacker can DOS liquidity migration in LiquidityManager.sol

Oct '24

Omni Network

Omni Network

392.58 USDC • 1 total finding • Cantina • tallo

#19

medium

Finding not yet public.

Aug '24

ZeroLend One

ZeroLend One

1,743.80 USDC • 3 total findings • Sherlock • tallo

#7

high

Liquidated positions will still accrue rewards after being liquidated

high

Protocol bad debt is never handled

medium

Users are not able to call ```Pool.sol#setUserUseReserveAsCollateral``` on their NFT positions

Mar '24

Optimism Fault Proofs

Optimism Fault Proofs

2,203.02 USDC • 1 total finding • Sherlock • tallo

#6

medium

Malicious users can brick FaultDisputeGame deployments

Feb '24

AI Arena

AI Arena

0.64 USDC • 4 total findings • Code4rena • tallo

#174

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

NFTs can be transferred even if StakeAtRisk remains, so the user's win cannot be recorded on the chain due to underflow, and can recover past losses that can't be recovered(steal protocol's token)

medium

Can mint NFT with the desired attributes by reverting transaction

Nov '23

Kelp DAO | rsETH

Kelp DAO | rsETH

78.78 USDC • 1 total finding • Code4rena • tallo

#41

medium

Update in strategy will cause wrong issuance of shares

Oct '23

NextGen

NextGen

0 USDC • 1 total finding • Code4rena • tallo

#115

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

The Wildcat Protocol

The Wildcat Protocol

6.79 USDC • 2 total findings • Code4rena • tallo

#68

high

Borrower has no way to update `maxTotalSupply` of `market` or close market.

high

Borrower can drain all funds of a sanctioned lender

Aug '23

Tangible Caviar

Tangible Caviar

268.31 USDC • Code4rena • tallo

#35

Jun '23

Arrakis

Arrakis

555.84 USDC • 1 total finding • Sherlock • tallo

#19

high

Extra ether sent to ```ArrakisV2Router#addLiquidityPermit2()``` is not properly refunded

Stader Labs

Stader Labs

152.64 USDC • 2 total findings • Code4rena • tallo

#27

medium

Chainlink's `latestRoundData` may return stale or incorrect result

medium

`pause/unpause` functionnalities not implemented in many pausable contracts

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.44 USDC • 4 total findings • Sherlock • tallo

#86

high

Lack of access control on crucial USSD minting and burning functionality

high

Hardcoded slippage protection value (amountOutMinimum) of '0' can result in lost funds

high

USSDRebalancer.getOwnValuation and getSupplyProportion are vulnerable to manipulation due to how they calculate token balances

medium

Chainlink oracles are not checked for stale price

Apr '23

Blueberry Update

Blueberry Update

10.74 USDC • 1 total finding • Sherlock • tallo

#16

medium

Chainlink oracle makes no check to see if the Arbitrum sequencer is down

Teller

Teller

6.92 USDC • 1 total finding • Sherlock • tallo

#50

medium

A malicious market owner/protocol owner can front-run calls to lenderAcceptBid and change the marketplace fee to steal lender funds

Frankencoin

Frankencoin

981.18 USDC • 2 total findings • Code4rena • tallo

#10

high

CHALLENGER_REWARD can be used to drain reserves and free mint

high

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Caviar Private Pools

Caviar Private Pools

40.74 USDC • 1 total finding • Code4rena • tallo

#55

medium

Loss of funds for traders due to accounting error in royalty calculations

Rubicon v2

Rubicon v2

105.96 USDC • 2 total findings • Code4rena • tallo

#54

high

RubiconMarket batchOffer and batchRequote make offers as self; complete loss of funds for some types of tokens, for example WETH

medium

Calling `ExpiringMarket.stop` and `ExpiringMarket.isClosed` functions cannot pause any functionlities of the market

Mar '23

Gitcoin

Gitcoin

14.37 USDC • Sherlock • tallo

#66

Feb '23

Derby

Derby

72.42 USDC • 1 total finding • Sherlock • tallo

#33

medium

Loss of rewards due to multiple timed calls of rebalanceBasket