https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/c1dbc9c9-2017-4b65-aab5-9bdb0b4bda27.jpg

tedox

Security Researcher

Contact Me

High

Total

Medium

Solo

Total

$10.06K

Total Earnings

#611 All Time

13x

Payouts

1x

1st Places

2x

3rd Places

4x

Top 10

All

Sherlock

Code4rena

CodeHawks

Sep '25

Ammplify

1,165.24 USDC • 3 total findings • Sherlock • tedox

#10

medium

Wrong use of variable `TAKER_VAULT_ID` in `Admin::transferVaultBalance()`

medium

`View::queryAssetBalances` does not account for JIT penalties

medium

`Taker.sol` does not account for tokens with the property "Transfer of less than amount"

Jul '25

Mellow Flexible Vaults

4,083.94 USDC • 3 total findings • Sherlock • tedox

high

Protocol is undercharging fees due to wrong shares tracking

medium

Wrong variable use leads to incorrect deposit cancels

medium

Users are paying more fees than they should due to wrong fee calculation

DeBank

291.11 USDC • Sherlock • tedox

#13

Dec '24

Oku's New Order Types Contract Contest

0.00 OP • 1 total finding • Sherlock • tedox

#66

high

Attacker can clone their orders without providing the necessary funds

Autonomint Colored Dollar V1

20.32 OP • 3 total findings • Sherlock • tedox

#45

high

`strikePrice` is not checked to match `strikePercent` allowing cheaper options

high

User can always renew their position

medium

Users can set an arbitrary `volatility` and not pay reduced fees

Jul '24

Kwenta Staking Rewards Upgrade

2,000 USDC • 1 total finding • Sherlock • tedox

medium

Precision loss when dealing with USDC token due to low amount of decimals

Munchables

126.54 USDC • 5 total findings • Code4rena • tedox

#27

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Zaros Part 1

918.13 USDC • 3 total findings • CodeHawks • tedox

#11

high

Inadequate Checking of `isIncreasing` when trader adjusts position size

medium

User can withdraw all collateral when a position has enough profit so if liquidated no collateral can be deducted

low

Use of uninitialized variable `lastFundingTime` leads to incorrect calcualtions

MakerDAO Endgame

1,148.71 USDC • Sherlock • tedox

#54

MagicSea - the native DEX on the IotaEVM

6.21 USDC • 3 total findings • Sherlock • tedox

#53

high

Users can double their voting power inside `Voter.sol`

medium

`MasterchefV2::deposit` doesn't account for feeOnTransfer tokens

medium

Users can lock down bribing for pools

May '24

Munchables

0.01 USDC • 5 total findings • Code4rena • tedox

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

high

Invalid validation allows users to unlock early

high

Single plot can be occupied by multiple renters

high

Failure to Update Dirty Flag in transferToUnoccupiedPlot Prevents Reward Accumulation On Valid Plot

high

Invalid validation in _farmPlots function allowing a malicious user repeated farming without locked funds

Elfi

300.04 USDC • 3 total findings • Sherlock • tedox

#17

high

`AccountFacet::batchUpdateAccountToken` allows users to manually change their blance

high

Users may not be able to close their position due to lack of liquidity in the pool

medium

Contract will reach a point where users will not be able to call `deposit`

Mar '24

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • tedox

high

Bidders can win auction without paying