https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/dbf9e2e5-4b64-4d00-bf3f-d865c03a2dc0.jpg

theOwl

Security Researcher

Independent Security Researcher | ex CTO @zokyo_io | ex @MultiversX | 🦀 | |-|4x0|2 | DM for Audits

Contact Me

High

Total

Medium

Total

$829.00

Total Earnings

#1254 All Time

5x

Payouts

2x

2nd Places

1x

3rd Places

3x

Top 10

All

Sherlock

CodeHawks

Mar '24

RadicalxChange

1.18 USDC • 1 total finding • Sherlock • theOwl

high

Malicious bidder can steal the license by canceling his bid before end of the auction using cancelAllBidsAndWithdrawCollateral

Jul '23

CodeHawks Escrow Contract - Competition Details

41.06 USDC • 2 total findings • CodeHawks • theOwl

#50

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

medium

High - Funds can be lost if any participant is blacklisted

May '23

USSD - Autonomous Secure Dollar

82.03 USDC • 7 total findings • Sherlock • theOwl

#24

high

All calls to StableOracleDAI will fail

high

USSD executed it's swaps of collateral without slippage protection

high

Price reading from Uniswap pool can be manipulated

high

Price manipulation through open minting and rebalancing of assets to steal USSD collaterals

high

Wrong Uniswap pool reserve calculation can affect rebalance process

medium

When removing a collateral the index and proportions of the others collaterals will be misplaced

medium

chainLink call not properly sanitized, it can return stale data

DODO Margin Trading

116.10 USDC • 1 total finding • Sherlock • theOwl

high

Side entrance in contract logic through Aave flashLoan will allow an attacker to steal user tokens

Apr '23

Splits

589.10 USDC • 1 total finding • Sherlock • theOwl

medium

Oracle Manipulation using Uniswap V3 pool that is not yet deployed