https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/6905feac-6146-4dde-a258-c3aab19c551c.jpg

tsvetanovv

Security Researcher

Smart Contract Security Researcher

Contact Me

High

15

Total

Medium

43

Total

$10.15K

Total Earnings

#551 All Time

47x

Payouts

regular

3x

Top 10

regular

15x

Top 25

regular

30x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Feb '24

opal-contracts

opal-contracts

66.52 USDC • 1 total finding • Cantina • tsvetanovv

#33

high

Finding not yet public.

HydraDX

HydraDX

1,464.35 USDC • 1 total finding • Code4rena • tsvetanovv

#8

medium

Missing hook call will lead to incorrect oracle results

Jan '24

SYMM IO

SYMM IO

10.53 USDC • Sherlock • tsvetanovv

#26

Dec '23

The Standard

The Standard

19.88 USDC • 3 total findings • CodeHawks • tsvetanovv

#55

medium

Missing deadline check allow pending transactions to be maliciously executed

medium

Fees are hardcoded to 3000 in ExactInputSingleParams

low

doesn't follow the EIP standard

Ethereum Credit Guild

Ethereum Credit Guild

20.82 USDC • Code4rena • tsvetanovv

#84

Nov '23

metamorpho-and-periphery

metamorpho-and-periphery

2,721.63 USDC • 1 total finding • Cantina • tsvetanovv

#7

medium

Finding not yet public.

Oct '23

Real Wagmi #2

Real Wagmi #2

384.52 USDC • 2 total findings • Sherlock • tsvetanovv

#11

high

`_getCurrentSqrtPriceX96()` is easy to manipulation

medium

Malicious lender can use blacklisted address and harm borrower

zkSync Era

zkSync Era

273.57 USDC • Code4rena • tsvetanovv

#35

Sep '23

Venus Prime

Venus Prime

32.27 USDC • 1 total finding • Code4rena • tsvetanovv

#34

medium

DoS and gas griefing of calls to Prime.updateScores()

Allo V2

Allo V2

0.09 USDC • 1 total finding • Sherlock • tsvetanovv

#74

medium

The protocol doesn't have support for fee-on-transfer types of ERC20 tokens

Aug '23

Sparkn

Sparkn

6.34 USDC • 2 total findings • CodeHawks • tsvetanovv

#67

low

If a winner is blacklisted on any of the tokens they can't receive their funds

low

Signature missing nonce & expiration deadline

Tangible Caviar

Tangible Caviar

0 USDC • Code4rena • tsvetanovv

#88

Jul '23

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

53.13 USDC • 9 total findings • CodeHawks • tsvetanovv

#65

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

high

Fee on transfer tokens will cause users to lose funds

high

Hardcoded Router Address May Cause Token Lockup in Non-Standard Networks

medium

The `borrow` and `refinance` functions can be front-run by the pool lender to set high interest rates

medium

Pragma non-specification can lead to non-functional / corrupted contract when deployed on Arbitrum

gas

+= and -= are more expensive

gas

Uncheck Arithmetic where overflow/underflow impossible

gas

Floating pragma in all contracts

gas

Use named imports instead of plain `import file.sol

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

1.74 USDC • 5 total findings • CodeHawks • tsvetanovv

#116

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

medium

Too many DSC tokens can get minted for fee-on-transfer tokens.

low

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

CodeHawks Escrow Contract - Competition Details

CodeHawks Escrow Contract - Competition Details

41.06 USDC • 2 total findings • CodeHawks • tsvetanovv

#50

medium

[H-01] Lack of emergency withdraw function when no arbiter is set

medium

High - Funds can be lost if any participant is blacklisted

Tokensoft

Tokensoft

78.59 USDC • 1 total finding • Sherlock • tsvetanovv

#14

medium

_settleClaim() cannot be executed because _relayerFee is missing

Beam

Beam

0.42 USDC • Sherlock • tsvetanovv

#43

Tapioca DAO

Tapioca DAO

100.05 USDC • 1 total finding • Code4rena • tsvetanovv

#76

medium

Missing deadline checks allow pending transactions to be maliciously executed

Bond Options

Bond Options

126.22 USDC • 1 total finding • Sherlock • tsvetanovv

#15

medium

The user can't recive rewards if token is USDT

Jun '23

Hubble Exchange

Hubble Exchange

0.14 USDC • 1 total finding • Sherlock • tsvetanovv

#30

medium

`getRoundData` does not check for the freshness of the answer

RealWagmi

RealWagmi

197.19 USDC • 2 total findings • Sherlock • tsvetanovv

#13

high

`getQuoteAtTick()` is vulnerable to manipulation

medium

Wrong `floorTick` calculation in `_getTicksForPosition()`

DODO V3

DODO V3

98.91 USDC • 3 total findings • Sherlock • tsvetanovv

#23

medium

Unsafe usage of `transfer()` and `transferFrom()`

medium

Some tokens must approve by zero first

medium

Missing check for active L2 Sequencer in `D3Oracle.sol`

Unitas Protocol

Unitas Protocol

27.52 USDC • 1 total finding • Sherlock • tsvetanovv

#21

medium

No slippage protection when swap tokens

Stader Labs

Stader Labs

18.57 USDC • Code4rena • tsvetanovv

#36

May '23

Maia DAO Ecosystem

Maia DAO Ecosystem

1,622.96 USDC • 5 total findings • Code4rena • tsvetanovv

#28

high

withdrawProtocolFees() Possible malicious or accidental withdrawal of all rewards

medium

Wrong consideration of blockformation period causes incorrect votingPeriod and votingDelay calculations

medium

[M-01] Some functions in Talos contracts does not allow user to supply slippage and deadline, which may cause swap revert

medium

Lack of slippage protection can lead to significant loss of user funds

medium

_decrementWeightUntilFree() Possible infinite loop

Iron Bank

Iron Bank

29.33 USDC • 3 total findings • Sherlock • tsvetanovv

#18

medium

Missing check for active L2 Sequencer in `PriceOracle.sol`

medium

Price Oracle could get a stale price

medium

Oracle will return the wrong price for asset if underlying aggregator hits `minAnswer`

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

2.01 USDC • 4 total findings • Sherlock • tsvetanovv

#77

high

Lack of access control in `mintRebalancer()` and `burnRebalancer()`

high

`getOwnValuation()` is vulnerable to manipulation

medium

Wrong logic in `BuyUSSDSellCollateral()`

medium

Price Oracle could get a stale price

Ajna Protocol

Ajna Protocol

15.58 USDC • 1 total finding • Code4rena • tsvetanovv

#52

high

Claiming accumulated rewards while the contract is underfunded can lead to a loss of rewards

Footium

Footium

1.15 USDC • 2 total findings • Sherlock • tsvetanovv

#30

medium

`safeMint` in `FootiumClub.sol` doesn't check if receiver supports erc721

medium

Unsafe usage of ERC20 `transfer()`

Apr '23

Blueberry Update

Blueberry Update

24.17 USDC • 2 total findings • Sherlock • tsvetanovv

#14

medium

Price oracle could get a stale price

medium

Missing check for active Arbitrum Sequencer in `ChainlinkAdapterOracle.sol`

Teller

Teller

0.95 USDC • 1 total finding • Sherlock • tsvetanovv

#51

medium

The protocol doesn't have support for fee on transfer type of ERC20 tokens

Caviar Private Pools

Caviar Private Pools

23.08 USDC • 1 total finding • Code4rena • tsvetanovv

#65

high

Risk of silent overflow in reserves update

Mar '23

Gitcoin

Gitcoin

90.54 USDC • Sherlock • tsvetanovv

#37

Asymmetry contest

Asymmetry contest

42.06 USDC • Code4rena • tsvetanovv

#83

Sense Update #1

Sense Update #1

193.44 USDC • 1 total finding • Sherlock • tsvetanovv

#9

medium

Use `call()` instead of `transfer()` when transferring ETH

Neo Tokyo contest

Neo Tokyo contest

29.67 USDC • Code4rena • tsvetanovv

#21

Feb '23

Derby

Derby

26.40 USDC • 1 total finding • Sherlock • tsvetanovv

#36

medium

Must approve by zero first

Ethos Reserve contest

Ethos Reserve contest

61.26 USDC • Code4rena • tsvetanovv

#33

Blueberry

Blueberry

80.79 USDC • 2 total findings • Sherlock • tsvetanovv

#34

medium

Price oracle could get a stale price

medium

Some ERC20 tokens deduct a fee on transfer

OpenQ

OpenQ

999.82 USDC • 2 total findings • Sherlock • tsvetanovv

#17

high

ERC20 transfer zero amount can be reverted

high

Malicious user can blocklist Token

Jan '23

Popcorn contest

Popcorn contest

35.48 USDC • Code4rena • tsvetanovv

#84

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

19.79 USDC • 1 total finding • Code4rena • tsvetanovv

#70

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts

Optimism

Optimism

906.02 USDC • Sherlock • tsvetanovv

#15

Cooler

Cooler

55.05 USDC • 2 total findings • Sherlock • tsvetanovv

#26

high

Unsafe usage of ERC20 .transfer() and .transferFrom()

medium

Division rounding can make fraction-price lower than intended

Ondo Finance contest

Ondo Finance contest

68.6 USDC • Code4rena • tsvetanovv

#18

Astaria contest

Astaria contest

44.14 USDC • 1 total finding • Code4rena • tsvetanovv

#53

medium

Improper Approval Mechanism of Clearing House

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

36.5 USDC • Code4rena • tsvetanovv

#55