https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

tvdung94

Security Researcher

Contact Me

High

17

Total

Medium

1

Solo

18

Total

$29.36K

Total Earnings

#284 All Time

18x

Payouts

silver

1x

2nd Places

regular

4x

Top 10

regular

10x

Top 25

All

Sherlock

Cantina

Jan '25

Plaza Finance

Plaza Finance

2.16 USDC • 2 total findings • Sherlock • tvdung94

#91

high

transferReserveToAuction() will always revert due to getting wrong auction address

high

Current fee claiming model allows users to force protocol to collect less fee than expected

Sep '24

Flayer

Flayer

46.01 USDC • 1 total finding • Sherlock • tvdung94

#62

medium

UniswapImplementation::setFee() will not work.

Aug '24

Sentiment V2

Sentiment V2

68.32 USDC • 1 total finding • Sherlock • tvdung94

#38

medium

Protocol will treat unsupported assets, which were previously supported, as legit assets in health check and liquidation

Jul '24

Velocimeter

Velocimeter

318.28 USDC • 3 total findings • Sherlock • tvdung94

#28

high

Users will have to pay more than max payment amount when exercising ve (or lp) in some certain cases

high

Malicious users could extend other users' locks with dust lp, freezing fund withdrawals

high

Malicious users could grief other users by creating dust locks in vote escrow

Feb '24

curvance

curvance

10,747.56 USDC • 8 total findings • Cantina • tvdung94

#12

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '24

Blast

Blast

3,159.05 USDC • 2 total findings • Cantina • tvdung94

#42

medium

Finding not yet public.

medium

Finding not yet public.

Notional Update #5

Notional Update #5

1,250.95 USDC • 1 total finding • Sherlock • tvdung94

#6

medium

Wfcash deposit might give incorrect amount of shares (wfcash) in some cases.

Dec '23

Olympus RBS 2.0

Olympus RBS 2.0

10,497.41 USDC • 5 total findings • Sherlock • tvdung94

silver

high

BunniSupply::getProtocolOwnedLiquidityReserves() returns incorrect amount of reserves

high

BunniPrice::getBunniTokenPrice() returns incorrect price

high

BalancerPoolTokenPrice::getStablePoolTokenPrice()'s approach might be wrong

medium

balancerPool.totalSupply() might not give correct results for newer weighted pools

medium

BunniPrice::_getBunniReserves() does not add uncollected fee into total value calculation

Nov '23

Notional Update #4

Notional Update #4

237.52 USDC • 1 total finding • Sherlock • tvdung94

#7

medium

SingleSidedLPVault 's minting shares mechanism might make vaults broken

Aug '23

Symmetrical Update

Symmetrical Update

226.47 USDC • 1 total finding • Sherlock • tvdung94

#5

medium

amount is not converted into correct decimal before allocating in depositAndAllocateForAccount()

Cooler Update

Cooler Update

0.70 USDC • 1 total finding • Sherlock • tvdung94

#20

medium

Malicious lenders could force borrowers to give up their collateral by adjusting interest rate in Cooler contract

Jul '23

Bond Options

Bond Options

99.50 USDC • 1 total finding • Sherlock • tvdung94

#17

high

Malicious users could empty teller quote/payout tokens by repeatedly reclaim expired option token

Jun '23

Symmetrical

Symmetrical

1,196.73 USDC • 2 total findings • Sherlock • tvdung94

#13

high

Wrong pending locked balance subtraction when partyB opens a partially filled position

high

Function depositAndAllocateForPartyB does not correctly convert deposit amount into 18 decimals, leading to allocating only a fraction of it

May '23

Perennial

Perennial

1,165.03 USDC • 1 total finding • Sherlock • tvdung94

#11

medium

Users can be forced to claim assets at bad rate in some cases

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

17.15 USDC • 2 total findings • Sherlock • tvdung94

#62

high

Lacking protection of mintRebalancer and burnRebalancer could give users control over ussd price

high

Miscalculation for amount of collateral to sell

Apr '23

JOJO Exchange

JOJO Exchange

302.04 USDC • 1 total finding • Sherlock • tvdung94

#27

high

Attackers can steal token from users who call erc20 approve to DepositStableCoinToDealer contract

Teller

Teller

0.02 USDC • 1 total finding • Sherlock • tvdung94

#54

medium

Fee-on-transfer tokens will make collaterals stuck in escrow contracts.

Mar '23

Taurus

Taurus

30.89 USDC • 1 total finding • Sherlock • tvdung94

#12

medium

Attackers can disable vault deposits for all users