https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/51842f44-5b2c-41ac-8ddb-dd48824d5d7a.jpg

twcctop

Security Researcher

lazy lazy

Contact Me

High

13

Total

Medium

26

Total

$8.20K

Total Earnings

#619 All Time

34x

Payouts

regular

4x

Top 10

regular

12x

Top 25

regular

20x

Top 50

All

Sherlock

Code4rena

Cantina

CodeHawks

Oct '24

mev-commit

mev-commit

156.24 USDC • 1 total finding • Cantina • twcctop

#32

medium

Finding not yet public.

Aug '24

zetachain-protocol

zetachain-protocol

97.01 USDC • 2 total findings • Cantina • twcctop

#75

high

Finding not yet public.

medium

Finding not yet public.

Jul '24

Optimism Superchain

Optimism Superchain

0 OP • Code4rena • twcctop

#14

MakerDAO Endgame

MakerDAO Endgame

29.17 USDC • Sherlock • twcctop

#113

Jun '24

Pegasus

Pegasus

1,205.39 USDC • 1 total finding • Cantina • twcctop

#5

medium

Finding not yet public.

May '24

Munchables

Munchables

0.01 USDC • 2 total findings • Code4rena • twcctop

#16

high

Malicious User can call `lockOnBehalf` repeatedly extend a users `unlockTime`, removing their ability to withdraw previously locked tokens

medium

Missing disapproval check in `LockManager.sol::approveUSDPrice` allows simultaneous approval and disapproval of a price proposal

Arbitrum BoLD

Arbitrum BoLD

0 USDC • Code4rena • twcctop

#10

Apr '24

Renzo

Renzo

1.48 USDC • 2 total findings • Code4rena • twcctop

#54

high

Incorrect withdraw queue balance in TVL calculation

medium

Lack of slippage and deadline during withdraw and deposit

NOYA

NOYA

19.18 USDC + NOYA stars • 1 total finding • Code4rena • twcctop

#82

medium

Chainlink connector doesn’t check for the Min / Max prices returned

Panoptic

Panoptic

32.96 USDC • Code4rena • twcctop

#18

Mar '24

Smart-contracts

Smart-contracts

1.7 USDC • 1 total finding • Cantina • twcctop

#45

medium

Finding not yet public.

Feb '24

curvance

curvance

1,201.21 USDC • 3 total findings • Cantina • twcctop

#30

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

Jan '24

Salty.IO

Salty.IO

103.73 USDC • 3 total findings • Code4rena • twcctop

#68

high

User can evade `liquidation` by depositing the minimum of tokens and gain time to not be liquidated

high

First Liquidity provider can claim all initial pool rewards

medium

DOS of proposals by abusing ballot names without important parameters

Curves

Curves

102.09 USDC • 3 total findings • Code4rena • twcctop

#50

medium

Single token purchase restriction on curve creation enables sniping

medium

onBalanceChange causes previously unclaimed rewards to be cleared

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

Dec '23

Revolution Protocol

Revolution Protocol

45.37 USDC • 2 total findings • Code4rena • twcctop

#56

high

Incorrect amounts of ETH are transferred to the DAO treasury in `ERC20TokenEmitter::buyToken()`, causing a value leak in every transaction

medium

Bidder can use donations to get VerbsToken from auction that already ended.

Ethereum Credit Guild

Ethereum Credit Guild

30.41 USDC • 1 total finding • Code4rena • twcctop

#81

medium

LendingTerm::debtCeiling() can return wrong debt as the min() is evaluated incorrectly

Nov '23

Canto Application Specific Dollars and Bonding Curves for 1155s

Canto Application Specific Dollars and Bonding Curves for 1155s

1.37 USDC • 1 total finding • Code4rena • twcctop

#31

medium

No slippage protection for Market functions

Kelp DAO | rsETH

Kelp DAO | rsETH

7.42 USDC • 1 total finding • Code4rena • twcctop

#51

high

The price of rsEHT could be manipulated by the first staker

Oct '23

NextGen

NextGen

36.08 USDC • 3 total findings • Code4rena • twcctop

#69

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

medium

Auction winner can prevent payments via `safeTransferFrom` callback

Ethena Labs

Ethena Labs

524.94 USDC • 1 total finding • Code4rena • twcctop

#11

medium

Malicious users can front-run to cause a denial of service (DoS) for StakedUSDe due to MinShares checks

Badger eBTC Audit + Certora Formal Verification Competition

Badger eBTC Audit + Certora Formal Verification Competition

19.71 USDC • Code4rena • twcctop

#18

Open Dollar

Open Dollar

294.01 USDC • 3 total findings • Code4rena • twcctop

#20

medium

Approved address can approve other addresses for an owner's safe

medium

Vault721.tokenURI does not comply with ERC721 - Metadata specification

medium

Decimal Limitation in CamelotRelayer and UniV3Relayer Contract Deployment

zkSync Era

zkSync Era

3,293.31 USDC • Code4rena • twcctop

#21

Sep '23

Maia DAO - Ulysses

Maia DAO - Ulysses

25.68 USDC • Code4rena • twcctop

#55

Allo V2

Allo V2

25.89 USDC • 2 total findings • Sherlock • twcctop

#56

medium

Math error in `_qv_allocate`

medium

`QVSimpleStrategy` don't support native token

Aug '23

Blueberry Update #3

Blueberry Update #3

119.33 USDC • 1 total finding • Sherlock • twcctop

#9

medium

AuraSpell#_getJoinPoolParamsAndApprove Leads to maxAmountsIn[i] Mismatch with Existing LP Tokens

Tangible Caviar

Tangible Caviar

0 USDC • Code4rena • twcctop

#88

Jul '23

Moonwell

Moonwell

44.88 USDC • Code4rena • twcctop

#36

Beedle - Oracle free perpetual lending

Beedle - Oracle free perpetual lending

0.00 USDC • 1 total finding • CodeHawks • twcctop

#236

high

Sandwich attack to steal all ERC-20 tokens in the Fees contract

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

63.42 USDC • 2 total findings • CodeHawks • twcctop

#33

high

Liquidation Is Prevented Due To Strict Implementation of Liqudation Bonus

medium

staleCheckLatestRoundData() does not check the status of the Arbitrum sequencer in Chainlink feeds.

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

Chainlink Cross-Chain Contract Administration: Multi-signature Contract, Timelock and Call Proxies

677.54 USDC • Code4rena • twcctop

#5

Basin

Basin

6.07 USDC • Code4rena • twcctop

#29

Jun '23

RealWagmi

RealWagmi

30.45 USDC • 1 total finding • Sherlock • twcctop

#21

medium

Precision Loss in Calculating lowerTick and upperTick in _getTicksForPosition

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

0.00 USDC • 1 total finding • Sherlock • twcctop

#108

high

USSD.sol mintRebalancer lose access control