https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/1c6dd1aa-723c-49ca-9ba0-29a065a4bbcc.png

ubl4nk

@lirezArAzAvi

Interested in security, reverse-engineering & electronics.

Contact Me

High

Total

Medium

Solo

Total

$1.47K

Total Earnings

#1258 All Time

22x

Payouts

4x

Top 10

9x

Top 25

13x

Top 50

All

Sherlock

Code4rena

Hats Finance

Oct '25

Index Fun Order Book

70.67 USDC • 1 total finding • Sherlock • ubl4nk

#10

medium

Unresolvable Past Epochs Due to `emergencyResolveMarket` Only Handling the Current Epoch

Sep '25

Super DCA Liquidity Network

0.00 OP • 1 total finding • Sherlock • ubl4nk

#52

high

Denial-of-Rewards via stake/unstake ordering (pending rewards wiped)

Cross chain Realitio Proxy

799.8 USDC • 1 total finding • Hats • lirezArAzAvi

medium

Loss of Funds Due to Refund Aliasing in Retryable Ticket Creation

Ammplify

23.18 USDC • 1 total finding • Sherlock • ubl4nk

#67

medium

DoS via `adjustMaker` reverting for below-range (X-only) positions

Jan '25

Next Generation

3.65 USDC • 1 total finding • Code4rena • ubl4nk

#14

high

Cross-Chain Signature Replay Attack Due to User-Supplied `domainSeparator` and Missing Deadline Check

Jul '24

MakerDAO Endgame

155.96 USDC • Sherlock • ubl4nk

#93

Jun '24

Size

6.17 USDC • 1 total finding • Code4rena • ubl4nk

#58

medium

Fragmentation fee is not taken if user compensates with newly created position

Apr '24

TITLES Publishing Protocol

27.18 USDC • 3 total findings • Sherlock • ubl4nk

#35

high

User can mint all the maxSupply through Edition::mintBatch

medium

_refundExcess doesn't work as expected in the protocol

medium

_setAcknowledged is not implemented correctly

DYAD

0.02 USDC • 1 total finding • Code4rena • ubl4nk

#114

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

Panoptic

32.96 USDC • Code4rena • lirezArAzAvi

#18

Mar '24

vVv Vesting & Staking

12.66 USDC • Sherlock • ubl4nk

#34

Feb '24

AI Arena

68.23 USDC • 6 total findings • Code4rena • ubl4nk

#72

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Since you can reroll with a different fighterType than the NFT you own, you can reroll bypassing maxRerollsAllowed and reroll attributes based on a different fighterType

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

Fighters cannot be minted after the initial generation due to uninitialized `numElements` mapping

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

Jan '24

Telcoin Platform Audit

2.64 USDC • 1 total finding • Sherlock • ubl4nk

high

CouncilMember::burn is not correctly implemented

Curves

1.11 USDC • 3 total findings • Code4rena • ubl4nk

#128

high

Unauthorized Access to setCurves Function

medium

Curves::_buyCurvesToken(), Excess of Eth received is not refunded back to the user.

medium

If a user sets their curve token symbol as the default one plus the next token counter instance it will render the whole default naming functionality obsolete