https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/0b96819d-6a61-4cea-9c46-38519d0a58dc.jpg

udo

Security Researcher

Contact Me

High

16

Total

Medium

17

Total

$1.00K

Total Earnings

#1318 All Time

17x

Payouts

gold

1x

1st Places

bronze

1x

3rd Places

regular

4x

Top 10

All

Sherlock

Code4rena

Cantina

CodeHawks

May '25

LEND

LEND

0.41 USDC • 2 total findings • Sherlock • udo

#110

high

Incorrect Mint Token Calculation in `supply` Function

medium

Incorrect Comparison in Borrow Liquidity Check

Mar '25

Crestal Network

Crestal Network

2.37 USDC • 1 total finding • Sherlock • udo

#11

medium

Missing Access Control in `submitDeploymentRequest()` Enables Unauthorized Request Pickup

Symmio, Staking and Vesting

Symmio, Staking and Vesting

0.00 USDC • 1 total finding • Sherlock • udo

#18

medium

Reward Distribution Extends Period Instead of Adjusting Rate

Feb '25

Rova

Rova

0.04 USDC • 1 total finding • Sherlock • udo

bronze

medium

Incorrect Token Allocation Update in `updateParticipation`

Liquidity Management

Liquidity Management

112.92 usdc • 3 total findings • CodeHawks • udo

#32

high

Wrong refundExecutionFee in _handleReturn

high

Loss of fee refund due to premature state deletion in `PerpetualVault::_handleReturn` function

low

Incorrect Token Price Validation in KeeperProxy

Core Contracts

Core Contracts

263.44 usdc • 20 total findings • CodeHawks • udo

#83

high

`GaugeController` does not send funds to FeeCollector disrupting fees distribution and causing loss of funds

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

Boost Miscalculation Leads to Excess Distribution

high

Lack of Access Control in BoostController::updateUserBoost Leading to Unauthorized Delegation Overwrite.

medium

`MAX_TOTAL_SUPPLY` Bypass in `veRAACToken` via `increase()` Function

medium

`RToken::calculateDustAmount` are incorrectly calculated, leading to not be able to transfer the accrued dust amount

medium

Treasury Contract Deposit Function Can Be Frontrun To Deny Protocol Operations

medium

RAACToken burns less tokens than expected when feeCollector is unset

medium

Flawed Boost Multiplier Calculation Always Yields Maximum Boost

medium

Missing Predecessor Check in `executeEmergencyAction()` function

medium

Liquidity rate calculation applies protocol fee as a discount instead of charging it in ReserveLibrary

low

Irreversible emission cap reduction in BaseGauge

low

Unauthorized Vote Casting Vulnerability

low

Incorrect Initialization of minBoost in BaseGauge Constructor Breaks Core Contract Functionality

low

`FeeCollector::updateFeeType` wrong fee share validation leads to impossible update for some fee types

low

`_distributeToGauges` is venerable to outOfGas

low

Incorrect Values Returned in ReserveLibrary `withdraw` Function

low

Missing `BaseGauge::distributionCap` validation leads to over-emission of rewards

low

Missing Check for Gauge Activation Status in vote :: GaugeController.sol

low

Improper Handling of Predecessor Dependencies in Batch Scheduling and Execution

Jan '25

Liquid Ron

Liquid Ron

0 USDC • 1 total finding • Code4rena • udo

#12

medium

Incorrect Logic in onlyOperator Modifier Leading to Denial-of-Service for Authorized Operators Across Critical Functions

daao-contracts

daao-contracts

278.63 USDC • 5 total findings • Cantina • Augustine

#17

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

reserve-index-dtf

reserve-index-dtf

53.43 USDC • 1 total finding • Cantina • Augustine

#8

medium

Finding not yet public.

Ignite

Ignite

121.92 usdc • CodeHawks • udo

#18

Dec '24

QuantAMM

QuantAMM

10.72 op • 1 total finding • CodeHawks • udo

#73

high

Fee Evasion via LP Token Transfer Resets Deposit Value

Flex Perpetuals

Flex Perpetuals

62.48 USDC • 1 total finding • Code4rena • udo

#4

medium

Missing slippage protection in `AerodromeDexter.sol` `swapExactTokensForTokens()`

SecondSwap

SecondSwap

0.03 USDC • 2 total findings • Code4rena • udo

#66

high

Users can claim more that their actual allotment

medium

Incorrect referral fee calculations

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.01 OP • 1 total finding • Sherlock • udo

#65

medium

Incorrect Implementation in `currentValue`

Lambo.win

Lambo.win

0 USDC • 1 total finding • Code4rena • udo

#36

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

0.38 USDC • 1 total finding • Sherlock • udo

#33

high

Inconsistent accounting in `sellVotes` function.

vVv Launchpad - Investments & Token distribution

vVv Launchpad - Investments & Token distribution

94.59 USDC • 1 total finding • Sherlock • udo

gold

high

Uncontrolled Token Destination allows for front-running Attacks