https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_4.png

utsav

Security Researcher

High

15

Total

Medium

6

Total

$1.09K

Total Earnings

#1209 All Time

5x

Payouts

regular

1x

Top 10

regular

4x

Top 25

regular

4x

Top 50

All

Sherlock

Nov '24

Debita Finance V3

Debita Finance V3

8.36 USDC • 2 total findings • Sherlock • utsav

#52

high

buyOrder owner will lose his NFT in sellNFT()

medium

All lendOrder of the factory can be deleted using cancelOffer()

Sep '24

Flayer

Flayer

876.75 USDC • 8 total findings • Sherlock • utsav

#18

high

Users vote will be locked in CollectionShutdown.sol if the collection is cancelled

high

Malicious user can cancel() already sunset collection using `vote()`

high

`relist()` doesn't check if the listing is` liquidationLisiting` or not, paying unnecessary tax to the owner

high

`reserve()` doesn't deletes the `_isLiquidation` mapping, causing tax loss for owner in future

high

Previous owner can `cancelListing()` or `modifyListing()` because reserve() doesn't deletes the `_listings` mapping

high

`withdrawProtectedListing()` can be DoS

high

`listingCount` is not update in `relist()`

medium

`BaseImplementation:claim()` will be DoS for previous `beneficiary`

Aug '24

Winnables Raffles

Winnables Raffles

9.76 USDC • 4 total findings • Sherlock • utsav

#25

high

cancelRaffle() doesn't verify the prizeManager/chainSelector before sending ccip message

high

lockedETH is not updated while refunding players

high

CreateRaffle() can be DoS by frontrunning

medium

Admin can't remove address from roles due to broken setRole()

Jul '24

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

183.49 USDC • 6 total findings • Sherlock • utsav

#18

high

Funds will be locked in BribeRewarder.sol

high

Wrong calculation of reward in BribeRewarder due to `_lastUpdateTimestamp`

high

Voting will be DoS in _modify()

high

User with unlock position will able to vote due to wrong check

medium

Rewards can be stolen in MlumStaking.sol by frontrunning

medium

Honest bribeRewarder can be DoS while registering in Voter.sol

May '24

Sophon Farming Contracts

Sophon Farming Contracts

16.89 USDC • 1 total finding • Sherlock • utsav

#5

medium

`setStartBlock` doesn't update the `lastRewardBlock`