https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7f7e5e7e-bc87-4ae5-afc4-303d53f57cff.jpg

valuevalk

Security Researcher

Ex Senior Engineer @ Hedera Hashgraph. ( 10 figures MCAP protocol ) Full Time Web3 Security Researcher since Sep 2024

Contact Me

High

28

Total

Medium

3

Solo

29

Total

$65.08K

Total Earnings

#130 All Time

17x

Payouts

gold

2x

1st Places

silver

1x

2nd Places

bronze

6x

3rd Places

All

Sherlock

Code4rena

Cantina

Apr '25

ZKP2P V2

ZKP2P V2

2,478.51 OP • Sherlock • valuevalk

bronze

Findings not publicly available for private contests.

Mar '25

interop-portal

interop-portal

8,000 USDC • Cantina • valkvalue

gold

Feb '25

THORWallet

THORWallet

346.49 USDC • 1 total finding • Code4rena • MrValioBg

bronze

high

The user can send tokens to any address by using two bridge transfers, even when transfers are restricted.

Babylon Chain Launch (Phase-2)

Babylon Chain Launch (Phase-2)

15,789.47 USDC • 1 total finding • Sherlock • valuevalk

bronze

medium

maybeResendFromStore may wrongly submit a checkpoint transaction twice

Jan '25

Next Generation

Next Generation

7,171.24 USDC • 1 total finding • Code4rena • MrValioBg

gold

medium

Approve operation is not overridden to call transferSanity, thus its allowed to approve blacklisted accounts, which breaks protocol invariant

doppler-contracts

doppler-contracts

2,804.04 USDC • 3 total findings • Cantina • valkvalue

#9

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

infrared-contracts

infrared-contracts

3,567.93 USDC • 2 total findings • Cantina • valkvalue

#16

high

Finding not yet public.

medium

Finding not yet public.

Aave v3.3

Aave v3.3

4,320.63 USDC • Sherlock • valuevalk

#14

Dec '24

story-protocol

story-protocol

12,503.28 USDC • 2 total findings • Cantina • valkvalue

#23

medium

Finding not yet public.

medium

Finding not yet public.

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

2,780.92 OP • 27 total findings • Sherlock • valuevalk

bronze

high

Protocol fees won't be charged in some cases where dCDS user has opted-in for liquidation

high

Liquidation amounts are not correctly deducted from the totalCDS value available, when doing a dCDS withdraw

high

LiquidationType2 does not mark the deposit as liquidated, which enables borrower to withdraw it after liquidation

high

renewOptions deadline if-check is invalid and will never revert

high

withdrawing a deposit does not check if optionFees have expired

high

After closing synthetix position we don't update global data for liquidations

high

Sending excess msg.value to user which is being liquidated instead to the msg.sender/admin can lead to DoS

high

We are wrongly double-calculating the omni-chain cumulativeValue

high

For CDS withdraw the passed signature nonce is not verified, so anyone could use an outdated excessProfitCumulativeValue signature from admin2.

high

Attacker can use redeemUSDT to steal all funds from treasury, as we can specify the usda and usdt prices

high

Abond token transferFrom has a flaw which leads to an unwanted state

high

omniChainData will always be inacurate due to cross-chain message collisions

high

Cross-contract Reentrancy between Borrowing and CDS contracts will leave the omnichain in wrong state

high

usdaGainedFromLiquidation is not updated during liquidation, which leads to discrepancies when redeeming

medium

Protocol fees from gains cannot be withdrawn from treasury

medium

Synthetix is not deployed on Mode L2

medium

No slippage protection when exchanging with synthethix

medium

No way to retrieve sUSD margin and PNL profits from closed synthetix perpetual position

medium

Setting wrong fill price for synthetix position when doing a liquidation type 2

medium

We cannot make weth deposit before getting it from the treasury

medium

Excess msg.value sent for OFT transfer will be stuck in the contract.

medium

Withdrawing ionic during liquidation has a flaw

medium

Calculating margin with ETH price instead of sETH price will lead to DoS of liquidation type 2

medium

Lock-in period option for dCDS users is not enforced when trying to withdraw.

medium

The volatility field for borrowing can be any arbitrary value and could be used to reduce option fees

medium

Cross-chain wrsETH amount is wrapped before the treasury have received it, which could revert the whole transaction

medium

dCDS depositors won't be able to withdraw their funds, if a lot of liquidations ocured since their deposit

Nov '24

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

1,144.02 USDC • Sherlock • valuevalk

bronze

Oct '24

predict.fun lending market

predict.fun lending market

574.71 USDC • 2 total findings • Sherlock • valuevalk

bronze

medium

If Lender gets blacklisted for USDC it will DoS borrower from repaying, which will lock up the collateral CTF tokens.

medium

The Protocol is not strictly compliant with EIP721

Sep '24

Flayer

Flayer

688.91 USDC • 5 total findings • Sherlock • valuevalk

#23

high

Relist deposits fees to Uniswap pool for liquidation listings, which leads to accounting problems, stolen funds and inflation, as liquidation listings don't pay fees.

high

Locker is not setting checkpoints when minting/burning new supply of CT tokens, which can lead to loss of interest rate.

high

Malicious user can drain the Flayer pool, because reserve() does not delete old listing.

medium

Fee exemption logic in UniswapImplementation will never work due to wrong bit-packing.

medium

Lockbox listings can be self-liquidated for Free, allowing all floor deposits to be placed into Liquidation Dutch Listings.

Aug '24

Phi

Phi

230.04 USDC • 3 total findings • Code4rena • MrValioBg

#11

high

`shareBalance` bloating eventually blocks curator rewards distribution

high

Signature replay in `createArt` allows to impersonate artist and steal royalties

medium

Lack of data validation when users are claiming their art allows malicious user to bypass signature/merkle hash to provide unapproved `ref_`, `artId_` and `imageURI`

Sentiment V2

Sentiment V2

2,184.28 USDC • 2 total findings • Sherlock • valuevalk

silver

high

Attacker could update RedstoneOracle's price to an older one, to liquidate another position or benefit himself

medium

Protocol's interestFees + Interest in a pool can be lost because of precision loss when using low-decimal assets like USDT/USDC.

Jul '24

TraitForge

TraitForge

2.57 USDC • 7 total findings • Code4rena • MrValioBg

#77

high

`mintToken()`, `mintWithBudget()`, and `forge()` in the `TraitForgeNft` Contract Will Fail Due to a Wrong Modifier Used in `EntropyGenerator.initializeAlphaIndices()`

high

The maximum number of generations is infinite

high

Wrong minting logic based on total token count across generations

medium

Forger Entities can forge more times than intended

medium

NFTs mature too slowly under default settings.

medium

`Golden God` Tokens can be minted twice per generation

medium

Discrepancy between nfts minted, price of nft when a generation changes & position of `_incrementGeneration()` inside `_mintInternal()` & `_mintNewEntity()`

Karak Restaking

Karak Restaking

492.15 USDC • 1 total finding • Code4rena • MrValioBg

#11

medium

When malicious behavior occurs and DSS requests slashing against vault during 2 day period after `SLASHING_WINDOW` of 7 days is passed after staker initiates a withdrawal, token amount to be slashed is calculated to be higher than what it should be