https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/f8aee2cd-c12e-4a74-bd24-7087e08e23bb.jpg

volodya

Security Researcher

Smart contract security researcher, Ranked #1 on the 60-day leaderboard @code4rena DM for security reviews 🗓

Contact Me

High

2

Solo

34

Total

Medium

5

Solo

49

Total

$59.07K

Total Earnings

#150 All Time

28x

Payouts

silver

2x

2nd Places

bronze

1x

3rd Places

regular

13x

Top 10

All

Sherlock

Code4rena

Jan '25

Allora v0.8.0 Update

Allora v0.8.0 Update

7,811.92 USDC • Sherlock • volodya

#5

Findings not publicly available for private contests.

Dec '24

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

1,130.81 OP • 24 total findings • Sherlock • volodya

#5

high

downsideProtected is not protected

high

strikeprice doesn't align with strikePercent

high

anyone can make Borrowing.lastCumulativeRate huge

high

borrower can create unliquidatable position

high

liquidationType2 is not implemented at all right now

high

abond holder can steal from other abond holders

high

user can make protocol to not catch upside after withdraw

high

odos signature can be used for other withdraws to make bad swap on odos for protocol

high

Borrow's position will be never be liquidated after option expires

high

Users can renew their position after liquidation period

high

protocol will not be able to withdraw totalInterestFromLiquidation

high

the protocol will lose collateral from liquidation

high

Anyone can withdraw all usdt from treasury for 1usda

high

users will not get usda profits from liquidations

medium

lastEthprice is not updated on borrower's deposit

medium

Users can buy options for cheap

medium

borrower withdraw wipes out all profit cds holders made from previous lastEventTime

medium

cdsPoolValue will not be tracked properly after liquidations

medium

cds holders will lose their deposit if collateral price goes down in value when they withdraw

medium

Whenever the current chain doesn't have USDA tokens, the downside will not be enforced correctly.

medium

borrowers will not be able to withdraw their funds due to noOfBorrowers underflow in Treasury

medium

fee refund is not happening on borrower withdraw

medium

All admin function can be ddosed

medium

vault value is not being changed on liquidation

Nov '24

Ethos Network Financial Contracts

Ethos Network Financial Contracts

157.98 USDC • 2 total findings • Sherlock • volodya

#20

high

Market creator will not be able to withdraw his liquidity

medium

authorProfileId can avoid being slashed

Nouns DAO - Auction Streams

Nouns DAO - Auction Streams

770.70 USDC • Sherlock • volodya

#8

Aug '24

Perennial V2 Update #3

Perennial V2 Update #3

1,441.77 USDC • 3 total findings • Sherlock • volodya

#6

high

Anyone can become an operator for any user and execute any trade on their behalf due to lack restriction in marketfactory

medium

settle's keepers will not receive their fees

medium

Migration for global position will not work correctly

Jun '24

Allora

Allora

13,426.26 USDC • 11 total findings • Sherlock • volodya

silver

high

forecast-implied inferences can be set to any value due to ForecastElements is not filtered by duplicate.

high

Not appropriate Inferences will be used when calculating the forecast

high

Iteration over map is non-deterministic and could cause issues in consensus-critical code

high

any user can halt chain with a negative amount request using RemoveStake

high

anyone can rewrite reputer data and worker data

medium

The default value of epsilon differs from what is stated in the whitepaper

medium

The formula for forecast normalization differs from the one in the whitepaper.

medium

incorrect condition for the iterative update of Equation 34

medium

topic's funds is being used twice when activating a topic

medium

Treasury cap restriction will not hold and one block per month will be compromised

medium

SendDataWithRetry doesn't work properly(Retries will not happen)

May '24

PoolTogether: The Prize Layer for DeFi

PoolTogether: The Prize Layer for DeFi

803.47 USDC • 2 total findings • Sherlock • volodya

#12

medium

Solidity >=0.8.20 is unsupported by linea and some other chains

medium

witnet is not being supported on all chains.

Elfi

Elfi

5.96 USDC • 1 total finding • Sherlock • volodya

#27

high

batchUpdateAccountToken not restricted

Oct '23

NextGen

NextGen

10.97 USDC • 2 total findings • Code4rena • volodya

#95

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

Aug '23

Dopex

Dopex

1,856.12 USDC • 5 total findings • Code4rena • volodya

#8

high

The settle feature will be broken if attacker arbitrarily transfer collateral tokens to the PerpetualAtlanticVaultLP

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

high

Users can get immediate profit when deposit and redeem in `PerpetualAtlanticVaultLP`

medium

The owner of RPDX Decaying Bonds is not updated on token transfers

medium

The vault allows "free" swaps from WETH to RDPX

Tangible Caviar

Tangible Caviar

43.59 USDC • Code4rena • volodya

#64

Jul '23

Moonwell

Moonwell

2,487.26 USDC • 2 total findings • Code4rena • volodya

#7

medium

`fastTrackProposalExecution` doesn't check `intendedRecipient`

medium

Its not possible to liquidate deprecated market

PoolTogether

PoolTogether

2,014.75 USDC • 2 total findings • Code4rena • volodya

#9

medium

Number of prize tiers always increases if just 1 canary prize is claimed

medium

Inconsistent behavior for canary claims in claimer

Dinari

Dinari

122.59 USDC • 1 total finding • Sherlock • volodya

#6

medium

Operators can take escrow from order after its' cancellation

Jun '23

Symmetrical

Symmetrical

286.83 USDC • 4 total findings • Sherlock • volodya

#24

high

liquidatePartyB can be avoided by frontrunning

medium

minAcceptablePortionLF is not being enforced on the partial opening positions which leads to liquidators receiving fewer funds than protocol promised to the liquidator

medium

liquidatePartyA can be called after liquidatePositionsPartyA so partyA can be stuck in liquidateStatus forever

medium

Solvency is not being checked correctly on opening position

May '23

Index

Index

4,942.40 USDC • 4 total findings • Sherlock • volodya

#4

high

AaveLeverageStrategyExtension doesn't work with turned on Efficiency Mode

medium

Deprecated chainlink oracle

medium

Side effects of LTV = 0 assets: Index's users will not be able to withdraw (collateral), borrow

medium

Some modules will not work with certain ERC20s reverting when trying to approve with allowance already >0

Venus Protocol Isolated Pools

Venus Protocol Isolated Pools

6,224.32 USDC • 5 total findings • Code4rena • volodya

bronze

high

Incorrect `blocksPerYear` constant in `WhitepaperInterestRateModel`

medium

Exchange Rate can be manipulated

medium

Bad Debt in PoolLens.sol#getPoolBadDebt() is not calculated correctly in USD

medium

It's possible to borrow, redeem, transfer tokens and exit markets with outdated collateral prices and borrow interest

medium

Sometimes calculateBorrowerReward and calculateSupplierReward return incorrect results

Ajna Protocol

Ajna Protocol

606.99 USDC • 1 total finding • Code4rena • volodya

#18

high

User can avoid bankrupting by calling PositionManager.moveLiquidity where to index is bankrupted index

Apr '23

EigenLayer Contest

EigenLayer Contest

12,193.66 USDC • 2 total findings • Code4rena • volodya

silver

high

It is impossible to slash queued withdrawals that contain a malicious strategy due to a misplacement of the ++i increment

high

Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)

Frankencoin

Frankencoin

22.67 USDC • 1 total finding • Code4rena • volodya

#65

medium

function `restructureCapTable()` in Equity.sol not functioning as expected

Rubicon v2

Rubicon v2

179.48 USDC • 4 total findings • Code4rena • volodya

#43

medium

Incorrect fee handling in Position.sol's Market Buy/Sell functions

medium

Potential infinite loop in `_borrowLimit` function

medium

Calling `Position._marketSell` function compares `fill_amt` that includes fee to `min_fill_amount` that does not include fee

medium

Calling `Position._marketBuy` and `Position._marketSell` functions that calculate `_fee` by dividing by `10000` can cause incorrect calculations

Mar '23

Gitcoin

Gitcoin

91.21 USDC • Sherlock • volodya

#34

Asymmetry contest

Asymmetry contest

37.07 USDC • 2 total findings • Code4rena • volodya

#86

medium

DoS due to external call failure

medium

Missing derivative limit and deposit availability checks will revert the whole `stake()` function

Canto Identity Subprotocols contest

Canto Identity Subprotocols contest

1,992.82 USDC • 2 total findings • Code4rena • volodya

#4

high

Users will be able to purchase fewer NFTs than the project had anticipated

medium

Bio NFT incorrectly breaks SVG lines and doesn't support more than 120 characters effectively

Y2K

Y2K

255.64 USDC • 3 total findings • Sherlock • volodya

#39

high

Users can change each other assets value inside `RolloverIndex` queue

medium

Users able to deposit at epoch time they are not suppose to

medium

Admin cannot change treasury for market

Neo Tokyo contest

Neo Tokyo contest

19.3 USDC • Code4rena • volodya

#22

Wenwin contest

Wenwin contest

81.41 USDC • Code4rena • volodya

#24

Aragon Protocol contest

Aragon Protocol contest

53.96 USDC • Code4rena • volodya

#15