https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_7.png

warRoom

Security Researcher

Contact Me

High

10

Total

Medium

8

Total

$1.51K

Total Earnings

#1108 All Time

6x

Payouts

regular

2x

Top 25

regular

6x

Top 50

All

Sherlock

CodeHawks

Jul '23

Foundry DeFi Stablecoin CodeHawks Audit Contest

Foundry DeFi Stablecoin CodeHawks Audit Contest

70.66 USDC • 6 total findings • CodeHawks • warRoom

#26

high

Theft of collateral tokens with fewer than 18 decimals

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

medium

Anyone can burn **DecentralizedStableCoin** tokens with `burnFrom` function

medium

Double-spending vulnerability leads to a disruption of the DSC token

gas

Double checks

gas

`DSCEngine` should deploy its own `DecentralizedStableCoin`

Tokemak

Tokemak

562.57 USDC • 3 total findings • Sherlock • warRoom

#28

high

User can not deposit ETH in LMPVault via router without being at loss

high

Incorrect Handling of Rewards During Asset Withdrawal from Destinations

medium

perWalletLimit for feeSink may lead to DOS

May '23

USSD - Autonomous Secure Dollar

USSD - Autonomous Secure Dollar

67.74 USDC • 4 total findings • Sherlock • warRoom

#30

high

Lack of access control in `mintRebalancer()` and `burnRebalancer()`

high

`getOwnValuation` calculation may overflow

high

No slippage protection in `UniV3SwapInput()` can lead to sandwich attacks.

medium

`getPriceUSD()` has no check for round completeness and stale prices from Oracle

Index

Index

4.83 USDC • 1 total finding • Sherlock • warRoom

#24

medium

Use of deprecated chainlink function - `latestAnswer()`

Apr '23

Teller

Teller

189.54 USDC • 1 total finding • Sherlock • warRoom

#28

high

Missing access control mechanism for `setCollateralEscrowBeacon` function

Mar '23

Y2K

Y2K

611.99 USDC • 5 total findings • Sherlock • warRoom

#23

high

ERC1155 callback can cause critical griefing attack

high

Incorrect updation of critical mapping - ownerToRollOverQueueIndex

high

Rollover users are being minted previous epoch amounts instead of entitled share amount.

medium

No check for zero TVL of either vault in triggerEndEpoch() leading to permanent freezing of funds

medium

changeTreasury() function will always update vault's treasury address to factory's treasury address