https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_6.png

web3pwn

Security Researcher

Contact Me

High

7

Total

Medium

6

Total

$1.41K

Total Earnings

#1131 All Time

4x

Payouts

bronze

1x

3rd Places

regular

1x

Top 10

regular

1x

Top 25

All

Sherlock

Code4rena

Jul '24

MakerDAO Endgame

MakerDAO Endgame

185.24 USDC • Sherlock • web3pwn

#92

MagicSea - the native DEX on the IotaEVM

MagicSea - the native DEX on the IotaEVM

51.73 USDC • 6 total findings • Sherlock • web3pwn

#35

high

User can vote twice once the lock duration elapses

high

Any unclaimed and undistributed bribe rewards are locked in the BribeRewarder contract

high

The `vote` function does not work in case there is `BribeRewarder` assigned to the pool

medium

`addToPosition` access control can be bypassed

medium

The `fundAndBribe` of `BribeRewarder` is not compatible with fee on transfer tokens

medium

Denial of Service attack for bribe mechanism

Feb '24

Althea Liquid Infrastructure

Althea Liquid Infrastructure

1,106.55 USDC • 3 total findings • Code4rena • web3pwn

bronze

high

Holders array can be manipulated by transferring or burning with amount 0, stealing rewards or bricking certain functions

medium

Malicious users can prevent holders from claiming their rewards during a reward cycle by skipping it.

medium

Withdrawal from NFTs can be temporarily blocked

AI Arena

AI Arena

64.53 USDC • 4 total findings • Code4rena • web3pwn

#81

high

A locked fighter can be transferred; leads to game server unable to commit transactions, and unstoppable fighters

high

Player can mint more fighter NFTs during claim of rewards by leveraging reentrancy on the `claimRewards() function `

high

Non-transferable `GameItems` can be transferred with `GameItems::safeBatchTransferFrom(...)`

medium

Can mint NFT with the desired attributes by reverting transaction