https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/43678336-7c61-4365-9438-50bc80d84070.jpg

werulez99

Security Researcher

Contact Me

High

Total

Medium

Total

$20.72K

Total Earnings

#435 All Time

13x

Payouts

1x

1st Places

2x

3rd Places

7x

Top 10

All

Sherlock

Code4rena

Cantina

Jan '26

Olas

336.64 USDC • 5 total findings • Code4rena • Valves

#26

high

UniswapPriceOracle.validatePrice() TWAP Calculation Flaw

high

Variable Overwrite in checkPoolAndGetCenterPrice() Creates Dead-Code Deviation Check, Leaving All V3 Protocol-Owned Liquidity Operations Unprotected

medium

Services can earn undeserved rewards by manipulating checkpoint timing during reward droughts

medium

Balancer oracle deadlock from cumulative price weight

medium

Uniswap oracle validateprice can be griefed per block via `sync()`

Flying Tulip

4,309.47 USDC • Sherlock • Valves

Dec '25

Panoptic: Next Core

9,260.89 USDC • 5 total findings • Code4rena • Valves

high

BuilderWallet `init()` is unprotected/re-initializable, enabling takeover and theft of builder fees

medium

Self-settlement via `dispatchFrom` bypasses refund mechanism allowing underfunded debt settlement

medium

Withdrawing just before a bad debt event can increase losses for remaining liquidity providers

medium

`dispatchFrom()` Liveness DoS via `StaleOracle`: Spot Price Manipulation Blocks Liquidations, Force Exercises, and Premium Settlements

medium

Commission Share-Burn Distribution is JIT-Capturable When `builderCode == 0` (Default)

Monolith Stablecoin Factory

1,691.10 USDC • 2 total findings • Sherlock • Valves

high

Borrower can extract unbacked Coin at the expense of the protocol

medium

A single borrower being written off will create unbacked stablecoins for all users

Nov '25

SukukFi

2,652.15 USDC • 3 total findings • Code4rena • Valves

high

Missing access control in `WERC7575Vault` allows unauthorized withdrawals

medium

The unregistering of vaults can be DoSed by a malicious user.

medium

Stale Redemption Liabilities Lead to Leveraged Losses for Remaining Shareholders and Potential Denial of Service

stNXM by EaseDeFi

4.51 USDC • 4 total findings • Sherlock • werulez99

#36

medium

Duplicate tranche tracking enables share-price inflation and owner withdrawal abuse.

medium

Missing tranche update in extendDeposit causes underpriced shares.

medium

Uniswap V3 liquidity operations lack slippage protection

medium

Oracle APY sanity check weakens over time and stops protecting against price manipulation

Oct '25

Avon-Contracts

524.22 USDC • 5 total findings • Cantina • Valves

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sep '25

Summer.fi - governance v2

76.81 USDC • 2 total findings • Sherlock • werulez99

medium

Removing a reward token doesn’t reset state and later re-adding lets late stakers steal historical rewards

medium

Malicious callers can throttle USDC/USDT/WBTC rewards by spamming getRewardFor.

Jul '25

GTE Spot CLOB and Router

17.52 USDC • 1 total finding • Code4rena • Merulez99

#20

medium

Removing only the tail order from a limit does not reduce tree size, allowing order book to grow indefinitely

Mar '25

Nudge.xyz

610.41 USDC • 1 total finding • Code4rena • HaidutiSec

medium

Anyone can DOS handleReallocation over and over

Feb '25

defi-app-contracts

228.43 USDC • 2 total findings • Cantina • merulz99

#17

high

Finding not yet public.

medium

Finding not yet public.

Jan '25

Plaza Finance

1,004.24 USDC • 1 total finding • Sherlock • werulez99

#13

high

#Collateral level Inflation vulnerability

Feb '24

AI Arena

2.06 USDC • 1 total finding • Code4rena • Merulez99

#155

high

Malicious user can stake an amount which causes zero curStakeAtRisk on a loss but equal rewardPoints to a fair user on a win