https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_1.png

wuwe1

Security Researcher

Contact Me

High

9

Total

Medium

15

Total

$15.76K

Total Earnings

#438 All Time

20x

Payouts

regular

4x

Top 10

regular

15x

Top 25

regular

19x

Top 50

All

Code4rena

Sep '22

VTVL contest

VTVL contest

296.39 USDC • 1 total finding • Code4rena • wuwe1

#20

medium

Two address tokens can be withdrawn by the admin even if they are vested

May '22

FactoryDAO contest

FactoryDAO contest

22.36 DAI • 2 total findings • Code4rena • wuwe1

#60

medium

safeTransferFrom is recommended instead of transfer (1)

medium

amount requires to be updated to contract balance increase (1)

Cudos contest

Cudos contest

502.47 USDC • 1 total finding • Code4rena • wuwe1

#21

medium

Protocol doesn't handle fee on transfer tokens

Apr '22

Backd contest

Backd contest

1,807.13 USDC • 2 total findings • Code4rena • wuwe1

#9

medium

ERC777 tokens can bypass `depositCap` guard

medium

`call()` should be used instead of `transfer()` on an `address payable`

Badger Citadel contest

Badger Citadel contest

1,327.22 USDC • 2 total findings • Code4rena • wuwe1

#14

high

StakedCitadel doesn't use correct balance for internal accounting

high

StakedCitadel: wrong setupVesting function name

Mar '22

Joyn contest

Joyn contest

1,593.53 USDC • 3 total findings • Code4rena • wuwe1

#6

high

Splitter: Anyone can call incrementWindow to steal the tokens in the contract

high

ERC20 tokens with no return value will fail to transfer

medium

createProject can be frontrun

LI.FI contest

LI.FI contest

1,265.32 USDC • 4 total findings • Code4rena • wuwe1

#15

medium

WithdrawFacet's withdraw calls native payable.transfer, which can be unusable for DiamondStorage owner contract

medium

cBridge integration fails to send native tokens

medium

Anyone can get swaps for free given certain conditions in `swap`.

medium

`msg.value` is Sent Multipletimes When Performing a Swap

prePO contest

prePO contest

50.85 USDC • Code4rena • wuwe1

#30

Biconomy Hyphen 2.0 contest

Biconomy Hyphen 2.0 contest

662.35 USDT • 1 total finding • Code4rena • wuwe1

#20

medium

call to non-existing contracts returns success

Feb '22

Foundation contest

Foundation contest

1,095.64 USDC • 1 total finding • Code4rena • wuwe1

#12

medium

Escrowed NFT can be stolen by anyone if no active buyPrice or auction exists for it

Badger Citadel contest

Badger Citadel contest

63.61 USDC • 2 total findings • Code4rena • wuwe1

#27

high

StakedCitadel doesn't use correct balance for internal accounting

high

StakedCitadel: wrong setupVesting function name

Concur Finance contest

Concur Finance contest

3,758.03 USDC • 3 total findings • Code4rena • wuwe1

#5

high

deposit in ConvexStakingWrapper will most certainly revert

medium

execute in VoteProxy should be payable

medium

[ConcurRewardPool] Possible reentrancy when claiming rewards

Jan '22

OpenLeverage contest

OpenLeverage contest

0 USDT • Code4rena • wuwe1

#24

Behodler contest

Behodler contest

1,207.62 USDC • 1 total finding • Code4rena • wuwe1

#15

high

Double transfer in the `transferAndCall` function of `ERC677`

Trader Joe contest

Trader Joe contest

679.91 USDT • Code4rena • wuwe1

#21

Sherlock contest

Sherlock contest

36.17 USDC • Code4rena • wuwe1

#28

ElasticSwap contest

ElasticSwap contest

13.98 USDC • Code4rena • wuwe1

#20

XDEFI contest

XDEFI contest

45.1 USDC • Code4rena • wuwe1

#27

Dec '21

Maple Finance contest

Maple Finance contest

0 USDC • Code4rena • wuwe1

#10

Nov '21

Streaming Protocol contest

Streaming Protocol contest

1,335.77 USDC • 1 total finding • Code4rena • wuwe1

#23

high

Possible incentive theft through the arbitraryCall() function