https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/61e48692-03c1-45f6-8567-0a4deef4239c.jpg

xAriextz

Security Researcher

Learning smart contract security 💻 Sharing my progress 👇 DM's are open! 😁

Contact Me

High

6

Total

Medium

12

Total

$3.98K

Total Earnings

#869 All Time

10x

Payouts

regular

3x

Top 10

regular

4x

Top 25

regular

9x

Top 50

All

Sherlock

Code4rena

Dec '23

Footium Update

Footium Update

278.93 USDC • Sherlock • xAriextz

#10

Nov '23

Nouns Builder

Nouns Builder

1,078.57 USDC • 2 total findings • Sherlock • xAriextz

#5

high

Certain bid amounts will make it impossible to settle the auction

high

Founders won't get the ownership percentage they deserve when `reservedUntilTokenId >= 100`

Kelp DAO | rsETH

Kelp DAO | rsETH

38.79 USDC • 1 total finding • Code4rena • xAriextz

#45

high

Protocol mints less rsETH on deposit than intended

Oct '23

NextGen

NextGen

396.76 USDC • 6 total findings • Code4rena • xAriextz

#33

high

Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime

high

Attacker can reenter to mint all the collection supply

medium

On a Linear or Exponential Descending Sale Model, a user that mint on the last `block.timestamp` mint at an unexpected price.

medium

Bidder Funds Can Become Unrecoverable Due to 1 second Overlap in `participateToAuction()` and `claimAuction()`

medium

Artist signatures can be forged to impersonate the artist behind a collection

medium

Auction payout goes to AuctionDemo contract owner, not the token owner

Open Dollar

Open Dollar

166.26 USDC • 3 total findings • Code4rena • xAriextz

#28

medium

`transferSAFEOwnership()` does not fully transfer ownership

medium

Test addresses and incorrect interface in code prevent integration with UniswapV3 and Camelot

medium

`ODSafeManager#allowSAFE()` cannot be executed either by the proxy contract or any other address.

ENS

ENS

1,774.19 USDC • 1 total finding • Code4rena • xAriextz

#5

medium

Some tokens enable the direct draining of all approved `ERC20Votes` tokens

Canto Liquidity Mining Protocol

Canto Liquidity Mining Protocol

4.94 USDC • Code4rena • xAriextz

#19

Sep '23

Venus Prime

Venus Prime

36.64 USDC • 1 total finding • Code4rena • xAriextz

#33

medium

DoS and gas griefing of calls to Prime.updateScores()

Allo V2

Allo V2

186.75 USDC • 3 total findings • Sherlock • xAriextz

#34

medium

Using ERC20 tokens with fees on transfer may result in a loss of funds

medium

Recipients status malfunctions in QV Strategies

medium

Not possible to register recipients when using registry anchor in RFP Strategies

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

19.79 USDC • 1 total finding • Code4rena • xAriextz

#70

high

Bad implementation in minter access control for `RabbitHoleReceipt` and `RabbitHoleTickets` contracts