https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/b2e009b4-5173-42d0-9202-3e695141d32b.jpg

xKeywordx

Security Researcher

Reviewing smart contracts and making Web3 safer one protocol at a time. Smart Contracts Security Researcher

Contact Me

High

7

Total

Medium

7

Total

$1.16K

Total Earnings

#1232 All Time

7x

Payouts

regular

2x

Top 10

regular

3x

Top 25

regular

3x

Top 50

All

Sherlock

Code4rena

CodeHawks

Feb '25

Yieldoor

Yieldoor

283.95 USDC • 2 total findings • Sherlock • xKeywordx

#7

high

[H-2] - `Leverager::liquidatePosition` function incorrect decimals scaling leads to loss of funds for the protocol

medium

[H-1] - `Leverager::withdraw` function incorrect debt reduction when `token1` is the borrowed asset

Core Contracts

Core Contracts

27.00 usdc • 6 total findings • CodeHawks • xkeywordx

#230

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Incorrect Reward Claim Logic in FeeCollector::claimRewards Causes Denial of Service

high

Attackers can double voting power and veToken amount by locking and increasing

medium

Inconsistent Scaling in RToken Transfer Functions

medium

[L-1] Inaccurate boost calculations in `veRAACToken` due to wrong input parameter

low

Unauthorized Vote Casting Vulnerability

Jan '25

IQ AI

IQ AI

3.58 USDC • 1 total finding • Code4rena • xKeywordx

#16

medium

Ineffective proposal threshold validation allows setting arbitrary high values

Dec '24

SecondSwap

SecondSwap

0.03 USDC • 1 total finding • Code4rena • xKeywordx

#66

medium

Incorrect referral fee calculations

Autonomint Colored Dollar V1

Autonomint Colored Dollar V1

13.73 OP • 3 total findings • Sherlock • xKeywordx

#53

high

[H-5] Lack of access control on `CDS::updateDownsideProtected` function artificially reduces `totalCdsDepositedAmount`

high

[H-1] Wrong check in `BorrowLib::getOptionFeesToPay` allows users to call `renewOptions` on expired Options and bypass fees

medium

[H-4] Lack of checks for `ethVolatility` param inside `Borrowing::depositTokens` function allows users to mint more `USDA`

Oct '24

Orderly Solana Vault Contract

Orderly Solana Vault Contract

824.07 USDC • 1 total finding • Sherlock • xKeywordx

#5

high

[H-1]

Sep '24

Flayer

Flayer

9.24 USDC • 1 total finding • Sherlock • xKeywordx

#67

medium

`UniswapImplementation::setFeeExemption` functionality broken