https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/7d714f3f-e469-4bb0-897a-e596fdab890d.jpg

xfu

Security Researcher

#Web3 builder and lifelong learner #Web3 Security Researcher Using #Twitter as a knowledge base

Contact Me

High

Total

Medium

Total

$248.00

Total Earnings

#1705 All Time

5x

Payouts

1x

Top 50

All

Code4rena

CodeHawks

Aug '23

Sparkn

0.37 USDC • 1 total finding • CodeHawks • xfu

#91

low

Potential DOS due to Gas Exhaustion Due to Large Array Iteration in `_distribute` Function

Jul '23

Beedle - Oracle free perpetual lending

120.58 USDC • 22 total findings • CodeHawks • xfu

#36

high

Fee on transfer tokens will cause users to lose funds

high

`Lender` does not handle correctly rebasing, inflationary, deflationary tokens and tokens with fee on transfer

medium

Single-step process for critical ownership transfer is risky

medium

Some ERC20 tokens would revert on zero value fee transfers.

low

Zero address leads to transaction reverts

low

Lender fails to giveLoan because of inconsistent length between `loadIds` and `poolIds`

low

Missing Events Emitting

low

Amount != 0 checks are missing

gas

Multiple accesses of a mapping/array should use a local variable cache.

gas

Uncheck Arithmetic where overflow/underflow impossible

gas

Unnecessary If condition in update() of Staking.sol

gas

Use assembly to check for `address(0)`

gas

Floating pragma in all contracts

gas

Conformance to Solidity naming conventions

gas

Multiple `address` mappings can be combined into a single mapping of an `address` to a `struct`, where appropriate

gas

Using `x >> constant(uint)` with the right shift operator is a more gas-efficient

gas

[G-01] - Do not add the data which is alreday included in the tx to save users gas cost.

gas

Test Coverage Improvements

gas

Using delete statement can save gas

gas

Use `assembly` to write address storage values

gas

Use indexed events for value types as they are less costly compared to non-indexed ones

gas

Events are missing sender information

Foundry DeFi Stablecoin CodeHawks Audit Contest

36.27 USDC • 8 total findings • CodeHawks • xfu

#52

medium

Chainlink oracle will return the wrong price if the aggregator hits `minAnswer`

medium

Too many DSC tokens can get minted for fee-on-transfer tokens.

low

Pragma isn't specified correctly which can lead to nonfunction/damaged contract when deployed on Arbitrum

gas

`++i`/`i++` should be `unchecked{++i}`/`unchecked{i++}` when it is not possible for them to overflow, as is the case when used in `for`- and `while`-loops

gas

Combine Multiple Mapping Address

gas

Use `assembly` to check for `address(0)`

gas

Unnesessery argument in getTimeout function

gas

Amounts should be checked for `0` before calling a `transfer`

CodeHawks Escrow Contract - Competition Details

3.70 USDC • 2 total findings • CodeHawks • xfu

#86

gas

Contract Can Be Deployed Without Funds.

gas

Use assembly to check for `address(0)`

Tapioca DAO

87.31 USDC • Code4rena • xfu

#78