https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/32502ec8-17b4-43a9-a3f0-741fbb4c66a0.jpg

y0ng0p3

Security Researcher

Contact Me

High

6

Total

Medium

10

Total

$490.00

Total Earnings

#1555 All Time

11x

Payouts

regular

5x

Top 50

All

Code4rena

CodeHawks

Feb '25

Core Contracts

Core Contracts

44.00 usdc • 9 total findings • CodeHawks • y0ng0p3

#199

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Ownership Parameter Mismatch in LendingPool’s Vault Withdrawal Logic

high

Attackers can double voting power and veToken amount by locking and increasing

medium

Wrong access control in `RAACToken::setFeeCollector`, `RAACToken::setSwapTaxRate`, `RAACToken::setBurnTaxRate`

medium

Paused Protocol Prevents Critical Functions Including Debt Repayment and Liquidations

low

`mint` function in RToken contract doesn't return the correct expected values, leading to emission of ReserveLibrary `Deposit` event and LendingPool `Deposit` event with incorrect values.

low

Limited veRaac Token Supply Triggers DoS, Hampering Proper Governance Participation.

low

`DebtToken::burn`'s Return Values are wrong

low

`DebtToken::burn()` event parameters and return values ​​are incorrect

Dec '24

Alchemix Transmuter

Alchemix Transmuter

3.30 op • 2 total findings • CodeHawks • y0ng0p3

#28

low

Missing Router Update Mechanism in StrategyMainnet Contract

low

Old router retains token allowance after update

SecondSwap

SecondSwap

4.17 USDC • 2 total findings • Code4rena • y0ng0p3

#55

high

`SecondSwap_Marketplace` vesting listing order affects how much the vesting buyers can claim at a given step

medium

Incorrect referral fee calculations

Oct '24

Dria

Dria

6.56 USDC • 1 total finding • CodeHawks • y0ng0p3

#63

medium

Unrestricted validation score range for validators in `LLMOracleCoordinator::validate`.

Aug '24

Tadle

Tadle

0.00 USDC • 1 total finding • CodeHawks • y0ng0p3

#175

high

Incorrect set up and logic of `referralInfoMap` in `SystemConfig::updateReferrerInfo` function

Jul '24

LoopFi

LoopFi

0.06 USDC • 1 total finding • Code4rena • y0ng0p3

#57

medium

`PendleLPOracle::_fetchAndValidate` uses Chainlink's deprecated `answeredInRound`

TempleGold

TempleGold

21.05 USDC • 1 total finding • CodeHawks • y0ng0p3

#35

high

Incompatibility with Multisig Wallets in `TempleGold::send` Function

May '24

Predy

Predy

0.17 USDC • 1 total finding • Code4rena • y0ng0p3

#42

medium

Chainlink's `latestRoundData` might return stale or incorrect results

Mar '24

Revert Lend

Revert Lend

162.19 USDC • 3 total findings • Code4rena • y0ng0p3

#43

medium

Dangerous use of deadline parameter

medium

V3Oracle susceptible to price manipulation

medium

V3Vault is not ERC-4626 compliant

Dec '23

The Standard

The Standard

0.04 USDC • 1 total finding • CodeHawks • y0ng0p3

#104

low

`costInEuros` calculation will incur precision loss due to division before multiplication

Ethereum Credit Guild

Ethereum Credit Guild

249.22 USDC • 1 total finding • Code4rena • y0ng0p3

#50

medium

PnL system can be broken by large users intentionally or unintentionally.