https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/b1bb14b5-0bb5-4554-8872-cfd9947aec49.jpeg

yovchev_yoan

Security Researcher

Contact Me

High

13

Total

Medium

11

Total

$3.46K

Total Earnings

#891 All Time

13x

Payouts

gold

1x

1st Places

bronze

1x

3rd Places

regular

4x

Top 10

All

Sherlock

Code4rena

CodeHawks

Jun '25

DODO Cross-Chain DEX

DODO Cross-Chain DEX

689.24 USDC • 5 total findings • Sherlock • SafetyBytes

#4

high

Anyone Can Steal Non-EVM Cross-Chain Refunds

high

Parameter Validation Gap Enables Systematic Token Theft Across Bridge Contracts

high

Missing Native Token Amount Validation in `withdrawToNativeChain`

medium

Protocol doesn't work with USDT token

medium

Silent ETH Fund Loss in Cross-Chain Revert Mechanism

May '25

LEND

LEND

0.41 USDC • 2 total findings • Sherlock • SafetyBytes

#110

high

LEND Rewards Can Be Claimed Multiple Times Due to Missing State Reset

medium

Double Interest Calculation in Liquidation Logic Leads to Unfair Liquidation of Healthy Positions

Apr '25

Pareto USP, a credit-backed synthetic dollar

Pareto USP, a credit-backed synthetic dollar

2,166.66 USDC • 1 total finding • Sherlock • SafetyBytes

gold

medium

Accounting Failure in Credit Vault Valuation During Borrower Default

Feb '25

Core Contracts

Core Contracts

15.31 usdc • 9 total findings • CodeHawks • SafetyBytes

#258

high

ZENO Token Redemption Returns Negligible USDC Amount Compared to Purchase Price

high

Incorrect decimal handling in `Auction::buy()` leads to massive overpayment for ZENO tokens

high

RAACNFT mint function receives funds to address(this) but has no way of withdrawing them

high

Users Can Overwrite Existing Locks in veRAACToken Resulting in Permanent Loss of Funds

high

Users can borrow more assets than they have deposited as collateral

high

Attackers can get most of RAACToken rewards by withdrawing dust amount from StabilityPool multiple times

high

NFTs Get Permanently Locked in Stability Pool After Liquidation

medium

LendingPool deposits do not work with CurveVault due to lack of funds

low

Emergency withdraw functionality in veRAACToken takes longer than expected

Dec '24

Alchemix Transmuter

Alchemix Transmuter

3.30 op • 2 total findings • CodeHawks • yovchevyoan

#28

low

Missing Router Update Mechanism in StrategyMainnet Contract

low

Old router retains token allowance after update

Oku's New Order Types Contract Contest

Oku's New Order Types Contract Contest

0.02 OP • 2 total findings • Sherlock • yovchev_yoan

#64

high

Order ID Manipulation

medium

Incorrect price staleness check in `PythOracle::currentValue`

Nov '24

Debita Finance V3

Debita Finance V3

12.57 USDC • 1 total finding • Sherlock • yovchev_yoan

#49

medium

Loan Extension Fails Due to Unused Time Calculation

Telcoin Update #2

Telcoin Update #2

9.10 USDC • Sherlock • yovchev_yoan

#44

Project

Project

80.34 USDC • 1 total finding • CodeHawks • yovchevyoan

#13

medium

Reorg Vulnerability in DAO Membership Creation Allows Users to Join Incorrect DAOs

Aug '24

Cork Protocol

Cork Protocol

3.41 USDC • 1 total finding • Sherlock • yovchev_yoan

#17

medium

`LvDepositNotPaused` modifier does not correctly check if the given Ids' deposits are paused, leading to users being able to deposit even if deposit is paused

May '24

Midas

Midas

69.66 USDC • 1 total finding • Sherlock • yovchev_yoan

#5

medium

[H-1] `ManageableVault` contract is missing storage gaps, potentially leading to storage collision

LoopFi

LoopFi

386.08 USDC • 1 total finding • Code4rena • yovchev_yoan

bronze

high

Availability of deposit invariant can be bypassed

Feb '24

AI Arena

AI Arena

22.56 USDC • 1 total finding • Code4rena • yovchev_yoan

#107

medium

DoS in `MergingPool::claimRewards` function and potential DoS in `RankedBattle::claimNRN` function if called after a significant amount of rounds passed.