https://sherlock-files.ams3.digitaloceanspaces.com/profile_images/defaults/default_avatar_9.png

zaskoh

Security Researcher

Contact Me

High

6

Total

Medium

13

Total

$9.33K

Total Earnings

#587 All Time

13x

Payouts

bronze

1x

3rd Places

regular

4x

Top 10

regular

9x

Top 25

All

Sherlock

Code4rena

Mar '23

Neo Tokyo contest

Neo Tokyo contest

235.24 USDC • Code4rena • zaskoh

#11

Wenwin contest

Wenwin contest

169.8 USDC • Code4rena • zaskoh

#21

Jan '23

RabbitHole Quest Protocol contest

RabbitHole Quest Protocol contest

1,034.68 USDC • 4 total findings • Code4rena • zaskoh

#8

high

Protocol fees can be withdrawn multiple times in `Erc20Quest`

medium

Possible scenario for Signature Replay Attack

medium

When `rewardToken` is erc1155/erc777,an attacker can reenter and cause funds to be stuck in the contract forever

medium

Users may not claim Erc1155 rewards when the Quest has ended

Cooler

Cooler

208.59 USDC • 3 total findings • Sherlock • zaskoh

#18

high

If debt token has a blacklist (like USDC / tether / ...), then repay() does not work for borrower

high

Not checking return value for ERC20 transferFrom and transfer

medium

Missing check for decollateralized > 0 in Cooler.repay

Ondo Finance contest

Ondo Finance contest

2,821.71 USDC • 1 total finding • Code4rena • zaskoh

#5

high

Loss of user funds when completing CASH redemptions

Astaria contest

Astaria contest

339.14 USDC • 1 total finding • Code4rena • zaskoh

#34

medium

minDepositAmount is unnecessarily high, can price out many users

Biconomy - Smart Contract Wallet contest

Biconomy - Smart Contract Wallet contest

1,080.21 USDC • 3 total findings • Code4rena • zaskoh

#8

high

Attacker can gain control of counterfactual wallet

medium

DoS of user operations and loss of user transaction fee due to insufficient gas value submission by malicious bundler

medium

[Medium-3] Non-compliance with EIP-4337

Dec '22

prePO contest

prePO contest

2,397.42 USDC • 3 total findings • Code4rena • zaskoh

bronze

high

griefing / blocking / delaying users to withdraw

medium

Manager can get around min reserves check, draining all funds from Collateral.sol

medium

Frontrunning for unallowed minting of Short and Long tokens

Escher contest

Escher contest

66.79 USDC • 1 total finding • Code4rena • zaskoh

#43

medium

Use of `payable.transfer()` Might Render ETH Impossible to Withdraw

Nov '22

LSD Network - Stakehouse contest

LSD Network - Stakehouse contest

140.62 USDC • 1 total finding • Code4rena • zaskoh

#39

medium

GiantMevAndFeesPool.previewAccumulatedETH function: "accumulated" variable is not updated correctly in for loop leading to result that is too low

Blur Exchange contest

Blur Exchange contest

527.83 USDC • 1 total finding • Code4rena • zaskoh

#15

medium

Hacked owner or malicious owner can immediately steal all assets on the platform

LooksRare Aggregator contest

LooksRare Aggregator contest

194.39 USDC • 1 total finding • Code4rena • zaskoh

#17

medium

Public to all funds escape

Debt DAO contest

Debt DAO contest

110.58 USDC • Code4rena • zaskoh

#43