https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/761c2f6d-0f47-447d-abe5-caea7aa18cf8.jpg

zigtur

Security Researcher

Web3 Security Researcher 🤖 Finding Rust and Solidity vulns for a living

Contact Me

High

Total

Medium

Total

$256.05K

Total Earnings

#34 All Time

32x

Payouts

2x

1st Places

4x

2nd Places

2x

3rd Places

All

Sherlock

Code4rena

Cantina

CodeHawks

Jan '25

openvm

6,523.8 USDC • 1 total finding • Cantina • zigtur

high

Finding not yet public.

inclusive-monorepo

3,500.66 USDC • 17 total findings • Cantina • zigtur

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Dec '24

aligned-layer

1,419.39 USDC • 1 total finding • Cantina • zigtur

medium

Finding not yet public.

Oct '24

tensor-monorepo

50,840.3 USDC • 7 total findings • Cantina • zigtur

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Sep '24

infinitypools

13,929 USDC • 2 total findings • Cantina • zigtur

high

Finding not yet public.

medium

Finding not yet public.

WOOFi Swap on Solana

486.57 USDC • 2 total findings • Sherlock • zigtur

medium

An admin authority initializing RebateInfo will make claim_rebate_fee unusable

medium

Any user will gain authority on RebateManager

uniswap-v4

5,000 USDC • Cantina • zigtur

#19

Aug '24

Centrifuge

4,380.04 USDC • 4 total findings • Cantina • zigtur

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

zetachain-protocol

199.51 USDC • 1 total finding • Cantina • zigtur

#44

high

Finding not yet public.

Jun '24

Allora

2,349.79 USDC • 3 total findings • Sherlock • zigtur

high

Failed stake removals and failed delegate stake removals are not replayable

high

Anyone can overwrite Reputer and Worker info attached to a LibP2PKey

medium

Funding amount is accounted twice leading to activating topic before reaching the global minimum

grass

2,475.93 USDC • 10 total findings • Cantina • zigtur

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Pegasus

1,205.39 USDC • 1 total finding • Cantina • zigtur

medium

Finding not yet public.

May '24

Bitcoin Staking Scripts

56,390.91 USDC • 9 total findings • Cantina • zigtur

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Euler-v2

1,000 USDC • Cantina • zigtur

#31

Aave v3.1 Competition

6,285.71 GHO • 1 total finding • Cantina • zigtur

medium

Finding not yet public.

safe-extensions

87.5 USDC • 1 total finding • Cantina • zigtur

#26

medium

Finding not yet public.

Apr '24

Renzo

17.04 USDC • 3 total findings • Code4rena • zigtur

#43

high

Incorrect withdraw queue balance in TVL calculation

high

Incorrect calculation of queued withdrawals can deflate TVL and increase ezETH mint rate

medium

Withdrawals and Claims are meant to be pausable, but it is not possible in practice

TITLES Publishing Protocol

48.75 USDC • 2 total findings • Sherlock • zigtur

#28

medium

Signature malleability allows replaying signatures

medium

`mintBatch` is unusable when minting multiple tokens

DYAD

0.3 USDC • 2 total findings • Code4rena • zigtur

#112

high

Attacker can make 0 value deposit() calls to deny user from redeeming or withdrawing collateral

high

Design flaw and mismanagement in vault licensing leads to double counting in collateral ratios and positions collateralized entirely with kerosine

Alchemix - Optimism Bridging and Reward Routing

2,125 USDC • 1 total finding • Sherlock • zigtur

high

Slippage protection doesn't take ETH/alETH and USDC/alUSD conversion rates into calculations

Mar '24

Optimism Fault Proofs

2,203.02 USDC • 1 total finding • Sherlock • zigtur

medium

Permanent DoS of withdrawals due to a blacklisted game's resolution

VenusProtocol/governance-contracts

13,250 USDC • 1 total finding • Cantina • zigtur

medium

Finding not yet public.

Smart-contracts

694.63 USDC • 3 total findings • Cantina • zigtur

#19

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Feb '24

eigenlayer-contracts

20,250 USDC • 1 total finding • Cantina • zigtur

medium

Finding not yet public.

opal-contracts

999.6 USDC • 8 total findings • Cantina • zigtur

#16

high

Finding not yet public.

high

Finding not yet public.

high

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

medium

Finding not yet public.

Jan '24

Blast

52,486.93 USDC • 2 total findings • Cantina • zigtur

high

Finding not yet public.

medium

Finding not yet public.

MorpheusAI

17.08 USDC • 1 total finding • CodeHawks • zigtur

#21

low

Do not hardcode `_zroPaymentAddress` field to `address(0)`

lockbox-solana

3,061.93 USDC • 2 total findings • Cantina • zigtur

medium

Finding not yet public.

medium

Finding not yet public.

Opus

4,529.91 USDC • Code4rena • zigtur

Dec '23

The Standard

0.12 USDC • 3 total findings • CodeHawks • zigtur

#98

high

Rewards can be drained because of lack of access control

high

Looping over unbounded `pendingStakes` array can lead to permanent DoS and frozen funds

low

`costInEuros` calculation will incur precision loss due to division before multiplication

Nov '23

core-and-erc1155a

282.99 USDC • 1 total finding • Cantina • zigtur

#21

high

Finding not yet public.

Aug '23

Sparkn

5.30 USDC • 2 total findings • CodeHawks • zigtur

#75

medium

Malicious/Compromised organiser can reclaw all funds, stealing work from supporters

low

Centralization Risk for trusted organizers