https://sherlock-files.ams3.digitaloceanspaces.com/twitter_images/f3e53544-5ded-45bb-a21a-0b16c8a1516a.jpg

zzebra83

Security Researcher

Smart Contract Security Researcher - C4 Warden ⚔️ - Senior IoT Engineer.

Contact Me

High

Total

Medium

Total

$22.13K

Total Earnings

#341 All Time

12x

Payouts

1x

3rd Places

2x

Top 10

4x

Top 25

All

Code4rena

Mar '25

Forte: Float128 Solidity Library

464.11 USDC • 2 total findings • Code4rena • zzebra83

#12

high

Natural Logarithm Function Silently Accepts Invalid Non-Positive Inputs

high

Early 72-digit adjustment in sqrt will lead to incorrect result exponent calculation

Dec '24

SecondSwap

3.64 USDC • 3 total findings • Code4rena • zzebra83

#58

high

Users can claim more that their actual allotment

medium

maxSellPercent can be buypassed by selling previously bought vestings at a later time

medium

Listing potential can not be purchased with discounted price

Lambo.win

0.3 USDC • 2 total findings • Code4rena • zzebra83

#35

high

Minting zero tokens when underlyingToken is not Ether in cashIn()

medium

Since the cost of launching a new pool is minimal, an attacker can maliciously consume VirtualTokens.

Jul '24

LoopFi

220.89 USDC • 1 total finding • Code4rena • zzebra83

#34

medium

`lastRPS` could be set to `0` accidentally

Jun '24

Size

918.91 USDC • 2 total findings • Code4rena • zzebra83

#29

medium

Fragmentation fee is not taken if user compensates with newly created position

medium

Borrower is not able to compensate his lenders if he is underwater

Mar '24

Taiko

9,799.48 USDC • 3 total findings • Code4rena • zzebra83

high

Taiko L1 - Proposer can maliciously cause loss of funds by forcing someone else to pay prover's fee

medium

Taiko SGX Attestation - Improper validation in certchain decoding

medium

The top tier prover can not re-prove

Jan '24

Salty.IO

2,659.2 USDC • 1 total finding • Code4rena • zzebra83

medium

Salt Rewards - Rewards related to Arbitrage profits for pools can be lost

reNFT

1.8 USDC • Code4rena • zzebra83

#68

Aug '23

Dopex

518.34 USDC • 3 total findings • Code4rena • zzebra83

#38

high

The peg stability module can be compromised by forcing lowerDepeg to revert.

medium

No mechanism to settle out-of-money put options even after Bond receipt token is redeemed.

medium

`sync` function in `RdpxV2Core.sol` should be called in multiple scenarios to account for the balance changes that occurs

Jul '23

Tapioca DAO

2,259.91 USDC • 3 total findings • Code4rena • zzebra83

#27

high

Collateral can be locked in BigBang contract when `debtStartPoint` is nonzero

high

Attacker can steal victim's oTAP position contents via `MagnetarMarketModule#_exitPositionAndRemoveCollateral()`

medium

Magnetar V2 - mintFromBBAndLendOnSGL can not lock singularity assets to generate TOLP

May '23

Maia DAO Ecosystem

5,282.89 USDC • 6 total findings • Code4rena • zzebra83

#12

high

Ulysses omnichain - RetrieveDeposit might never be able to Trigger the Fallback function

high

Multiple issues with `retrySettlement()` and `retrieveDeposit()` will cause loss of users' bridging deposits

medium

Ulysses omnichain - addbridgeagentfactory in rootPort is not functional

medium

Ulysses omnichain - User Funds can get locked permanently via making callout without deposit

medium

RestakeToken function is not permissionless

medium

The user is enforced to overpay for the fallback gas when `retryDeposit`

Apr '23

Frankencoin

0.07 USDC • 1 total finding • Code4rena • zzebra83

#69

medium

function `restructureCapTable()` in Equity.sol not functioning as expected