blog

CRYP70

Software and Security Engineer by day, breaking smart contracts by night.

Publicly Disclosed Web3 Security Findings

blog

CATEGORY

HIGH

Sherlock - Surge Finance - First depositor can steal funds from users by forcibly depositing to the lending pool

blog

CATEGORY

HIGH

Sherlock - Olympus - Users can steal additional rewards after withdrawing with claimed set to true

blog

CATEGORY

MEDIUM

Sherlock - Olympus - User rewards will be lost when a reward token is removed from the protocol

blog

CATEGORY

HIGH

Sherlock - Olympus - Last claimed timestamp for internal rewards is not updated resulting in the theft of LDO tokens

blog

CATEGORY

MEDIUM

Sherlock - Ajna - Flash loans dont check pool deposit before and after

blog

CATEGORY

MEDIUM (UNIQUE)

Sherlock - Ajna - Auction timers following liquidity can cause pool insolvency

blog

CATEGORY

MEDIUM

Code4rena - Caviar - Base tokens in pair contract are assumed to have 1e18 decimals

blog

CATEGORY

MEDIUM

Code4rena - Caviar - Flaw in pair contract allows users to get free fractional tokens

blog

CATEGORY

HIGH

Code4rena - Caviar - Critical flaw in providing liquidity results in an immediate loss of funds

blog

CATEGORY

MEDIUM

Sherlock - MyCelium - Block future investors from receiving myLink causing a dos condition

blog

CATEGORY

LOW

Sherlock - MyCelium - Users can be rugged by the admin user

blog

CATEGORY

HIGH

Sherlock - Opyn - usdcAmount will be incorrect in WithdrawAuction() when attempting to transfer proportionate amount