CRYP70
Software and Security Engineer by day, breaking smart contracts by night.
Publicly Disclosed Web3 Security Findings
CATEGORY
HIGH
Sherlock - Surge Finance - First depositor can steal funds from users by forcibly depositing to the lending pool
CATEGORY
HIGH
Sherlock - Olympus - Users can steal additional rewards after withdrawing with claimed set to true
CATEGORY
MEDIUM
Sherlock - Olympus - User rewards will be lost when a reward token is removed from the protocol
CATEGORY
HIGH
Sherlock - Olympus - Last claimed timestamp for internal rewards is not updated resulting in the theft of LDO tokens
CATEGORY
MEDIUM (UNIQUE)
Sherlock - Ajna - Auction timers following liquidity can cause pool insolvency
CATEGORY
MEDIUM
Code4rena - Caviar - Base tokens in pair contract are assumed to have 1e18 decimals
CATEGORY
MEDIUM
Code4rena - Caviar - Flaw in pair contract allows users to get free fractional tokens
CATEGORY
HIGH
Code4rena - Caviar - Critical flaw in providing liquidity results in an immediate loss of funds
CATEGORY
MEDIUM
Sherlock - MyCelium - Block future investors from receiving myLink causing a dos condition
CATEGORY
HIGH
Sherlock - Opyn - usdcAmount will be incorrect in WithdrawAuction() when attempting to transfer proportionate amount