Software and Security Engineer by day, breaking smart contracts by night.
Sherlock - Surge Finance - First depositor can steal funds from users by forcibly depositing to the lending pool
Sherlock - Olympus - Users can steal additional rewards after withdrawing with claimed set to true
Sherlock - Olympus - Last claimed timestamp for internal rewards is not updated resulting in the theft of LDO tokens
Code4rena - Caviar - Base tokens in pair contract are assumed to have 1e18 decimals
Code4rena - Caviar - Flaw in pair contract allows users to get free fractional tokens
Sherlock - MyCelium - Block future investors from receiving myLink causing a dos condition