Twitter: @0xOndrejJuda
Discord: 0xjuda
Contest / bug bounty platform profiles:
| Date | Protocol | Platform | High | Medium | Low |
|---|---|---|---|---|---|
| November 2023 | Morpho Blue | Cantina | 0 | 0 | 0 |
| November 2023 | NextGen | Code4rena | 3 | 1 | 0 |
| October 2023 | Real Wagmi #2 | Sherlock | 2 | 0 | - |
| September 2023 | Venus Prime | Code4rena | 0 | 0 | 0 |
| September 2023 | Centrifuge | Code4rena | 0 | 0 | 0 |
| September 2023 | Chainlink Staking v0.2 | Code4rena | 0 | 0 | 0 |
| August 2023 | Tokemak | Sherlock | 4 | 0 | - |
| July 2023 | CodeHawks Escrow | CodeHawks | 0 | 3 | 1 |
| July 2023 | Beedle | CodeHawks | 2 | 1 | 0 |
| June 2023 | Real Wagmi | Sherlock | 0 | 0 | - |
| June 2023 | Unitas Protocol | Sherlock | 0 | 1 | - |
| Summary | 11 | 11 | 6 | 1 |
Morpho Blue is a trustless lending primitive that offers unparalleled efficiency and flexibility. It enables the creation of isolated lending markets by specifying any loan asset, any collateral asset, a liquidation LTV (LLTV), an oracle, and an interest rate model.
Contest link: cantina.xyz
Advanced smart contracts for launching generative art projects on Ethereum.
Contest link: code4rena.com
| ID | Title | Severity |
|---|---|---|
| H-01 | Bids will be stuck in the auction contract if the winner doesn't implement onERC721Received | High |
| H-02 | Active bidder may reenter into cancelBid from claimAuction to profit at the expense of the contract and original token owner | High |
| H-03 | Hacker can DoS auction and gas grief claimAuction caller | High |
| H-04 | User can mint more tokens than he should during the allowlist phase | High |
Unlock the power of DeFi with Wagmi - an all-in-one platform for trading, liquidity provision, swapping, and yield strategy generation.
Contest link: sherlock.xyz
| ID | Title | Severity |
|---|---|---|
| H-01 | Slippage protection for LiquidityBorrowingManager#repay doesn't work | High |
| H-02 | Lender burning his position makes complete repay of borrow position impossible | High |
Earn, borrow & lend on the #1 Decentralized Money Market on the BNB chain.
Contest link: code4rena.com
The institutional ecosystem for on-chain credit.
Contest link: code4rena.com
A security mechanism in which stakers commit LINK in smart contracts to back certain performance guarantees around oracle services.
Contest link: code4rena.com
Generating sustainable liquidity for the tokenized world. Eliminating inefficiencies and helping LPs to deploy liquidity where it can do the most work is exactly why the Tokemak v2 is built.
Contest link: sherlock.xyz
| ID | Title | Severity |
|---|---|---|
| H-01 | User can transfer LMPVault shares to claim rewards multiple times | High |
| H-02 | Router double accounting problem and exposed funds in smart contract | High |
| H-03 | Liquidations miss delegate call to swapper | High |
| H-04 | User can deposit and immediatelly withdraw to steal rewards | High |
This project is meant to enable smart contract auditors (sellers) and smart contract protocols looking for audits (buyers) to connect using a credibly neutral option, with optional arbitration.
Contest link: codehawks.com
| ID | Title | Severity |
|---|---|---|
| M-01 | ResolveDispute can revert because of rebase token | Medium |
| M-02 | No methods to stop and replace arbiter if keys are leaked | Medium |
| M-03 | Tokens get stuck in Escrow when arbiter or seller are blacklisted | Medium |
| L-01 | There is no check that arbiter is not buyer nor seller | Low |
Oracle free peer to peer perpetual lending.
Contest link: codehawks.com
| ID | Title | Severity |
|---|---|---|
| H-01 | Malicious lender gains value by borrowing from his pool and giving the loan away | High |
| H-02 | Function sellProfits lack expiration timestamp and slippage protection | High |
| M-01 | Uniswap fee is hardcoded in Fees.sol | Medium |
Swap earn and provide liquidity on the leading decentralized protocol built on zkSync. Experience the future of decentralized finance with Wagmi.
Contest link: sherlock.xyz
Unitized stablecoins serving as units of account representing emerging market currencies. A new currency revolution.
Contest link: sherlock.xyz
| ID | Title | Severity |
|---|---|---|
| M-01 | Stale price leads to user getting incorrect token amount | Medium |