Lead Security Researcher at Cyfrin with a focus on auditing complex systems deployed on the EVM.
Prior to switching my career to we3sec I worked in Software Development roles for around 4 years.
I specialize in disecting smart contract systems to find hidden and complex bugs.
My area of expertise:
- Lending Systems
- DeFi Integrations
- Yield Tokenization
- Staking
- Perpertual Systems
- Stablecoins
- Crowdfunding / Launchpads / Airdrops Mechanisms
- RWA Systems
- Crosschain / Multichain
| Project Name | Date | Category | Report |
|---|---|---|---|
| 2026-03 | To be disclosed | ||
| WLFI - Stablecoin EIP-3009 | 2026-03 | EIP-3009 Integration | To be disclosed |
| ENS DAO | 2026-03 | DAO Proposal / Access Control | To be disclosed |
| Parallel 3.1 | 2026-02 | Stablecoin / PSM / Angle Fork / LZ Integration | To be disclosed |
| Linea Forced TXs | 2026-02 | L2 Rollup | To be disclosed |
| Libre - Horizon Fee Module | 2026-01 | TradFi / Horizon Integration | To be disclosed |
| Securitize Whitelister | 2026-01 | Access Control | To be disclosed |
| Matrixdoc XAUM EVM | 2026-01 | Multichain / CCIP Integration / LZ Integration | To be disclosed |
| Strata Shares Cooldown | 2026-01 | Yield Tokenization / Vault / Tranches | REPORT |
| Linea Mixed Update | 2026-01 | L2 Rollup | To be disclosed |
| Lido Earn | 2025-12 | DeFi Strategies | REPORT |
| STBL Peg | 2025-11 | Yield Tokenization / StableCoin | PRIVATE |
| Remora Final Audit | 2025-11 | RWA / Crowdfunding | Report |
| Linea Native Yield | 2025-11 | LidoV3 Integration | REPORT |
| Linea Burn Mechanism | 2025-10 | Rollup Fee Mechanism | Report |
| STBL MFS | 2025-10 | Staking / Airdrop | PRIVATE |
| Remora Dynamic Tokens | 2025-10 | RWA / Crowdfunding | Report |
| Strata Tranches | 2025-09 | Yield Tokenization / Vault / Tranches | Report |
| Securitize - DSToken | 2025-09 | TradFi | Report |
| STBL | 2025-08 | Yield Tokenization / StableCoin | Report |
| Project Name | Date | Category | Report |
|---|---|---|---|
| Hooked | 2025-07 | UniV4 Hooks / ve(3,3) | PRIVATE |
| Finance_VII | 2025-07 | UniV4 Hooks and Euler Integration | Report |
| Remora | 2025-06 | RWA / Crowdfunding | Report |
| PaidNetwork | 2025-05 | Launchpad | PRIVATE |
| NDA | 2024-11 | Multichain Voting | NDA |
| NDA | 2024-10 | UniswapV4 Router Fork | NDA |
| NDA | 2024-10 | LST | NDA |
| NDA | 2024-05 | L2 Rollup | NDA |
| Project Name | Date | Category | Report |
|---|---|---|---|
| LST Hyperdrive | 2025-07 | Staking in Hyperliquid | PRIVATE |
| Camelot_OptionSale | 2025-06 | Launchpad / Options Sales | Report |
| InceptionVaults II | 2025-05 | LST / LRT | Report |
| GogoPool | 2025-05 | Staking Avalanche Subnet | PRIVATE |
| ListaDAO_Providers | 2025-05 | Lending (Morpho Fork) | Report |
| Atlantis | 2025-04 | Launchpad | Report |
| 1inch Taker Fees | 2025-04 | Fee Mechanism | Report |
| H3rmes Sonic | 2025-04 | Leverage Lending | PRIVATE |
| InceptionVaults | 2025-03 | LST / LRT | Report |
| ListaDAO | 2025-03 | Lending (Morpho Fork) | Report |
| 0x - SafeGuard | 2025-03 | SafeGuard Module | Report |
| Hyperdrive Lending | 2025-03 | Lending / Hyperliquid | PRIVATE |
| Project Name | Date | Category | Report |
|---|---|---|---|
| Remora | 2025-03 | RWA | PRIVATE |
| Remora | 2025-02 | RWA | PRIVATE |
Ordered by impact
| Contest Name | Category | Rank |
|---|---|---|
| Zaros | Perpetuals / Options | 1st π₯ |
| Concrete | Vault / DeFi Strategies | 1st π₯ |
| WiseLending | Lending | 2nd π₯ |
| MaiaUlysses | Lending / LZ Integration | 2nd π₯ |
| Morpho | Lending | 3rd π₯ |
| IdleFinance | Lending / Vault | 3rd π₯ |
| PoolTogether | GameFi / Yield Tokenization | 3rd π₯ |
| EthereumCreditGuild | Lending | 3rd π₯ |
| BakerFi | Vault / DeFi Strategies | 3rd π₯ |
| CopraFinance | Crypto Bond | 4th ποΈ |
| Index | Lending | 5th ποΈ |
| Flow | Payment Streaming | 5th ποΈ |
| MorphL2 | L2 Bridge / Staking | 5th ποΈ |
| MaiaDAO | Lending / Multichain | 5th ποΈ |
| Centrifuge | RWA | 7th π |
| Venus Isolated Pools | Lending | 7th π |
| PoolTogether Deux | GameFi / Yield Tokenization | 7th π |
| SiloV2 | Lending | 8th π |
| Panoptic | Perpetuals / Options | 10th π |
| OndoFinance | RWA | 10th π |
All Public Engagements are listed on my Sherlock Profile
- π΄ High - Linea Native Yield - Execution of lstLiabilities repayment upon detection of positive yield and sufficient stVault liquidity disrupts the integrity of userFunds accounting leading to breaking core functionality to report positive yield and repayment of liabilities and obligations
- π΄ High - Wildcat - Lenders can escape the blacklisting of their accounts because they can move their MarketTokens to different accounts
- π΄ High - WiseLending - Incorrect bad debt accounting can lead to a state where the claimFeesBeneficial function is permanently bricked and no new incentives can be distributed
- π΄ High - Remora - A single holder can grief the payouts of all holders forwarding their payouts to the same forwarder
- π΄ High - PoolTogether - Increasing reserves breaks PrizePool accounting
- π΄ High - Hooked - Gauges cannot receive their share of Hooked emissions due to incorrect reference to the new epoch timestamp during notification and distribution
- π΄ High - Hooked - Blacklisting can be circumvented by merging into a non-blacklisted token ID
- π΄ High - Hooked - Voters can receive fewer incentives than expected when recasting their votes of multiple veNFTs to the same pool in a subsequent epoch due to their MultiIncentives balance being overwritten
- π΄ High - STBL MFS - most of the crits
- π‘ Medium - Strata Tranches - Tranche::burnSharesAsFee can be used to manipulate the exchange rate to cause withdrawals to revert for legitimate users
- π‘ Medium - Strata Tranches - APR Targets are not updated when withdrawal requests are sent to the SharesCooldown to reflect the change on NAVs caused by the charged fees for the withdrawal
- π‘ Medium - Ondo - Investors claiming their maxDeposit by using the LiquidityPool.deposit() will cause that other users won't be able to claim their maxDeposit/maxMint
- π΅ Low - Lido - Griefing attack on depositors by manipulating the exchange rate during recoveryMode via a donation of TARGET_VAULTs shares in between emergencyMode and recoveryMode
- π΄ High - User's assets can be stolen when removing them from the Singularity market through the Magnetar contract
- π΄ High - Not using eMode's risk parameters configurations to calculate the maxBorrow/repayAmount when eMode is activated
- π΄ High - Incorrect integration with Aave - Incorrect usage of the eMode's risk
- π΄ High - Anybody can buy collateral on behalf of other users without having any allowance using the multiHopBuyCollateral()
- π΄ High - User's assets can be stolen when removing them from the Singularity market through the Magnetar contract
- π΄ High - update_debt() function doesn't accrue interests even though the debt_token has outsanding debt
- π‘ Medium - rounding causes investors to not be able to claim their max deposits
- π‘ Medium - All supplied WETH to Aave as a deposit by a Strategy will be irrecoverable
- π‘ Medium - cWithdrawing uncollateralized deposits is possible even though the position is in liquidation mode
- π‘ Medium - LiquidateWithReplacement does not charge swap fees on the borrower
- π΄ High - Panoptic -
SettleLongPremiumis incorrectly implemented: premium should be deducted instead of added - π΄ High - Panoptic - Wrong leg
chunkKeycalculation inhaircutPremiafunction - π΄ High - Zaros - Positive PnL is lost for all parties when liquidating an account, potentially causing that the MarginCollateralRecipient ends up receiving way less USD value than what it could have received.
- π‘ Medium - Zaros - Liquidating positions of different accounts for the same market on the same block.timestamp uses the same fundingFeePerUnit regardless of the computed MarkPrice based on the size of the position been liqudiated.
- π΄ High - FinanceVII - Fees can be stolen from partially unwrapped UniV4 positions
- π΄ High - Hooked - Uniswap V4 swap fee handling is completely broken due to dynamic LP fee override not being applied as intended, overcharging swappers and breaking the incentive mechanism
- π΄ High - Hooked - New liquidity positions can claim the incentives emission growth since the first emission of the corresponding pool due to uninitialized state
- π΄ High - Maia - Incorrectly reading the offset from the received data parameter to get the depositNonce
- π΄ High - Maia - Accessing the incorrect offset to get the nonce
- π΅ Informational - Linea Burn - initialize function not usable because proxy is already initialized
- π΅ Low - Lido - ERC4626Adapter::maxMint doesn't consider pending fees to be harvested which leads to under-calculating the real shares that can be minted
- π΄ High - Hooked - Contracts intended to be upgradeable lack upgrade capability