Spearbit OpenSea Seadrop - https://github.com/spearbit/portfolio/blob/master/pdfs/Seadrop-Spearbit-Security-Review.pdf Llama - https://github.com/spearbit/portfolio/blob/master/pdfs/Llama-Spearbit-Security-Review.pdf Oak Security Battlefly(https://www.battlefly.game/) deposit locker - report not public Battlefly(https://www.battlefly.game/) OTC - report not public

Low severity [L-1] The contract would lead to less reward for users if one of the reward tokens is VAPE token Context https://github.com/VaporFi/vapordex-contracts/blob/staging/contracts/StableVapeStaking.sol#L41-L48 Description When the staking token is the same as the reward token. This kind of liquidity pool is popular among DeFi platforms because it directly helps increase the usability of that token. The contract takes many factors such as the user’s shares and the total amount of tokens staked to help calculate the reward for each user. In updateReward(), the total amount of token staked for a specific pool is identified using the balance of that token in the contract. If the pool allows the use of the reward token for staking, the amount stored in will be incorrectly inflated due to the reward minted to the contract, leading to the reward miscalculation. This issue has a direct impact on the users because the miscalculation will lower the benefits that the users should receive, which will be continually reduced based on the rewards that have not been claimed from the contract by other users.

Find the router and factory address of following uniswap v2 forked protocol on binance smart chain: For ex: Uniswap factory address of hakuswap is 0x2Db46fEB38C57a6621BCa4d97820e1fc1de40f41 and router address of pandaswap is 0x67c58C8f01f50589A52C2C0b233Db9aF6A66a0F0 for AVALANCHE C CHAIN. Alitafinance Factory 0xC7a506ab3ac668EAb6bF9eCf971433D6CFeF05D9 Router 0x730aCC3bBf2443f2EaEaCFc7ac7b4d8DC9E32dB8 ApeSwap Factory 0x0841BD0B734E4F5853f0dD8d7Ea041c241fb0Da6 Router 0xcF0feBd3f17CEf5b47b0cD257aCf6025c5BFf3b7

A security analysis review of the Cryptofield-core repo was done for VHS This final audit report includes all the vulnerabilities, issues and code improvements found during the security reviews and post-fix status. Benchmark Guidelines Impact High - leads to a significant material loss of assets in the protocol or significantly harms a group of users. Medium - only a small amount of funds can be lost (such as leakage of value) or a core functionality of the protocol is affected. Low - can lead to any kind of unexpected behaviour with some of the protocol's functionalities that's not so critical. Likelihood

A security review of the CryptaContributionProofToken smart contract protocol was done by Parth. This audit report includes all the vulnerabilities, issues and code improvements found during the security review. Disclaimer "Audits are a time, resource and expertise bound effort where trained experts evaluate smart contracts using a combination of automated and manual techniques to find as many vulnerabilities as possible. Audits can show the presence of vulnerabilities but not their absence." - Secureum Impact

A security review of the YouDonate-Protocol smart contract protocol was done by Parth and Rahul. This audit report includes all the vulnerabilities, issues and code improvements found during the security review. Disclaimer "Audits are a time, resource and expertise bound effort where trained experts evaluate smart contracts using a combination of automated and manual techniques to find as many vulnerabilities as possible. Audits can show the presence of vulnerabilities but not their absence." - Secureum Impact

A security review of the YouDonate-Protocol smart contract protocol was done by Parth. This audit report includes all the vulnerabilities, issues and code improvements found during the security review. Disclaimer "Audits are a time, resource and expertise bound effort where trained experts evaluate smart contracts using a combination of automated and manual techniques to find as many vulnerabilities as possible. Audits can show the presence of vulnerabilities but not their absence." - Secureum Impact

Commit hash link: https://github.com/0xMacro/student.morganjweaver/tree/19e6c24efe40554db87a8578dbe5e1b9b695e26f Audited by: Parth Patel (Parth#7949) Issues [H-1] Total contribution limit in the SEED and GENERAL phases isn't taken care of. On line 63-86, Ico.sol has following code: function contribute() external payable {

Part 1 Story A wizard is trying to brew a strength potion, but doesn’t have the right ingredients. Your job is to find acidic ingredients for his potion. Problem contract Reference of difficulty. If I try to brute force address with 5 fixed letters, then the difficulty will be approximately = (16)^6 = (2)^ 24 = ~17 million Vanity generator takes around 6 mins for this with 50% probability. If we increase it to 7 letters, time taken will be increased to 16 times. For each increase in letter, difficulty is increased by 16 times making it very difficult to break vanity address with large keyword. Vanity keyword(suffix): ac1d1c

A security review of the Parcel smart contract protocol was done by Parth. This audit report includes all the vulnerabilities, issues and code improvements found during the security review. Disclaimer "Audits are a time, resource and expertise bound effort where trained experts evaluate smart contracts using a combination of automated and manual techniques to find as many vulnerabilities as possible. Audits can show the presence of vulnerabilities but not their absence." - Secureum Impact

A security review of the CryptaSubscription smart contract protocol was done by Parth. This audit report includes all the vulnerabilities, issues and code improvements found during the security review. Disclaimer "Audits are a time, resource and expertise bound effort where trained experts evaluate smart contracts using a combination of automated and manual techniques to find as many vulnerabilities as possible. Audits can show the presence of vulnerabilities but not their absence." - Secureum Impact

There was some complain from users about swap displaying routes with large hops. We investigated the issue and the below analysis is based on conclusion by us. Also, we will list further steps that can be taken for improvement. We have investigated 0x77bc0b4080435fb68f786383561fcdf35624c15601c91a898c48c8918f0c2625 transaction and our research is based on it. Some Useful links Sender of transaction: 0x97bb19836e60E7DF1262b9D131074C64a1299EAc Address of USDC.e : 0xA7D7079b0FEaD91F3e65f86E8915Cb59c1a4C664 Vapor Router address: 0xDef9ee39FD82ee57a1b789Bc877E2Cbd88fd5caE Yield-yak router address: 0xC4729E56b831d74bBc18797e0e17A295fA77488c (Note: Vapor aggregator is heavily inspired from yield-yak) Wrapped Avax address: 0xB31f66AA3C1e785363F0875A1B74E27b85FD66c7 DAI.e address: 0xd586E7F844cEa2F87f50152665BCbc2C279D8d70 USDT.e address: 0xc7198437980c041c805A1EDcbA50c1Ce5db95118

Commit hash: 4d2599cfe1c7d2647c26750cf547631a896dd518 Audited by: Parth Patel (Parth#7949) FooToken [H-1] delegateWithSignature doesn't check if signatory is blacklisted. On line [206-211], FooToken.sol has the following code: bytes32 structHash = keccak256(abi.encode(DELEGATION_TYPEHASH, newDelegate, nonce, expiry));

Commit hash: 4d2599cfe1c7d2647c26750cf547631a896dd518 Audited by: Parth Patel (Parth#7949) AccountToken [H-1] No access control on safeMint. Prone to frontrunning attacks On line [14-17], AccountToken.sol has the following code: function safeMint(address _to, address _addr) public

Commit hash link: https://github.com/0xMacro/student.patnir/blob/8417ccb38ace197a9934187e67ccfe97d243c4c0 Audited by: Parth Patel (Parth#7949) [H-1] The product of reserves to be used for constant product formula is calculated wrongly. On line 111-121, SpaceLP.sol has following code: reserveEth = address(this).balance; reserveSpc = coin.balanceOf(address(this));

Commit hash link: https://github.com/0xMacro/student.kingofclubstroyDev/tree/56da370271130f72cf72dbc7942e1fb73774ba87 Audited by: Parth Patel (Parth#7949) Very well-written and secure code. All edge cases are covered. The code is easy to understand with all the comments. I couldn't find any bugs. I have added a few code-quality items that may be helpful. Issues [Q-1] DAO shouldn't be able to receive ether other than membership fees

Commit hash link: https://github.com/0xMacro/student.Rahat-ch/tree/6ef45b4d73a8f493628c6be04a1e5e4661ccfda0 Audited by: Parth Patel (Parth#7949) There are no major bugs or vulnerabilities. checks-effects-interactions pattern is used which prevents reentrancy. Issues [M-1] Goal of the project should be more than or equal to 0.01 ether, otherwise project won't be able to accept any contributions. On line 21-25, Project.sol has the following code:

Exercise 1: Some malicious actors can push too many values into the safe making it very hard for other users to call take method since it loops through all the safes array. Also, the take function is using transfer method to transfer funds which depend on fixed gas and can be avoided. https://consensys.net/diligence/blog/2019/09/stop-using-soliditys-transfer-now/ Exercise 2: It will be impossible to satisfy the following condition at some point in buy method making it impossible to buy further objects. require(msg.value * (1 + objectBought[msg.sender]) == basePrice); basePrice is 1 ether. Let's say at some stage, objectBought[msg.sender] = 2, then msg.value should be 0.333333...

Author Name: Parth Patel Email: parth4321patel@gmail.com Findings delegatecall to a input-controlled function id Severity: High Context: [Implementation.sol#L17-L21] (https://github.com/spearbit-audits/writing-exercise/blob/develop/contracts/Implementation.sol#L17-L21)

Hi there 👋 I'm a Parth, Smart contract Intern working at Nethermind. Nethermind - Smart Contract Intern (June 2022 - Present) Working with Synnax/Gauss team which aims to improve the security of smart contracts. Responsible for doing the audits of various Solidity smart contracts along with team of other interns and auditors. Finding low severity bugs and also helping in gas optimization and share my findings there Skills: Solidity, Smart Contracts, Auditing