C4 Audit Report - Forgeries
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Forgeries is an NFT raffling platform. Repo is here....
top of page
Trust
security
- Mar 23
- 8 min
C4 Audit Report - Debt DAO
I've competed in this contest between 03/11/22-10/11/22 and achieved first place. Repo is here. HIGH: 3 MED: 2 HIGH: When lender consents...
- Mar 23
- 4 min
C4 Audit Report - Paladin
I've competed in this contest between 27/10/22-30/10/22 and achieved third place. Repo is here. MED: 4 MED: Fees charged from entire...
- Mar 23
- 5 min
C4 Audit Report - Juicebox
I've competed in this contest between 18/10/22-23/10/22 and achieved first place. Repo is here. HIGH: 3 MED: 1 HIGH: Reserved token...
- Mar 23
- 8 min
C4 Audit Report - Trader Joe v2
I've competed in this contest between 14/10/22-23/10/22 and achieved first place. Trader Joe is a UniswapV3-like AMM. Repo is here....
- Mar 23
- 3 min
C4 Audit Report - The Graph
I've competed in this contest between 07/10/22-12/10/22 and achieved first place. The contest covered the L2 bridge component of the...
- Feb 11
- 7 min
Breaking Fluidity for glory and $50K
Today we'll review a bug discovered at the end of last year. I'll try to cover it from an educational perspective so that the reader can...
- Dec 17, 2022
- 10 min
C4 Audit Report - Holograph
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Holograph is an multi-chain NFT platform. Repo is...
- Dec 17, 2022
- 6 min
C4 Audit Report - Blur #2
I've competed in this contest between 11/11/22-14/11/22 and achieved first place. It was a review of several changes made after the first...
- Nov 20, 2022
- 6 min
C4 Audit Report - Olympus DAO
I've competed in this contest between 25/08/22-01/09/22 and achieved third place. Olympus DAO is the governance mechanism behind Olympus...
- Nov 20, 2022
- 10 min
C4 Audit Report - PartyDAO
I've competed in this contest between 12/09/22-19/09/22 and achieved second place. PartyDAO is a decentralized auction platform allowing...
- Nov 16, 2022
- 8 min
Taking home a $20K bounty with Oasis platform shutdown vulnerability
Two weeks ago I've found a critical severity vulnerability in the Oasis platform (the team behind MakerDAO). It was confidentially...
- Nov 1, 2022
- 5 min
Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform
Today we'll discuss a critical bug I reported to Fringe.Fi bug bounty program on 31/07. In the worst-case scenario, it could make the...
- Oct 10, 2022
- 5 min
Critical finding - Stealing tokens from O3 bridge users
Intro O3 is a multi-service DeFi project with bridging solutions that supports 10+ chains. In each chain there are several contracts...
- Oct 10, 2022
- 3 min
Tokemak liquidity operator can steal funds
Intro Tokemak operates a liquidity farming strategy. The funds are held by Tokemak manager contract (here). For maintenance operations,...
- Oct 4, 2022
- 3 min
The story of the 0-day crit that wasn't
Yesterday I was taking a look at oasisDEX, a trading dApp from the MakerDAO team. With a 10-100K crit bounty on Immunefi and a team with...
- Sep 22, 2022
- 1 min
MED - Brahma.Fi - Wrong oracle used to calculate min slippage may cause loss of over 80% of rewards
Description Bug Description The harvester's harvest() function exchanges reward tokens to USDC. There is a bug in the following lines: if...
- Sep 22, 2022
- 2 min
MED - Brahma-Fi - Curve miscalculations may cause user withdraws to fail
Bug Description To pull funds from trade executors, in order to satisfy user withdrawls, initiateWithdraw() function is used. For Convex...
- Sep 22, 2022
- 2 min
CRIT - Brahma.Fi - L2 Position handler miscalculates position value leading to severe risks
Target https://optimistic.etherscan.io/address/0x1b6BF7Ab4163f9a7C1D4eCB36299525048083B5e Description Bug Description In...
- Sep 22, 2022
- 2 min
CRIT - Brahma.Fi - Fee collection does not take previous losses into account 🚩
Target https://etherscan.io/address/0x3c4Fe0db16c9b521480c43856ba3196A9fa50E08 Bug Description According to the docs (linked below) and...
bottom of page