The Art of Judging Bug Bounties
top of page
In the competitive world of bug bounties, judges play a pivotal role. With both sides (competitors and sponsors) pulling the rope to...
Mar 36 min
Learning by Breaking - A LayerZero Case Study - Part 3
In part 3, we'll persevere with our DoS efforts and finally pick up a bounty in a LayerZero asset.
Mar 17 min
Learning by Breaking - A LayerZero Case Study - Part 2
oday we'll discuss Stargate, the liquidity layer built atop of LayerZero, plus dig into two high-severity DoS we've identified in it.
Feb 295 min
Learning by Breaking - A LayerZero Case Study - Part One
We'll look into the anatomy of the LZ architecture, study how it safeguards key security properties, and finally find ways to break it.
Jan 144 min
Permission denied - The story of an EIP that sinned
On 24/08 Trust Security disclosed a variety of DOS issues to 30+ projects through Immunefi and private bug bounty programs. In total $50k...
Jul 13, 20235 min
A Case for the Defense
Describing the various layers of defense a project may use to secure their smart contracts.
Mar 23, 20235 min
C4 Audit Report - Forgeries
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Forgeries is an NFT raffling platform. Repo is here....
Mar 23, 20238 min
C4 Audit Report - Debt DAO
I've competed in this contest between 03/11/22-10/11/22 and achieved first place. Repo is here. HIGH: 3 MED: 2 HIGH: When lender consents...
Mar 23, 20234 min
C4 Audit Report - Paladin
I've competed in this contest between 27/10/22-30/10/22 and achieved third place. Repo is here. MED: 4 MED: Fees charged from entire...
Mar 23, 20235 min
C4 Audit Report - Juicebox
I've competed in this contest between 18/10/22-23/10/22 and achieved first place. Repo is here. HIGH: 3 MED: 1 HIGH: Reserved token...
Mar 23, 20238 min
C4 Audit Report - Trader Joe v2
I've competed in this contest between 14/10/22-23/10/22 and achieved first place. Trader Joe is a UniswapV3-like AMM. Repo is here....
Mar 23, 20233 min
C4 Audit Report - The Graph
I've competed in this contest between 07/10/22-12/10/22 and achieved first place. The contest covered the L2 bridge component of the...
Feb 11, 20237 min
Breaking Fluidity for glory and $50K
Today we'll review a bug discovered at the end of last year. I'll try to cover it from an educational perspective so that the reader can...
Dec 17, 202210 min
C4 Audit Report - Holograph
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Holograph is an multi-chain NFT platform. Repo is...
Dec 17, 20226 min
C4 Audit Report - Blur #2
I've competed in this contest between 11/11/22-14/11/22 and achieved first place. It was a review of several changes made after the first...
Nov 20, 20226 min
C4 Audit Report - Olympus DAO
I've competed in this contest between 25/08/22-01/09/22 and achieved third place. Olympus DAO is the governance mechanism behind Olympus...
Nov 20, 202210 min
C4 Audit Report - PartyDAO
I've competed in this contest between 12/09/22-19/09/22 and achieved second place. PartyDAO is a decentralized auction platform allowing...
Nov 16, 20228 min
Taking home a $20K bounty with Oasis platform shutdown vulnerability
Two weeks ago I've found a critical severity vulnerability in the Oasis platform (the team behind MakerDAO). It was confidentially...
Nov 1, 20225 min
Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform
Today we'll discuss a critical bug I reported to Fringe.Fi bug bounty program on 31/07. In the worst-case scenario, it could make the...
Oct 10, 20225 min
Critical finding - Stealing tokens from O3 bridge users
Intro O3 is a multi-service DeFi project with bridging solutions that supports 10+ chains. In each chain there are several contracts...
bottom of page