top of page
![](https://static.wixstatic.com/media/a805f3_c98c2c9a66394309816a0e9b408bfeae~mv2.webp/v1/fill/w_250,h_250,al_c,q_30,blur_30,enc_auto/a805f3_c98c2c9a66394309816a0e9b408bfeae~mv2.webp)
![A Realistic Breakdown of Optimism - Part 1](https://static.wixstatic.com/media/a805f3_c98c2c9a66394309816a0e9b408bfeae~mv2.webp/v1/fill/w_454,h_341,al_c,q_90,enc_auto/a805f3_c98c2c9a66394309816a0e9b408bfeae~mv2.webp)
Dec 27, 20246 min read
A Realistic Breakdown of Optimism - Part 1
Over the past year, TrustSec has contributed to the security of OP chain through several initiatives. We began with a private audit of...
![](https://static.wixstatic.com/media/a805f3_28a14de2ea0843f3b35d11a969f38212~mv2.jpg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_28a14de2ea0843f3b35d11a969f38212~mv2.webp)
![The Art of Judging Bug Bounties](https://static.wixstatic.com/media/a805f3_28a14de2ea0843f3b35d11a969f38212~mv2.jpg/v1/fill/w_454,h_341,fp_0.50_0.50,q_90,enc_auto/a805f3_28a14de2ea0843f3b35d11a969f38212~mv2.webp)
May 20, 20245 min read
The Art of Judging Bug Bounties
In the competitive world of bug bounties, judges play a pivotal role. With both sides (competitors and sponsors) pulling the rope to...
![Learning by Breaking - A LayerZero Case Study - Part 3](https://static.wixstatic.com/media/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.webp)
Mar 3, 20246 min read
Learning by Breaking - A LayerZero Case Study - Part 3
In part 3, we'll persevere with our DoS efforts and finally pick up a bounty in a LayerZero asset.
![Learning by Breaking - A LayerZero Case Study - Part 2](https://static.wixstatic.com/media/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.webp)
Mar 1, 20247 min read
Learning by Breaking - A LayerZero Case Study - Part 2
oday we'll discuss Stargate, the liquidity layer built atop of LayerZero, plus dig into two high-severity DoS we've identified in it.
![Learning by Breaking - A LayerZero Case Study - Part One](https://static.wixstatic.com/media/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_68cb4642956b47c183fa1888b406fe6c~mv2.webp)
Feb 29, 20245 min read
Learning by Breaking - A LayerZero Case Study - Part One
We'll look into the anatomy of the LZ architecture, study how it safeguards key security properties, and finally find ways to break it.
![](https://static.wixstatic.com/media/a805f3_724189fcb7a9441f83c310830f0f54d1~mv2.jpeg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_724189fcb7a9441f83c310830f0f54d1~mv2.webp)
![Permission denied - The story of an EIP that sinned](https://static.wixstatic.com/media/a805f3_724189fcb7a9441f83c310830f0f54d1~mv2.jpeg/v1/fill/w_454,h_341,fp_0.50_0.50,q_90,enc_auto/a805f3_724189fcb7a9441f83c310830f0f54d1~mv2.webp)
Jan 14, 20244 min read
Permission denied - The story of an EIP that sinned
On 24/08 Trust Security disclosed a variety of DOS issues to 30+ projects through Immunefi and private bug bounty programs. In total $50k...
![A Case for the Defense](https://static.wixstatic.com/media/a805f3_f5aad07a33e547b1886eccee215b2344~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_f5aad07a33e547b1886eccee215b2344~mv2.webp)
Jul 13, 20235 min read
A Case for the Defense
Describing the various layers of defense a project may use to secure their smart contracts.
![](https://static.wixstatic.com/media/a805f3_fddbc92478384b0c94a623644005ad18~mv2.jpg/v1/fill/w_112,h_112,fp_0.50_0.50,lg_1,q_30,blur_30,enc_auto/a805f3_fddbc92478384b0c94a623644005ad18~mv2.webp)
![C4 Audit Report - Forgeries](https://static.wixstatic.com/media/a805f3_fddbc92478384b0c94a623644005ad18~mv2.jpg/v1/fill/w_80,h_80,fp_0.50_0.50,q_90,enc_auto/a805f3_fddbc92478384b0c94a623644005ad18~mv2.webp)
Mar 23, 20235 min read
C4 Audit Report - Forgeries
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Forgeries is an NFT raffling platform. Repo is here....
![](https://static.wixstatic.com/media/a805f3_e56513d049184a84857381fee98ea4d8~mv2.jpg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_e56513d049184a84857381fee98ea4d8~mv2.webp)
![C4 Audit Report - Debt DAO](https://static.wixstatic.com/media/a805f3_e56513d049184a84857381fee98ea4d8~mv2.jpg/v1/fill/w_400,h_341,fp_0.50_0.50,q_90,enc_auto/a805f3_e56513d049184a84857381fee98ea4d8~mv2.webp)
Mar 23, 20238 min read
C4 Audit Report - Debt DAO
I've competed in this contest between 03/11/22-10/11/22 and achieved first place. Repo is here. HIGH: 3 MED: 2 HIGH: When lender consents...
![C4 Audit Report - Paladin](https://static.wixstatic.com/media/a805f3_9841497e79c84b979439e97c54c689b6~mv2.png/v1/fill/w_200,h_200,fp_0.50_0.50,q_95,enc_auto/a805f3_9841497e79c84b979439e97c54c689b6~mv2.webp)
Mar 23, 20234 min read
C4 Audit Report - Paladin
I've competed in this contest between 27/10/22-30/10/22 and achieved third place. Repo is here. MED: 4 MED: Fees charged from entire...
![C4 Audit Report - Juicebox](https://static.wixstatic.com/media/a805f3_561e0745f41248fdb136e9ec2fffbf96~mv2.png/v1/fill/w_200,h_200,fp_0.50_0.50,q_95,enc_auto/a805f3_561e0745f41248fdb136e9ec2fffbf96~mv2.webp)
Mar 23, 20235 min read
C4 Audit Report - Juicebox
I've competed in this contest between 18/10/22-23/10/22 and achieved first place. Repo is here. HIGH: 3 MED: 1 HIGH: Reserved token...
![C4 Audit Report - Trader Joe v2](https://static.wixstatic.com/media/a805f3_3e0e99c0835d43bcaa2a834764a4f17c~mv2.png/v1/fill/w_200,h_200,fp_0.50_0.50,q_95,enc_auto/a805f3_3e0e99c0835d43bcaa2a834764a4f17c~mv2.webp)
Mar 23, 20238 min read
C4 Audit Report - Trader Joe v2
I've competed in this contest between 14/10/22-23/10/22 and achieved first place. Trader Joe is a UniswapV3-like AMM. Repo is here....
![](https://static.wixstatic.com/media/a805f3_f63d6514053941c7af99c17ccf3951d8~mv2.jpg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_f63d6514053941c7af99c17ccf3951d8~mv2.webp)
![C4 Audit Report - The Graph](https://static.wixstatic.com/media/a805f3_f63d6514053941c7af99c17ccf3951d8~mv2.jpg/v1/fill/w_454,h_287,fp_0.50_0.50,q_90,enc_auto/a805f3_f63d6514053941c7af99c17ccf3951d8~mv2.webp)
Mar 23, 20233 min read
C4 Audit Report - The Graph
I've competed in this contest between 07/10/22-12/10/22 and achieved first place. The contest covered the L2 bridge component of the...
![Breaking Fluidity for glory and $50K](https://static.wixstatic.com/media/a805f3_62e63ee892d949959f2f2445b06cb9ff~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_62e63ee892d949959f2f2445b06cb9ff~mv2.webp)
Feb 11, 20237 min read
Breaking Fluidity for glory and $50K
Today we'll review a bug discovered at the end of last year. I'll try to cover it from an educational perspective so that the reader can...
![](https://static.wixstatic.com/media/a805f3_2329285743f043ee99f137a50b2a0678~mv2.jpg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_2329285743f043ee99f137a50b2a0678~mv2.webp)
![C4 Audit Report - Holograph](https://static.wixstatic.com/media/a805f3_2329285743f043ee99f137a50b2a0678~mv2.jpg/v1/fill/w_400,h_341,fp_0.50_0.50,q_90,enc_auto/a805f3_2329285743f043ee99f137a50b2a0678~mv2.webp)
Dec 17, 202210 min read
C4 Audit Report - Holograph
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Holograph is an multi-chain NFT platform. Repo is...
![C4 Audit Report - Blur #2](https://static.wixstatic.com/media/a805f3_994d3525f5a34690af61af1af8f7ddce~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_994d3525f5a34690af61af1af8f7ddce~mv2.webp)
Dec 17, 20226 min read
C4 Audit Report - Blur #2
I've competed in this contest between 11/11/22-14/11/22 and achieved first place. It was a review of several changes made after the first...
![C4 Audit Report - Olympus DAO](https://static.wixstatic.com/media/a805f3_63fa39bee512434b919971d635b9ba3d~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_63fa39bee512434b919971d635b9ba3d~mv2.webp)
Nov 20, 20226 min read
C4 Audit Report - Olympus DAO
I've competed in this contest between 25/08/22-01/09/22 and achieved third place. Olympus DAO is the governance mechanism behind Olympus...
![](https://static.wixstatic.com/media/a805f3_8ec7e90ddfb749d18177bfa19701e0ea~mv2.jpg/v1/fill/w_250,h_250,fp_0.50_0.50,q_30,blur_30,enc_auto/a805f3_8ec7e90ddfb749d18177bfa19701e0ea~mv2.webp)
![C4 Audit Report - PartyDAO](https://static.wixstatic.com/media/a805f3_8ec7e90ddfb749d18177bfa19701e0ea~mv2.jpg/v1/fill/w_380,h_253,fp_0.50_0.50,q_90,enc_auto/a805f3_8ec7e90ddfb749d18177bfa19701e0ea~mv2.webp)
Nov 20, 202210 min read
C4 Audit Report - PartyDAO
I've competed in this contest between 12/09/22-19/09/22 and achieved second place. PartyDAO is a decentralized auction platform allowing...
Nov 16, 20228 min read
Taking home a $20K bounty with Oasis platform shutdown vulnerability
Two weeks ago I've found a critical severity vulnerability in the Oasis platform (the team behind MakerDAO). It was confidentially...
![Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform](https://static.wixstatic.com/media/a805f3_9deb1e8393f9464baf312c91953e19c7~mv2.png/v1/fill/w_454,h_341,fp_0.50_0.50,q_95,enc_auto/a805f3_9deb1e8393f9464baf312c91953e19c7~mv2.webp)
Nov 1, 20225 min read
Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform
Today we'll discuss a critical bug I reported to Fringe.Fi bug bounty program on 31/07. In the worst-case scenario, it could make the...
bottom of page