About

I’m an independent security researcher who specializes in blockchain and EVM security. Currently, I work as a Senior Auditor at Trust Security and Associate Security Researcher at Spearbit.

I’m also a top warden at Code4rena, where I regularly participate in audit contests.

Audit Contests

My entire history and reports can be found in this repository.

Stats

• Code4rena Profile
• Ranked #1 on Code4rena’s 2023 leaderboard on November 2023

Highlights

• Code4rena: LUKSO Network - 🥇1st
• Code4rena: Lens Protocol V2 - 🥇1st
• Code4rena: Arbitrum Security Council Elections - 🥇1st
• Hats Finance: StakeWise V3 - 🥇1st
• Code4rena: Chainlink Staking v0.2 - 🥇1st
• Code4rena: Wildcat - 🥈2nd
• Code4rena: Chainlink CCIP - 8th

Bug Bounties

I occasionally hunt for live bugs on Immunefi in my spare time.

Here are some publicly disclosed bugs that I’ve found so far:

• Beluga Protocol: Permanent freezing of tokens by vote manipulation - Critical
• Arcade.xyz: Forcing users into loans by manipulating EIP-1271 signatures - High
• GYSR: Theft of funds through precision loss - Informational

Previous Work

I used to work as an Information Security Engineer Intern at STAR Labs, where I performed fuzzing with WinAFL to find bugs in targets such as Microsoft Media Foundation and Adobe Reader.

CVEs

Microsoft Media Foundation

• CVE-2021-33760
• CVE-2022-21977
• CVE-2022-22010

Ranked #110 on MSRC 2021 Q4 Leaderboard