Home Extras
Extras
Cancel

Extras

This page is for any content relevant to this blog, but does not have it’s own blog post.


🛹 Critical vulnerability disclosed to lending protocol 88mph

I disclosed a critical bug to the fixed-rate lending protocol 88mph and helped rescue over $6.5m. Technical details around this vulnerability can be found at the posts by iosiro and Immunefi.


🧪 High risk vulnerability disclosed to DeFi protocol Alchemix

I disclosed an access-control bug to The future yield tokenization protocol Alchemix. Technical details around this vulnerability can be found at the post by iosiro and Immunefi.


🧱 Critical vulnerability disclosed to Polygon

I disclosed a denial-of-service bug to Polygon affecting their StakeManagerProxy smart contract and its dependent contracts. Technical details around this vulnerability can be found at the post by iosiro and Polygon.


🏌️ Critical vulnerability disclosed to four DeFi/NFT projects and escalated to OpenZeppelin

I disclosed a critical bug involving to four DeFi/NFT projects, and prevented the following TVLs (>$50m) from permanent hack damage:

  • KeeperDAO: ~$44m worth of tokens
  • Rivermen NFT: ~$6.95m worth of NFTs
  • redacted project: <$2m worth of NFTs
  • redacted project: <$500k worth of tokens

The root of the critical bug was an uninitalized logic contract behing UUPS proxy leading to an arbitrary delegatecall, which could be used with a selfdestruct instruction. The severity was heightened since, by default, UUPS proxies have no external upgrade functions, so a selfdestruct call would permanently impair the proxy contract rendering all funds permently inaccessible.

Technical details around this vulnerability can be found at the post by iosiro. The official OpenZeppelin postmortem be can be found here.


🕵️ Undisclosed vulnerabilities

I’ve reported bugs that were confirmed by the respective team, but they’ve asked to redact the bug details in the interim. If this changes in the future, I’ll update the list below and include the details once I have permission.

  • Medium risk bug reported to and confirmed by redacted project 1.
  • High risk bug reported to and confirmed by redacted project 2.
  • High risk bug reported to and confirmed by redacted project 3.

🥊 Code 4rena contests

I occassionally participate in code 4rena contests, usually quite loosely. You can find my progress on the leaderboard under the alias toastedsteaksandwich. I’ve submitted at least one valid issue to the following contests:


✍️ Introduction to smart contract bug hunting

I wrote a blog post for Hack South to introduce smart contract bug hunting. The post can be found here.


🧑‍🏫 How to PoC your bug leads

I wrote a blog post for Immunefi on how to write a PoC for any smart contract bug leads you’ve come across. The post can be found here.

Trending Tags

Trending Tags