The repository showcases my experience in blockchain security, focusing on smart contract security audits, bug bounty contests, and Capture The Flag (CTF) events. Additionally, it features summary articles I've authored on smart contract security.
Contributions : Pashov Audit Group, Code4rena, Sherlock Audits, Cantina, CodeHawks, Immunefi, etc.
💡 FluidLocker::_getUnlockingPercentage() will cause incorrect penalty calculations, impacting all users
The issue occurs because the calculation function's use of incorrect scaling and does not properly convert days to seconds, results in an incorrect penalty calculation.
💡 Liquidity provider loses Liquidity during collection initialization
The first liquidity provider loses ownership of their position during initialization because ƒlayer's uniswap hook becomes the position owner instead of the user.
💡 The attacker will prevent eligible users from claiming the liquidated balance
The combination of flawed logic allows an attacker to prevent eligible users from claiming their liquidated balance after external liquidation.
💡 Incorrect timestamp updating for invalid plots due to USD price fluctuation
Outdated plotMetadata.timestamp from varying configurations and external dependencies can lead to unfair rewards and potential DoS.
💡 Users can farm on zero-tax land if the landlord locked tokens before the LandManager deployment
Oversight in contract validation allows users to stake with a 0% tax rate and farm schnibbles without paying tax.
🧑🏻💻 Pashov Audit Group: 🔗
| Project | Date |
|---|---|
| Nexus - yield aggregator | November 2024 |
🧑🏻💻 Valix Consulting: 🔗
| Project | Date |
|---|---|
| (Private) FWX - Future Trading | October 2024 |
| (Private) FWX - Permissionless Future Trading | October 2024 |
| (Private) FWX - DeFi Perpetual Futures | September 2024 |
| (Private) REAME - Token & NFT Smart Contract | April 2024 |
| (Private) Starlet - Music NFT Smart Contract | April 2024 |
| (Private) FWX - Permissionless Future Trading | March 2024 |
| See more ↗ |
| Contest | Type | Awards | Findings | Language | Date | @ | Platform | Contest Report | My Report |
|---|---|---|---|---|---|---|---|---|---|
| Superfluid Locker System | User's Locker of Money streaming protocol | 3rd 🥉 | 2H (reported in one) | Solidity | Nov 2024 | Individual | Sherlock | 📑 | 💾 |
| vVv Launchpad - Investments & Token distribution | Investments & Token distribution | 1st 🥇 | 1H | Solidity | Nov 2024 | Individual | Sherlock | 📑 | 💾 |
| Flayer - NFT Liquidity Protocol | NFT Liquidity Protocol, Uniswap v4 Hooks | 28th | 8H, 2M | Solidity | Sep 2024 | Individual | Sherlock | 📑 | 💾 |
| Midas - Instant Minter/Redeemer | RWA | 8th | 1M | Solidity | Aug 2024 | Individual | Sherlock | 📑 | 💾 |
| Munchables: LandManager | GameFi, Staking, Farming | 1st 🥇 | 5H, 1M (1 selected for report) (cover ALL valid H/M) | Solidity | July 2024 | Individual | Code4rena | 📑 | 💾 |
| Biconomy: Nexus | Account Abstraction, Modular Smart Accounts | 27th | 1L (selected for report) | Solidity | July 2024 | Individual | CodeHawks | 📑 | 💾 |
| Munchables: LockManager | GameFi, Staking, Farming | 8th | 2H, 2M (1 selected for report) | Solidity | May 2024 | Individual | Code4rena | 📑 | 💾 |
| Jala Swap | AMM | 3rd 🥉 | 1M | Solidity | Mar 2024 | Individual | Sherlock | 📑 | 💾 |
| UniStaker Infrastructure | Governance | Group of 5th | Grade-B QA Report | Solidity | Feb 2024 | Individual | Code4rena | 📑 | 💾 |
| AI Arena | GameFi | 17th | 4H, 4M, Grade-B QA Report, Grade-B Gas Report | Solidity | Feb 2024 | Individual | Code4rena | 📑 | 💾 |
| Curves | SocialFi | 68th | 1H, 2M, Grade-A QA Report | Solidity | Jan 2024 | Individual | Code4rena | 📑 | 💾 |
| Competition | Placed | Flag Captured | @ | Date | Provider |
|---|---|---|---|---|---|
| Ethernaut CTF 2024 | 46th | 3rd-start.exe, 35th-Dutch, 15th-Alien Spaceship | Individual | March 2024 | OpenZeppelin |
| CTF_challenge_February 2024 | 2nd | RollsRoyce | Individual | February 2024 | AuditOne |
| Title | Date |
|---|---|
| Deployment to Defense Security Strategies for Blockchain Protocols | October 2024 |
| Openzeppelin Ethernaut CTF 2024 — Alien Spaceship Writeup | March 2024 |
| Something Behind the — SELFDESTRUCT — | January 2024 |
| Upgradeable Notes - Disable initializer | January 2024 |
| Breakdown of Rollups — Layer 2 Scaling Solution | November 2023 |
| Is Dead Code Really Dead? | September 2023 |
| Risky UUPS Pattern 💣 | May 2022 |
| Deep dive into UniswapV2🦄 : UniswapV2Router02 | May 2022 |
| Deep dive into UniswapV2🦄 : UniswapV2Factory | May 2022 |
| Deep dive into UniswapV2🦄 : UniswapV2Pair | May 2022 |
| Deep dive into UniswapV2🦄 : UniswapV2ERC20 | May 2022 |
| Ethereum smart contract CTFs — Review | May 2022 |