Independent security researcher, participated in multiple audits (mostly EVM-based smart contracts).
- 90-day: #20
- 2023: #30
- All-time: #67
19 Audits
- High-risk: 27
- Medium-risk: 22
| Type | Protocol | Severity | Title |
|---|---|---|---|
| Incorrect integration with Seaport | Astaria | High | Wrong starting price when listing on Seaport for assets that has less than 18 decimals |
| Claiming rewards blocked | Ajna | High | The lender won't be able to claim rewards in some cases and most of RewardsManager's methods (e.g. staking, unstaking ..etc) will revert |
| Stealing NFT Assets | Caviar | High | ETHRouter doesn't revoke the ERC721's approvalForAll of the pool after the operation (e.g. sell) is finished |
| Signature replay | Biconomy | High | Signature replay attack is possible in "Transaction" execution |
| Funds draining | Astaria | High | Lack of StrategyDetailsParam.vault validation allows the borrower to steal all the funds from the vault |
| Withdrawal blocked temporarily | Ethos Reserve | Medium | Withdrawal functionality could possibly be blocked if a strategy's withdrawal fails |
| Loss of rewards | Redacted Cartel | Medium | Loss of user rewards if reward tokens is empty when claiming rewards |