Skip to content
View twicek's full-sized avatar
4 followers · 0 following

Block or report twicek

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
twicek/README.md

Hi! twicek here 👋

8 months ago I started my journey as a security researcher focusing primarily on smart contract written in Solidity/Vyper. During my journey, I participated in audit contests on code4rena and Sherlock where I learned a lot and found multiple vulnerabilities. I also tried my hands at Immunefi, and while learning to interact with deployed contract using foundry I found two additional vulnerabilities on already audited contracts.

I'm currently available for work as a solo auditor, you can reach me at [email protected] or DM me on Twitter @twicek_k for informations and fill this form to get a quote.

You can find examples of previous auditing work below.

Security contributions

Immunefi

Project Findings Severity
Undisclosed Griefing Medium
Undisclosed Uninitialized critical variable Low

Some contest findings

Contest Findings
Union Finance V2 (First) 1. UserManager.updateFrozenInfo cannot be called from UToken
Union Finance V2 (Second) 1. cancelVouch doesn't update the voucher index of the last vouch of a borrower properly (2nd place)
OpenQ 1. Funders can deny rewards to last claimants by calling refundDeposit between tiers claims
2. refundDeposit function can be DoS by an unbounded loop in getLockedFunds
Fair funding (Vyper) 1. The auction can be started by anyone calling settle before start_auction is called by the owner
Opyn 1. Anyone in the order queue wanting to withdraw or deposit can grief the auction by making withdrawAuction or depositAuction always revert
Y2K 1. ownerToRollOverQueueIndex is incorrectly updated when a user call enlistInRollover twice
2. Increasing the relayerFee create a risk for relayers
3. After having roll over once a user will not be able to roll over again
4. Queued deposits can get stuck indefinitely in the deposit queue
Redacted Cartel 1. A malicious early user/attacker can manipulate the pxGmx's pricePerShare to take an unfair share of future user's deposits
Escher 1. Users can lose funds if they call buy with _amount larger than type(uint48).max
2. If very few NFTs have been sold saleReceiver will have to buy all remaining NFT to retrieve the contract funds

Open source contributions

Popular repositories Loading

  1. twicek twicek Public

  2. hyperlane-fork-testing hyperlane-fork-testing Public

    Solidity

  3. curve-contract curve-contract Public

    Forked from curvefi/curve-contract

    Vyper contracts used in Curve.fi exchange pools.

    Python

  4. certora-tutorials certora-tutorials Public

    Forked from Certora/Tutorials

    Practical tutorials of Certora Prover

    Solidity