The Art of Judging Bug Bounties
In the competitive world of bug bounties, judges play a pivotal role. With both sides (competitors and sponsors) pulling the rope to...
top of page
Trust
security
Mar 36 min read
Learning by Breaking - A LayerZero Case Study - Part 3
In part 3, we'll persevere with our DoS efforts and finally pick up a bounty in a LayerZero asset.
Mar 17 min read
Learning by Breaking - A LayerZero Case Study - Part 2
oday we'll discuss Stargate, the liquidity layer built atop of LayerZero, plus dig into two high-severity DoS we've identified in it.
Feb 295 min read
Learning by Breaking - A LayerZero Case Study - Part One
We'll look into the anatomy of the LZ architecture, study how it safeguards key security properties, and finally find ways to break it.
Jan 144 min read
Permission denied - The story of an EIP that sinned
On 24/08 Trust Security disclosed a variety of DOS issues to 30+ projects through Immunefi and private bug bounty programs. In total $50k...
Jul 13, 20235 min read
A Case for the Defense
Describing the various layers of defense a project may use to secure their smart contracts.
Mar 23, 20235 min read
C4 Audit Report - Forgeries
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Forgeries is an NFT raffling platform. Repo is here....
Mar 23, 20238 min read
C4 Audit Report - Debt DAO
I've competed in this contest between 03/11/22-10/11/22 and achieved first place. Repo is here. HIGH: 3 MED: 2 HIGH: When lender consents...
Mar 23, 20234 min read
C4 Audit Report - Paladin
I've competed in this contest between 27/10/22-30/10/22 and achieved third place. Repo is here. MED: 4 MED: Fees charged from entire...
Mar 23, 20235 min read
C4 Audit Report - Juicebox
I've competed in this contest between 18/10/22-23/10/22 and achieved first place. Repo is here. HIGH: 3 MED: 1 HIGH: Reserved token...
Mar 23, 20238 min read
C4 Audit Report - Trader Joe v2
I've competed in this contest between 14/10/22-23/10/22 and achieved first place. Trader Joe is a UniswapV3-like AMM. Repo is here....
Mar 23, 20233 min read
C4 Audit Report - The Graph
I've competed in this contest between 07/10/22-12/10/22 and achieved first place. The contest covered the L2 bridge component of the...
Feb 11, 20237 min read
Breaking Fluidity for glory and $50K
Today we'll review a bug discovered at the end of last year. I'll try to cover it from an educational perspective so that the reader can...
Dec 17, 202210 min read
C4 Audit Report - Holograph
I've competed in this contest between 18/10/22-25/10/22 and achieved first place. Holograph is an multi-chain NFT platform. Repo is...
Dec 17, 20226 min read
C4 Audit Report - Blur #2
I've competed in this contest between 11/11/22-14/11/22 and achieved first place. It was a review of several changes made after the first...
Nov 20, 20226 min read
C4 Audit Report - Olympus DAO
I've competed in this contest between 25/08/22-01/09/22 and achieved third place. Olympus DAO is the governance mechanism behind Olympus...
Nov 20, 202210 min read
C4 Audit Report - PartyDAO
I've competed in this contest between 12/09/22-19/09/22 and achieved second place. PartyDAO is a decentralized auction platform allowing...
Nov 16, 20228 min read
Taking home a $20K bounty with Oasis platform shutdown vulnerability
Two weeks ago I've found a critical severity vulnerability in the Oasis platform (the team behind MakerDAO). It was confidentially...
Nov 1, 20225 min read
Diving deep into a critical protocol insolvency bug in Fringe.fi lending platform
Today we'll discuss a critical bug I reported to Fringe.Fi bug bounty program on 31/07. In the worst-case scenario, it could make the...
Oct 10, 20225 min read
Critical finding - Stealing tokens from O3 bridge users
Intro O3 is a multi-service DeFi project with bridging solutions that supports 10+ chains. In each chain there are several contracts...
bottom of page