top of page
Trust
security
No More Bets - How Ctrl+F led to breaking Polymarket's polling markets
The crafts of security auditing and bounty hunting are deeply interwoven. Very often a novel exploit idea discovered during auditing is...
Feb 255 min read
The Art of Judging Bug Bounties
In the competitive world of bug bounties, judges play a pivotal role. With both sides (competitors and sponsors) pulling the rope to...
May 20, 20245 min read
A Case for the Defense
Describing the various layers of defense a project may use to secure their smart contracts.
Jul 13, 20235 min read
The story of the 0-day crit that wasn't
Yesterday I was taking a look at oasisDEX, a trading dApp from the MakerDAO team. With a 10-100K crit bounty on Immunefi and a team with...
Oct 4, 20223 min read
Digging into a resurfaced nasty crypto scam 🚩
Web3 has secured its place as home of scammers, with a constant supply of new schemes and rotation of old ones. Today we’ll take a look...
Sep 22, 20222 min read
LED them in — infiltrating home networks via smart light controllers 🚩
This was a research conducted in 2019 of my personal smart lighting system, which led to unexpected findings. IoT devices are becoming...
Sep 20, 20223 min read
IoT hacking doctrine 🚩
This was published in 2019 to help fellow researchers in their first steps in offensive IoT research. Today we will be presenting a...
Sep 20, 202210 min read
bottom of page