Public reports and disclosures
Some public reports of security reviews & disclosures I've worked on. Unpublished disclosures are not listed.
- Unhandled exception in Lido oracle may lead to crashing the service
- Gasless ETH bridging in Optimism Bedrock
- DNSSEC takeover in ENS
- Implementation of EIP 2309: ERC-721 Consecutive Transfer Extension
- Unintended recovery of ERC20s in Lido
- Optimism
- Augur v2 and additional components
- UMA: Phase 1, Phase 2, Phase 3
- Compound: Open Price Feed, Open Price Feed Uniswap integration, Alpha Governance.
- Argent Vulnerability, collaborating with @hensha256, who originally discovered the vulnerability.
- Libra's Move IR Compiler Vulnerability, collaborating with several people, but special mentions for @fiiiu_ and @0xlilbits.
- AAVE v1
- Primitive finance
- RNDR Token
- PROPS Token