This is a small showcase of my experience in web3-security space. At least some of the experiences that I'm allowed to talk about.
Independent security researcher and smart contract developer.
- Angle protocol CRITICAL - user funds draining via reentrancy attack
- Angle protocol CRITICAL - stealing vault from a user
- Nomad bridge HIGH - one message bridge DoS
- Nomad bridge LOW - gas stealing from relayer
- (classified) HIGH - one message bridge DoS
- (classified) LOW - gas stealing from relayer
- (classified) MED - unable to prove validator fraud on-chain
- (classified) HIGH - unauthorized call to any protocol escrowed NFT
| protocol | scope | report |
|---|---|---|
| GMXv2 | synth perpertuals | report |
| StackOS v2 | decentralized cloud | report |
| StakeTogether | LSD | report |
| IDriss | decentralized payments & address book | coming soon |
| Quarktium | NFT | coming soon |
| Pear protocol (Pear labs) | Position pairs trading on GMX | report |
| IDriss | cross-chain donations for Gitcoin | coming soon |
- Code4rena certified backstage warden - 7th place on 90 days leaderboard (as of June 2023)
- ZetaChain (Cosmos ecosystem) - 9th place
- Venus Isolated Pools - 4th place
- Wise Lending - 🥉 3rd place
- Contributed to Smart Contract Security Verification Standard
- Writing about security on Medium
- YouTube channel
- IDriss contributor
- Turbo-DIPaaS - 🏆 finalist project for ETHOnline 2022
- turbopoc - quick PoC environment setup for bounty hunting on mainnet contracts
Interested in reaching out? DM me @deliriusz_eth