apple a day keeps hacker away π
Lead Security Researcher @ Guardian
| Client | Report | Duration |
|---|---|---|
| Synthetix Treasury Market | 1 week | |
| GMX Crosschain | 3 weeks | |
| GMX Gasless Updates (Sponsored Call) | 1.5 weeks | |
| Polynomial Short Review | 0.5 week |
Previosuly at 0xMacro
Lead (3 mo) - Associate (7 mo) - Apprentice (2 mo)
| Client | Report | Position | Duration |
|---|---|---|---|
| Connext | Open | Associate + Point | 6 weeks |
| Fuji | Open | Lead (Solo Auditor) | 4 weeks |
| PartyDAO-2 | Open | Lead | 2 weeks |
| NFT-Hashi | Private | Lead | 0.5 week |
| Kwenta | Open | Associate | 2 weeks |
| TreasureDAO | Private | Associate | 4 weeks |
| Sommelier-1 | Open | Associate | 2 weeks |
| Sommelier-2 | Private | Associate + Point | 3 weeks |
| Sommelier-3 | Open | Associate | 3 weeks |
| PartyDAO-1 | Open | Associate | 4 weeks |
| Zion | Private | Associate + Point | 2 weeks |
| Makerdao | Open | Associate | 1 week |
| Synthetix | Open | Associate | 1 week |
| Hop | Private | Associate | 0.5 week |
| xDonations | Open | Associate | 0.5 week |
| Thirdweb | Open | Associate + Point | 2 weeks |
| Frax TWAMM | Private | Apprentice | 2 weeks |
| Wristables | Open | Apprentice | 1 week |
- First Position for Raft Finance (1H, 1M, 3L, 1G)
- First Position for VMEX Finance (1H, 1L)
- First Position for Reserve Protocol (2M)
- Third Position for Socket Messaging Bridge (1H, 1M, 1L)
Currently serving as their in-house security expert
| Client | Report |
|---|---|
| WeFi Finance | Private |
| Raft- 1, 2, 3, 4, 5 | Open, Open, Open, Open, Open |
| Ambire-1 | Open |
| Nostra-1 | Open |
| Severity | Project | Type | Report |
|---|---|---|---|
| π Critical | Thirdweb | Independent Bug Bounty | View Details |
| π Critical | Rhinestone *** | Independent Bug Bounty *** | View Details |
| π₯ High | Rhinestone | Independent Bug Bounty | View Details |
| π₯ High | Cow | Immunefi | View Details |
| π₯ High | Thirdweb | Independent Bug Bounty | View Details |
| π₯ High | Bridge Protocol | Independent Bug Bounty | Not Permitted to Disclose for some reason π€· |
| π₯ High | Bridge Protocol | Independent Bug Bounty | Not Permitted to Disclose for some reason π€· |
| π₯ High | Connext | Immunefi | View Details |
| π High/Medium | Ambire | Independent Bug Bounty & Immunefi | View Details |
| π High/Medium | ERC1271 Issue (15+ Teams Affected) | Independent Bug Bounty & Immunefi | View Details |
| β‘ Medium | Raft | Hats | View Details |
| β‘ Medium | Spiral DAO | Hats | View Details |
*** The payout wasn't offered in this case as they argued that no funds were at risk at the time due to low traction for these features. However, these features were publicly available, declared safe and audited, in production, and announced as a major release on their socials. There should have been at least a minimum critical payout, but since they had no official bug bounty program, there was no other option.