Bio

Hi! I am Senior Security Researcher from Ukraine πŸ‡ΊπŸ‡¦. Specializing in Web3, Solidity/Rust/Go/Motoko smart contracts, complex architectures as L1, L2, Bridges, VMs. As well, I have extensive experience in Web and API applications, source code, and cloud deployment (AWS, GCP) reviews. Sometimes, I am developing open-source tools & sharing personal research.

Security Research

Blockchain Security

WalletConnect: Submitting malicious transactions into crypto wallet on behalf of any dApp

Sperax: USDs - Quantstamp audit

Venus: Liquidator - Quantstamp audit

HashPack: Hedera Crypto Wallet - Quantstamp audit

Boba: NFT Bridges And LP Floating Fee - Quantstamp audit

OasisSwap: AMM (SushiSwap v2 fork)- Quantstamp audit

Chainlink: CCIP and ARM Network - Code4rena

Chainlink: Staking v0.2 - Code4rena

Review of 2,000,000$ vulnerability within the Optimism VM

Electron & Meteor JS Security

Phishing and credential harvesting in Electron applications

1-click RCE in Electron Applications

0-click RCE in Electron Applications

Electron JS

Meteor JS

Cloud Security

GSuite domain takeover through delegation

.NET Security

Finding broken access controls through source code in .NET applications

Finding SQL Injections through source code in .NET applications

CTFs

Paradigm CTF 2021

SpearBit Challenge

Damn Vulnerable DeFi CTF

Ethernaut CTF

Report for HackerOne Grinch CTF 2020

Tools & Developed Github repositories

CodeAllTheThings

Pointer: Hunting Cobalt Strike globally

AWS-Enumerator