Hi! I am Senior Security Researcher from Ukraine πΊπ¦. Specializing in Web3, Solidity/Rust/Go/Motoko smart contracts, complex architectures as L1, L2, Bridges, VMs. As well, I have extensive experience in Web and API applications, source code, and cloud deployment (AWS, GCP) reviews. Sometimes, I am developing open-source tools & sharing personal research.
WalletConnect: Submitting malicious transactions into crypto wallet on behalf of any dApp
Sperax: USDs - Quantstamp audit
Venus: Liquidator - Quantstamp audit
HashPack: Hedera Crypto Wallet - Quantstamp audit
Boba: NFT Bridges And LP Floating Fee - Quantstamp audit
OasisSwap: AMM (SushiSwap v2 fork)- Quantstamp audit
Chainlink: CCIP and ARM Network - Code4rena
Chainlink: Staking v0.2 - Code4rena
Review of 2,000,000$ vulnerability within the Optimism VM
Phishing and credential harvesting in Electron applications
1-click RCE in Electron Applications
0-click RCE in Electron Applications
GSuite domain takeover through delegation
Finding broken access controls through source code in .NET applications
Finding SQL Injections through source code in .NET applications
Report for HackerOne Grinch CTF 2020