Web3 Security Researcher / Bug Bounty Hunter ~ Hunting vulnerabilities others miss
High
Total
Medium
Total Earnings
#424 All Time
Payouts
1st Places
Top 10
Top 25
All
Code4rena
Nov '23
8,786.14 USDC • 5 total findings • Code4rena • ciphermarco
#4
high
TSS Key Voting Hash Collision
Using unconfirmed UTXOs as inputs for transactions is vulnerable to griefing attacks
Broken `NonceVoter` Allows Observer to Halt the Chain
medium
Limited Voting Options Allow Ballot Creation Spam
`AddBlockHeader` Cannot Cope with Reorgs
Oct '23
0 USDC • 1 total finding • Code4rena • ciphermarco
#111
Attacker can drain all ETH from AuctionDemo when block.timestamp == auctionEndTime
520.42 USDC • 1 total finding • Code4rena • ciphermarco
#12
Malicious users can front-run to cause a denial of service (DoS) for StakedUSDe due to MinShares checks
Sep '23
78.52 USDC • 2 total findings • Code4rena • ciphermarco
#40
All tokens can be stolen from `VirtualAccount` due to missing access modifier
Incorrect source address decoding in RootBridgeAgent and BranchBridgeAgent's _requiresEndpoint breaks LayerZero communication
11,760.71 USDC • 1 total finding • Code4rena • ciphermarco
DelayedAdmin Cannot `PauseAdmin.removePauser`
Aug '23
90.63 USDC • 1 total finding • Code4rena • ciphermarco
#83
Missing slippage parameter on Uniswap `addLiquidity()` function
