curiousapple
3,631 posts
curiousapple
@0xcuriousapple
apple a day keeps hecker away, LSR @guardianaudits
- 🟢🔴 Public Disclosure for ERC1271 Replay Issue🔴 🟢 On September 25, 2023, I found an issue in a widely used implementation of the ERC1271 pattern that affected more than 15 teams. The following blog describes the sequence of events regarding how it all came together.
- I am done with trying to learn ZK Theory, I am too dumb to do so😭 Applied ZK Engineer from now on 🫡 Circom, is my fren🙂
- Found 3 high severity bugs today😎 1. Oracles were overestimating collateral for tokens < 18 decimals 2. A DOS attack was possible by paying the debt on behalf of vault to lending providers(div by zero) 3. In some cases, partial liquidations were impossible due to redundant check
- I view auditing as nothing more than parsing the graph of possibilities. You pick a root and traverse all branches to their maximum depth. How good of an auditor you are is decided based on the number of branches you can imagine and the depth to which you can explore them.
- if you're pushing the limits of what's possible, come challenge us at @GuardianAudits, we'll happily take it on. and yeah, starting today, I'm joining guardian audits as LSR 🥂 kicking things off with some 🫐🫐🫐 for starters :)
- the hardest part of an audit is not finding issues— that’s actually the easiest and most exciting part. the hardest part is the initial inertia of getting accustomed to the codebase and reading docs, lol
- I just started with @sherlockdefi , did some 2 contests, and I think their judging sucks I understand judging is hard problem, but I have never expected it to be so bad In my experience @code4rena and @HatsFinance is lot better there Escalations should be used to point one or
- While doing an audit, somehow, after some time, protocol feels like home. Everything seems connected, you start wondering in the imaginary land of all possibilities. That's the most exciting part of doing audits !! That's why I do it 😄
