y4y
Smart Contract Security Researcher
& Sherlock Lead Judge
From web app security & browser exploitation to securing DeFi protocols. Analyzing CVEs, building exploits, and auditing smart contracts.
๐ Top Contest Results
| Contest | Platform | Place | Findings |
|---|---|---|---|
| Mento | Sherlock | 1st | 1 Medium |
| Super Boring | Sherlock | 2nd | 2 High |
| LoopFi | C4 | 3rd | 1 High |
| Pareto USP | Sherlock | 1st | 1 Medium |
Background
Web2 โ Web3
Started in web application security โ analyzing CVEs like ProxyShell & Log4j, building exploit toolkits, and reproducing V8 type confusion bugs.
Transitioned to smart contract security in 2023. Now focused on competitive audits and collaborative protocol reviews.
๐ Private Audits
Collaborative Reviews
MoatV3 โ 2C / 2H / 8M
Rujira Trade FIN โ 2C / 1H / 5M
โ๏ธ Lead Judge
Sherlock Contests
Privacy Cash โ Rust/Solana/ZK
OpenCover Insured Vaults โ Solidity
Recent Writeups
25 total
WEB3! Damn Vulnerable DeFi 3.0 Write Up
Web3
Aug 2023
CVE-2021-38001: A Brief Introduction to V8 Inline Cache and Exploitating Type Confusion
Browser Security
May 2023
From RPC To RCE: VMWare Log Insight CVE-2022-31704
Web Security
Feb 2023
Browser Exploitation: A Case Study Of CVE-2020-6507
Browser Security
Aug 2022
Log4j Analysis: More JNDI Injection
Web Security
Dec 2021
My Steps of Reproducing ProxyShell
Web Security
Aug 2021