Skip to content

pinalikefruit/portfolio

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
README.md
README.md
 
 

Repository files navigation

Smart Contract Audits and Findings by Piña 🍍

🔐 Blockchain Security Researcher | 💔 Love breaking things

🕷️ What I'm up to:

🚀 What I'm building:

  • 🛠 Created a comprehensive repository on fuzz testing techniques and best practices. Fuzzing Repository
  • 🤖 Developed an automation project to streamline my setup process for participating in security review contests. Setup Repository

🔐 +25 High/Medium severity bugs found in public competitions

Audit Competitions

Date Project Severity Finding
07-23 Escrow Prevent i_arbiter from being initialized with address (0) Medium
07-23 BeedleFi Anyone can call Fees.sellProfits and perform sandwich attacks High
07-23 BeedleFi transferOwnership should not be sent to address(0) Medium
07-23 Stablecoin liquidate can be front-run Medium
07-23 Stablecoin TIMEOUT value is hardcoded Medium
07-23 Stablecoin updatedAt can be zero Medium
07-23 Stablecoin TIMEOUT value is too large Medium
07-23 Stablecoin answeredInRound is Deprecated Medium
09-23 Allo V2 The Anchor.sol sets up the registry with an incorrect address High
09-23 Venus Primer DoS and gas griefing of calls to Prime.updateScores() Medium
10-23 Steadefi The vault can be reactivated after "Status.Closed" Medium
10-23 Steadefi After ProcessCompoundCancellation(), the status of vault is not reset to Open Medium
10-23 Steadefi PnL is incorrectly configured for deposit LP Medium
01-24 Salty No proposal time limit traps sponsors of unpopular proposals Medium
01-24 Salty DOS of proposals by abusing ballot names without important parameters Medium
01-24 Salty Impossible to change managed wallets with proposeWallets after first rejection Medium
07-24 MagicSea Protocol Incompatibility with Rebasing Tokens Medium
07-24 MagicSea Unclaimed Extra Rewards Stuck in Contract After setExtraRewarder Update Medium
07-24 MagicSea Miscalculation of avgDuration in MlumStaking::addToPosition Causes Extended Lock Periods Medium
07-24 MagicSea Fee on Transfer Tokens Miscalculation in MasterChef Contract Medium
08-24 Tadle Lack of Support for Fee-On-Transfer Tokens Medium
08-24 Tadle Missing Approval Causes Insufficient Allowance Error for ERC20 Withdrawals High
08-24 Tadle Incorrect Contract Approval Prevents WETH Withdrawals High
08-24 Tadle SystemConfig::updateReferrerInfo let the user auto Referrer itself High
08-24 Tadle User Can Drain the Protocol's Funds High

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published