Portfolio page showcasing multiple critical smart contract vulnerabilities disclosed across DeFi/NFT protocols, including access control flaws, uninitialized UUPS proxies enabling arbitrary delegatecalls, and broken token transfer functions. Author details bounty payouts and rescued funds across 88mph, Polygon, KeeperDAO, and other projects, with limited technical depth on each vulnerability.
Trust Security discovered a class of DOS vulnerabilities affecting 100+ projects that abuse the frontrunnable nature of EIP-2612 Permit function when composed with other contract logic. The vulnerability allows attackers to force transaction reverts by front-running permit() calls, causing griefing attacks that block normal function execution, with $50k in bounties awarded across 15 projects.