<aside> 🐱 Hello world!
</aside>
Cosmos SDK:
Bypass for ASA-2024-003
: Missing BlockedAddressed Validation in Vesting Module
Packet fees are not removed after a successful refund
Bypassing IsSendEnabledCoins restriction
Chain halt risk in x/gov due to unrestricted gas limits
MsgCreateContinuousFund
does not remove entries in RecipientFundPercentage
Validators can use unsupported public keys, triggering a chain halt
CosmWasm:
Stargaze Names Vulnerability Disclosure
Cadence:
Flovatar Vulnerability Disclosure
FlovatarMarketplace Vulnerability Disclosure
Soulmade Vulnerability Disclosure
Some writings about web2 bugs on Medium:
GitHub Advisory Database that includes reported vulnerabilities on open-source projects: https://github.com/advisories?query=credit:sushiwushi
Certifications:
Offensive Security Web Expert (OSWE) was issued by Offensive Security to Richie Chun Fei Lee.
Top 100 Google VRP in 2020! https://x.com/sushiwushi2/status/1271653432613408768/
One of my bug bounty reports is also featured in Google VRP staff picks!
Google VRP profile: https://bughunters.google.com/profile/05b1fe6a-7abf-495c-bbec-e58d6eba3dd7
HackerOne profile: https://hackerone.com/setuid