<aside> 📞 Feel free to contact me in Telegram if needed: https://telegram.me/sushiwushi2
</aside>
2024: 1st place in Cosmos bug bounty program: https://hackerone.com/cosmos/thanks/20242023: Involved in CosmWasm CTF with the teams at Oak Security: https://github.com/oak-security/cosmwasm-ctfCosmos SDK:
Halting chains with malicious token factory denoms
Stakers’ undelegations may be slashed incorrectly
Bypass for ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module
Packet fees are not removed after a successful refund
Bypassing IsSendEnabledCoins restriction
Chain halt risk in x/gov due to unrestricted gas limits
MsgCreateContinuousFund does not remove entries in RecipientFundPercentage
Validators can use unsupported public keys, triggering a chain halt
CosmWasm:
Stargaze Names Vulnerability Disclosure
Cadence:
Flovatar Vulnerability Disclosure
FlovatarMarketplace Vulnerability Disclosure
Soulmade Vulnerability Disclosure
Some writings about web2 bugs on Medium:
GitHub Advisory Database that includes reported vulnerabilities on open-source projects (a bunch of CVEs): https://github.com/advisories?query=credit:sushiwushi
2020: 77th ranking in Google VRP.
Google VRP profile: https://bughunters.google.com/profile/05b1fe6a-7abf-495c-bbec-e58d6eba3dd7
One of my bug bounty reports is also featured in Google VRP staff picks!
Certifications:
Offensive Security Web Expert (OSWE) was issued by Offensive Security to Richie Chun Fei Lee.
HackerOne profile: https://hackerone.com/setuid