Skip to content
/ audits Public

All my Security Audits, Reviews and Contributions

1 star 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

akshaysrivastav/audits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits

all-reports

all-reports

 
 

private-audits

private-audits

 
 

public-audits

public-audits

 
 

README.md

README.md

 
 

Repository files navigation

All my Security Audits, Reviews and Contributions

Public Audits & Bug Bounties Stats

I participate on public audit platforms like Code4rena, Sherlock and Hats Finance. Till now I have :

  • Participated in 20+ public audits
  • Reported 50+ High and Medium severity bugs

Top public audits

Audit Contest Rank Results
Ondo Finance 1st link
Gravita Protocol 1st link
Aragon Protocol 4th link
Pool Together 4th link
Caviar Protocol 7th link
Reserve Protocol 9th link

All my public bug reports can be found in public-audits.

Interesting bugs that I have found

  • First deposit bug in Ondo Finance (fork of Compound V2).

    The report shows how a token balance inflation attack can be performed on the protocol to steal user's deposit. More details in my blog post here and in the report.

  • Broken fallback price mechanism in Gravita Protocol

    The report demonstrate the broken fallback price oracle implementation of the protocol which can lead to protocol suffering a complete DoS. More details in the report.

  • Incorrect implementation of cross-chain smart contract system in PoolTogether protocol.

    This report shows how an incorrect implementation of cross chain system can cause loss of funds to the connecting transport layer. More details in the report.

  • Critical monetary loss bug in GoGoPool (an Ethereum staking protocol).

    This report shows how the funds staked by users in the staking protocol can be nullified by an attacker causing loss of funds to users. More details in the report.

  • Frontrunning the use of CREATE2 in Caviar protocol.

    This report demonstrates how the inefficient use of CREATE2 can be exploited by front-running to steal user's funds. More details in the report.

Some of my High severity findings

Audit Contest Finding Details
Caviar Protocol Funds can be stolen from pool due to inefficient royalty distribution link
Rabbithole Protocol withdrawRemainingTokens and withdrawFee functions can be used to pull out user funds link
GoGoPool Protocol Funds of Node Operators can be nullified by any attacker link
Escher Protocol Loss of ETH for NFT buyers link

Beyond these reports, some of my findings has been kept private on protocol's requests. Results of some public audit contests and bounties are still pending, I'll add those once they are announced.

Private Audits

All my private audit contributions can be found in private-audits.

About

All my Security Audits, Reviews and Contributions

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published