J4X98
@J4X98
Intro
I'm a smart contract security researcher with a background in computer science. I have 1 1/2 years of experience in the smart contract security field, at first from an academic and CTF perspective, and later on as a smart contract auditor. Before I started auditing smart contracts I studied Information Security (Cybersecurity) and worked as a penetration tester.
During my first year in smart contract security, I was able to win two security contests, get another two top 3 placements and two more top 10 placements. I'm highly interested in the field of decentralized finance as I've always been interested in traditional finance. I am proficient in auditing code in Solidity as well as Substrate and am trying to add more frameworks to my portfolio in the future.
I am currently working as a Lead Security Researcher at Thesis Defense as well as competing in contests on Code4rena and Cantina.
Contest performances
Platform | Contest | Position | Payout | High | Medium |
---|---|---|---|---|---|
C4 | Centrifuge | 6/84 | $1663,90 | 0 | 1 |
C4 | Venus prime | 34/115 | $163,76 | 0 | 0 |
C4 | ENS | 3/54 | $1840,73 | 0 | 1 |
C4 | Wildcat Finance | 27/130 | $352,22 | 0 | 0 |
C4 | Ethena Labs | 27/149 | $218,85 | 0 | 1 |
C4 | Party DAO | 38/65 | $168,15 | 0 | 1 |
Cantina | Morpho Blue | 38/65 | $17919,95 | 0 | 4 |
C4 | reNFT | 40/115 | $223,94 | 1 | 5 |
C4 | Salty | 19/ 177 | $811,39 | 3 | 10 |
C4 | HydraDx | 1/27 | $23597,20 | 0 | 9 |
Cantina | Opal | 6/42 | $1780,65 | 3 | 8 |
Cantina | Wormhole | 1/13 | Redacted | Redacted | Redacted |
Total Public Findings (without private audits and contests)
High | Medium |
---|---|
7 | 40 |
CTFing
I made my first steps into Smart contract security through my love for CTFing. During my two years as an active CTF player, I was able to serve as the team captain of Austria's best team LosFuzzys, and solved hundreds of challenges, participating in almost 100 CTFs. I have also developed my own CTF challenges which were played by over 3000 players. I have also written writeups of challenges I solved so that newer researchers can learn based on them. All my writeups can be found on my website's CTF part. Below you can find some highlighted writeups that include very interesting vulnerabilities:
- Safebridge (A vulnerable L2 Bridge)
- Unnamed Web3 (A DNS service based on smart contracts)
- Baby Otter (A CRC32 implementation in move that I cracked manually)
Additionally, I have played multiple 24/7 CTFs like Ethernaut, DamnVulnerableDeFi, QuillCTF, and OnlyPwner. For these, I have also provided countless writeups on my website.
Tool familiarity
Name of the tool | Context |
---|---|
Foundry | Using forge for building POCs, using cast on CTFs, using anvil for deploying CTF challenges |
Hardhat | Used for building POCs |
Remix | Used for quickly deploying and testing code |
web3.js | Used for competing in CTFs, as well as building a small toolkit similar to foundry |
Etherscan | Used for retrieving data on Bug Bounties / CTFs |
Certora | Used for formally verifying code |
Work experience
Name of the concept | Additional Info |
---|---|
ERC Standards | ERC20, ERC721, ERC4626, ERC4337 |
Gnosis Safes | reNFT, Redacted |
Lending | Morpho, Wildcat Finance, Opal, Balancer |
AMM | Uniswap, Omnipool (Opal, HydraDx), Custom (Salty.io), compound |
Proxies | Transparent, UUPS, Diamond |
Staking | Ethena, Salty.io, Redacted |
Governance | ENS,Ethena Labs, Opal, Salty.io |
Cross Chain | Wormhole, Axelar, Threshold tBTC bridge, Custom implementations |
Security portfolio
Name | Description | |
---|---|---|
Morpho Cantina contest | An audit contest of Morpho blue which is a simplified lending protocol which implements ERC4626 vaults and offers flashloans. | Read more |
Wildcat Code4rena Contest | Wildcat is the first protocol that undercollateralized loans. The protocol implements novel lending mechanisms. | Read more |
Centrifuge Code4rena Contest | An audit contest of Centrifuge's RWA system including ERC4626 vaults, a custom ERC20 token and a substrate para chain. | Read more |
Salty.io Code4rena Contest | Stalty is a protocol implementing AMM, Lending and Staking functionalities. | Read more |
ENS Code4rena Audit | A audit contest of ENS custom Governance token implementation | Read more |
HydraDX Code4rena Contest | HydraDx is an AMM protocol deployed on the substrate. | Read more |
Ethena Labs Code4rena contest | An audit of Ethena's token and staking functionalities | Read more |
Party Protocol Code4rena Contest | Party protocol offers users a way to jointly manage NFTs. The contest was focussed on newly integrated functionalities. | Read more |