Sign in

StErMi

Guild icon

@StErMi

I like to push myself over my limits and always raise the bar of my knowledge and skills.

Biography

Hi there! I'm Emanuele, aka StErMi, a full stack developer with more than 15 years in the field and since more than 2 years I have devoted all my energies to become the best security researcher.


\

I'm a curios person by nature and I always want to master what I'm learning. I can't help myself to strive for the best, learn. new things and always try to raise the bar.


\

Are you looking for "just" a security researcher? I'm afraid that you are not in the right place ;)
When you hire me, you will get the full package:

A very detailed report \Full working PoC for each critical, high or medium issue \Architectural review of the project with suggestions on how to optimize it \Brainstorming sessions on how to always push for the best possible product

Recent engagements

Name
Team
Timeline

ebtc

2

02 Aug 2023 - 11 Aug 20239 daysView

morpho-aave-v3

5

01 Jun 2023 - 07 Jun 20236 daysView

morpho-aave-v3

5

13 Feb 2023 - 24 Feb 202311 daysView

morpho-v1

5

21 Nov 2022 - 02 Dec 202211 daysView

Liquid Collective

4

07 Nov 2022 - 11 Nov 20224 daysView

Liquid Collective

5

29 Aug 2022 - 09 Sep 202211 daysView

Drippie

3

08 Aug 2022 - 17 Aug 20229 daysView

Art-Gobblers

+3

8

04 Jul 2022 - 15 Jul 202211 daysView

Aera Contracts

4

02 May 2022 - 16 May 202214 daysView

morpho-contracts

4

15 Mar 2022 - 29 Mar 202214 daysView

Security portfolio

Name
Description

Aave v3 bug bounty 3 ($20000 USD)

`LTV-0` `AToken` poison attack!

Read more

Aave v3 bug bounty 2 ($10000 USD)

If the user is in e-mode (efficiency mode) it means that all the assets that have been supplied and borrowed belong to the same e-mode category of the user. During the liquidation process, Aave is making the wrong assumption that, if the user is in e-mode and the e-mode category has been configured with a custom oracle, both the collateral and debt asset are using the same e-mode category custom oracle. This assumption would be normally correct (if you are in e-mode you can only supply and borrow assets that are in the same e-mode category) but there are some specific edge cases where it would not be true.

Read more

Aave v3 bug bounty 1 ($5000 USD)

When the user performs a flashloan action that ends up opening a borrowing position (instead of later repaying the flashloan), Aave is passing to the receiver the wrong amount of fees that the receiver needs to repay. In this specific case, the user does not have to repay any flashloan fees. While Aave is not requesting back those premiums, they anyway tell to the receiver that it have to approve more tokens that are needed (flash loan amount + wrongly calculated premium that should instead be equal to zero). Because of this, the receiver could end up over-approving the Aave protocol. For more detail about the consequences and all the possible side effects, keep reading the blog post because I'm going very deep into the woods 😁

Read more

Available for hire

Worked with

Clients


Security researchers


+9

The first marketplace for web3 security. We've aggregated the security talent and solutions so you don't have to.

Services

CompetitionsReviewsBountiesGuilds

© 2024 Cantina. All rights reserved.