gandu9595
Biography
Highlights
- Completed 24 paid bug bounties, including 9 through Immunefi and 16 through direct contact with projects.
- Submitted critical bugs in move language
- Reached in top #50 on Sherlock's leaderboard
- Cantina Fellowship
- Immunefi Top #30 during the June - July 2024
Bug Bounties
| Protocol | Platform | Category | Severity | Findings 🔎 |
|---|---|---|---|---|
| Lyra Protocol V1 | Immunefi | Option AMM protcol | Critical | Identified a miscalculation in base assets and quote assets, leading to a liquidity token rebase |
| Lyra Protocol V2 | Directly Reachout | Option AMM protcol | High | Griefing Attack due to Permit |
| Panoptic Protocol | Directly Reachout | Option Protocol on Uni v3 | Critical | Internal accounting fee accumulation could create bad debt in the protocol. |
| Alchemix | Immunefi | Self-Repaying Loans | High | A single token holder could reset the token price to 1:1. |
| Sonne Finance | Directly Reachout | Compound fork | Critical | Share inflation on empty vaults escalated to a Hundred Finance-type attack. |
| Sovryn Finance | Immunefi | Bitcoin trading and lending | Critical | Discovered that dust amounts could mutilate the share token price. |
| Gains Network | Immunefi | trading platform on crypto, forex, and commodities | Critical | Manipulation of mintToken Leading to First Deposit Loss |
| BeanStalk | Immunefi | stablecoin protocol | Medium | Attack due to permit |
| Onyx Protocol | Directly Reachout | financial grade applications Protocol | Critical | Share inflation on empty vaults escalated to a Hundred Finance-type attack. |
| AcrossProtocol | Directly Reachout | Cross chain Protocol | Critical | Deposits in the bridge contract are internally inflated, leading to the loss of user funds. |
| KogeCoin | Immunefi | Farming vaults | Critical | Inflation Attack due to rounding Error |
| 2 PI network | Directly Reachout | automated vault strategy | Critical | Every Pools first deposit can be stolen |
| Claystack | Directly Reachout | LST protcol | Medium | Timelock Centralisation Vulnerability |
| ANTFARM | Directly Reachout | Rebalancing protcol | Medium | Past proposals become executable due to a lack of quorum in Governor |
Aptos and Sui Move Bug
| Protocol | Category | Severity |
|---|---|---|
| Scallop | Lending borrowing on sui | Critical |
| Aries Market | Leverage Trading On Aptos | Critical |
| Merkle Trade | Perp On Aptos | Medium |
Private Audits
| Project | Feature | Finding 🔎 |
|---|---|---|
| saffron | Zero-coupon swap | 1H, 1M, 4L |
| Maga Trump | Tax token to tax free token swap | 1L |
Bug Content/ Twitter thread
Top competitions
View allContest | Position | Date | Payout |
|---|---|---|---|
infrared-contracts | 32 / 377 | January 2025 | $1,024 |