Data Science + Business student doing AI-driven Web3 security research. I run autonomous auditing pipelines. Focus: zero-knowledge circuits, L1 consensus clients, and smart contracts.
Every entry is publicly verifiable: each links to a merged fix, a published advisory, or a writeup. Dates are the fix-merge or publication month.
| Date | Project | Severity | Vulnerability | Reference |
|---|---|---|---|---|
| 2026-06 | Payy Network | Critical | ZK circuit soundness: forged burn messages drain rollup USDC | CVE-2026-48100 |
| 2026-03 | Polkadot SDK | Critical | XCM fees register not restored on rollback: permissionless asset duplication |
PR #11320 |
| 2026-03 | Celestia | Critical | x/forwarding collateral-token poisoning: permissionless TIA theft |
PR #6906 |
| 2026-03 | Celestia | Critical | x/forwarding synthetic-slot poisoning: permanent TIA lock |
PR #6906 |
| 2026-03 | Ripple xrpl-py | Critical | SField registry corruption: binary-codec crash and silent tx corruption | PR #918 |
| 2026-02 | f(x) Protocol | Critical | FxUSD wrapFrom unbacked mint after pool liquidation |
commit |
| 2025-04 | Chainflip | Critical | AMM U256 overflow in on_finalize: consensus halt, ~$24M TVL frozen |
PR #5770 |
| 2026-02 | Zircuit | Critical | zkVM l1_blocks witness bypass: stale system-config in proven roots |
writeup |
| 2026-04 | Ripple rippled | Medium | Invariant flag overwrite (= vs |=): violations silently committed |
PR #6609 |
Additional findings remain under private disclosure or embargo and are added here as fixes ship.
- Zero-knowledge proof systems: Noir, Halo2, circuit soundness
- L1 and consensus clients (Go, Rust, Scala): consensus halts, pre-auth DoS, runtime panics, state-machine safety
- EVM and non-EVM smart contracts: DeFi accounting, bridges, codec and invariant correctness
- Immunefi: LoopGhost007
- HackenProof: LoopGhost007