Security Researcher 🧑🔬 Vulnerability and security research disclosure reports Web3 security and cybersec kinds of stuff here 🧑💻🔬

RingDAO | Sending an arbitrary message without authorization of Dapps. Part-II
Protocol Overview:RingDAO is a decentralized community focused on the latest innovations in the cross-chain field within the web3 world. Our mission is to empower existing and future applications to interact seamlessly with multiple blockchain networks. Darwinia chain, is one of the project from RingDAO, It is a one of the earliest parachains in the Polkadot ecosystem, offering out-of-the-box cross-chain capabilities to exchange messages with other parachains and external Ethereum-compatible ...

RingDAO | Sending an arbitrary message without authorization of Dapps. Part-II
Protocol Overview:RingDAO is a decentralized community focused on the latest innovations in the cross-chain field within the web3 world. Our mission is to empower existing and future applications to interact seamlessly with multiple blockchain networks. Darwinia chain, is one of the project from RingDAO, It is a one of the earliest parachains in the Polkadot ecosystem, offering out-of-the-box cross-chain capabilities to exchange messages with other parachains and external Ethereum-compatible ...

Darwinia | Sending an arbitrary message without authorization of user application. Part-I
Protocol Overview:Darwinia is currently at the forefront of developing innovative cross-chain service solutions, with a strategic focus on enhancing the cross-chain capabilities of decentralized applications. In the evolving landscape of blockchain technology, the need for interoperability and seamless communication between diverse blockchains has never been more critical. Msgport, a groundbreaking initiative by Darwinia, stands at the forefront of this challenge, offering a robust solution f...

Darwinia | Sending an arbitrary message without authorization of user application. Part-I
Protocol Overview:Darwinia is currently at the forefront of developing innovative cross-chain service solutions, with a strategic focus on enhancing the cross-chain capabilities of decentralized applications. In the evolving landscape of blockchain technology, the need for interoperability and seamless communication between diverse blockchains has never been more critical. Msgport, a groundbreaking initiative by Darwinia, stands at the forefront of this challenge, offering a robust solution f...

Open Source Security Research | How I Found Dependency Confusion vuln on Web2 and Web3 firms.
Intro:Dependency confusion, sometimes referred to as substitution attack, dependency repository hijacking, or simply repo jacking, is a software supply chain assault in which a valid internal software dependency is replaced with malicious third-party code. This type of attack vector can be created in several ways, such as Namespacing: By uploading a malicious software library to a public registry (such as the Python Package Index [PyPI] or JavaScript's npm registry) with a name that is s...

Open Source Security Research | How I Found Dependency Confusion vuln on Web2 and Web3 firms.
Intro:Dependency confusion, sometimes referred to as substitution attack, dependency repository hijacking, or simply repo jacking, is a software supply chain assault in which a valid internal software dependency is replaced with malicious third-party code. This type of attack vector can be created in several ways, such as Namespacing: By uploading a malicious software library to a public registry (such as the Python Package Index [PyPI] or JavaScript's npm registry) with a name that is s...

Security research disclosure | Optimism Bridge Portal
Intro:The OptimismPortal contract is an L1 smart contract that can be used by both smart contracts and EOAs to create L2 transactions without the direct involvement of the Sequencer. Many users already interact with this contract indirectly when they bridge ETH or other tokens between L1 and L2 via the Standard Bridge system available on all OP Stack chains. This write-up showcases that multiple forks of the Optimism Portal contract are affected. Some affected forked projects are:Base orgBlas...

Security research disclosure | Optimism Bridge Portal
Intro:The OptimismPortal contract is an L1 smart contract that can be used by both smart contracts and EOAs to create L2 transactions without the direct involvement of the Sequencer. Many users already interact with this contract indirectly when they bridge ETH or other tokens between L1 and L2 via the Standard Bridge system available on all OP Stack chains. This write-up showcases that multiple forks of the Optimism Portal contract are affected. Some affected forked projects are:Base orgBlas...

Solidity lang Compiler | Bringing back Arithmetic bug over ^0.8.0 version.
Intro:This write-up will explain my accidental discovery of a solidity compiler bug. During a security audit on a protocol, I came across an interesting and Known compiler bug on solidity. I quickly escalated to the Ethereum security team and got a well-expected response. Compiler version affected: 0.8.19+commit.7dd6d404 and the latest release Target EVM Version: Default on Remix Framework/IDE: Remix IDEDescription:Solidity version 0.8.0 or above promises to prevent arithmetic overflow and un...

Solidity lang Compiler | Bringing back Arithmetic bug over ^0.8.0 version.
Intro:This write-up will explain my accidental discovery of a solidity compiler bug. During a security audit on a protocol, I came across an interesting and Known compiler bug on solidity. I quickly escalated to the Ethereum security team and got a well-expected response. Compiler version affected: 0.8.19+commit.7dd6d404 and the latest release Target EVM Version: Default on Remix Framework/IDE: Remix IDEDescription:Solidity version 0.8.0 or above promises to prevent arithmetic overflow and un...