I'm an independent security researcher and 1/4th of the team at Renascence Labs. I'm also a Security Researcher at Spearbit and Senior Auditor at Trust Security.
For private audits or security consulting, please reach out to me on Twitter @milotruck.
- Code4rena Profile
- Blog: A year of Competitive Audits
- Ranked #1 on Code4rena for 2023
Contest | Category | Ranking | Report |
---|---|---|---|
LUKSO | ERC-20, ERC-721, Account Abstraction | 🥇1st | 📄 |
Lens Protocol V2 | Social Network | 🥇1st | 📄 |
Arbitrum Security Council Elections | Governance, Voting | 🥇1st | 📄 |
StakeWise V3 | Liquid ETH Staking | 🥇1st | 📄 |
Biconomy | Account Abstraction | 🥇1st | 📄 |
Chainlink Staking v0.2 | Staking | 🥇1st | |
YOLO Games | GameFi | 🥇1st | |
Morpho Blue | Lending | 🥈2nd | 📄 |
Wildcat | Lending | 🥈2nd | 📄 |
Optimism Fault Proofs | OP Stack, Fault Proofs | 🥉3rd | |
PoolTogether V5 | Yield Farming | 🥉3rd |
Protocol | Category | Report |
---|---|---|
Karak | ETH Restaking | 📄 |
Redacted Finance | Liquid ETH Staking | 📄 |
Redacted Finance | Cross-chain Liquid Staking Token | 📄 |
Redacted Finance | Cross-chain Liquid Staking Token | 📄 |
Arcade.xyz | NFT-collateralized Lending | 📄 |
Arcade.xyz | Staking Rewards | 📄 |
Phuture Finance | Multi-chain Index | 📄 |
Locksmith | ERC-1155 | 📄 |
Protocol | Category | Report |
---|---|---|
Blast L2 | OP Stack | 📄 |
Sushiswap | DEX | 📄 |
Sushiswap | DEX | 📄 |
Level Money | Synthetic Dollar | 📄 |
Level Money | Synthetic Dollar | 📄 |
Degen | ERC-20 | 📄 |
Protocol | Category | Report |
---|---|---|
Mozaic Finance | Yield Farming | 📄 |
Mozaic Finance | Staking Rewards | 📄 |
Degen Express | ERC-20 Launchpad | 📄 |
Protocol | Category | Report |
---|---|---|
Celo | L2 | 📄 |
Strateg | Yield Farming | 📄 |
Agent Exchange | NFT Exchange | 📄 |
Tornado Blast | ERC-20 Trading Bot | 📄 |
Protocol | Category | Report |
---|---|---|
LUKSO | ERC-20, ERC-721 | 📄 |
LUKSO | Account Abstraction | 📄 |
Rodeo Finance | Yield Farming | 📄 |
Rodeo Finance | Yield Farming | 📄 |
UpTurnOS | ERC-20 | 📄 |
Immunefi
- Beluga Protocol: Permanent freezing of tokens by vote manipulation - Critical
- Arcade.xyz: Forcing users into loans by manipulating EIP-1271 signatures - High
- GYSR: Theft of funds through precision loss - Informational
Others