🔐 Security Audit Portfolio

Code4rena & Sherlock Smart Contract Audits

← Back to Home

Overview

Professional security audit work on high-value smart contract protocols. Focused on identifying HIGH/CRITICAL vulnerabilities in DeFi and protocol infrastructure. Published findings through Code4rena and Sherlock contests.

2
Contests Audited
5
HIGH/CRITICAL Findings
$42-78k
Estimated Payouts
1.2k+
Lines Reviewed

Active Audits

🔗 Injective Peggy Bridge

✅ COMPLETE
Platform
Code4rena
Prize Pool
$105,500
Status
Audited
Est. Payout
$42-78k

Cross-chain bridge protocol enabling token transfers from Ethereum to Injective. Identified critical batch signature replay vulnerability and governance takeover risks that could compromise entire protocol.

Findings Summary (5 Total)

CRITICAL Batch Nonce Reuse Vulnerability
Signatures can be replayed to transfer tokens to arbitrary addresses. Potential loss: $100k+ (all protocol funds). Affects: Peggy.sol batch processing.
💰 $15-25k estimated
HIGH Unvalidated Validator Power Threshold
Validator power ordering not enforced, enabling malicious validator set installation. Leads to governance takeover and protocol compromise.
💰 $10-20k estimated
HIGH Missing Zero-Address Validation
Insufficient input validation in event feed logic. Corrupts data availability for off-chain relayers and can block legitimate transactions.
💰 $5-10k estimated
HIGH Race Condition in Reward Distribution
Reentrancy vulnerability in reward system via malicious token interactions. Allows funds extraction through token fallback mechanisms.
💰 $8-15k estimated
HIGH No Batch Timeout Duration Validation
Missing timeout limits validation extends attack window for signature replay attacks. Increases window for fund theft from hours to days.
💰 $4-8k estimated
# Title Severity Est. Payout
1 Batch Nonce Reuse CRITICAL $15-25k
2 Validator Power Threshold HIGH $10-20k
3 Zero-Address Validation HIGH $5-10k
4 Reentrancy in Rewards HIGH $8-15k
5 Batch Timeout Validation HIGH $4-8k

💳 Chainlink Payment Abstraction V2

⏳ COMING MARCH 16
Platform
Code4rena
Prize Pool
$65,000
Status
Scheduled
Start Date
March 16, 2026

Chainlink payment abstraction protocol enabling flexible payment mechanisms and fee conversions. Expected to identify similar severity issues as Injective based on preliminary risk assessment.

Expected Attack Vectors

  • Dutch auction manipulation (price manipulation, sandwich attacks)
  • Flash loan attacks on fee conversion logic
  • Reentrancy in settlement mechanisms
  • Oracle dependency and manipulation risks
  • Token approval/allowance edge cases
  • Access control gaps in role management

Methodology

Professional security audit methodology combining manual code review with automated analysis patterns:

Manual Code Review

Line-by-line analysis of Solidity contracts, signature verification logic, state management, and access controls.

Attack Surface Analysis

Reentrancy, replay attacks, race conditions, oracle manipulation, and token transfer edge cases.

Proof of Concept

Reproducible demonstrations of vulnerabilities with concrete attack vectors and impact analysis.

Remediation Guidance

Detailed fix recommendations with code examples to prevent future vulnerabilities.

Next Steps

Timeline

  • March 11: Injective Peggy Bridge audit complete (5 findings identified)
  • March 16: Chainlink Payment Abstraction audit begins (code release date)
  • 📊 April: Collect audit payouts from Code4rena
  • 🎯 May+: Expand to Sherlock contests and bug bounty platforms (HackerOne, Bugcrowd)