Skip to content

Latest commit

 

History

History
58 lines (47 loc) · 9.78 KB

README.md

File metadata and controls

58 lines (47 loc) · 9.78 KB

Profile Picture

About Rappie

Rappie is the CTO and Lead Fuzzing Specialist at Perimeter, an Associate Security Researcher at Spearbit, and active in Bug Bounty on Immunefi.

As a security researcher, he specializes in fuzzing EVM-based smart contracts.

Beyond his professional roles, Rappie is an active member of the fuzzing community, contributing to its growth through various initiatives, including maintaining a List of Public Fuzzing Campaigns.

Testimonials

Rappie found some extremely subtle behaviors in our code that many others missed. He not only uses the cutting edge of multiple fuzzing engines, but also helps shape how these fuzzers are built. We've been delighted to use his mastery to make our contracts more secure.

Rappie went above and beyond to deeply understand our protocol and cover all the edge cases. His experience and knowledge about the art of fuzzing is unparalleled. Overall he is an incredible security expert, we certainly will be returning to him with our future smart contracts.

Fuzzing & Security Research

Protocol Engagement Type Completed Report Code
Berachain Fuzzing Specialist during Spearbit Security Review 2024-08
Private Fuzzing Specialist during Spearbit Security Review 2024-05
Origin Protocol Perimeter Fuzzing Engagement 2024-05 Report Code
Private Perimeter Fuzzing Engagement 2024-04
Private Fuzzing Specialist during Spearbit Security Review 2024-03
Drips Network Perimeter Fuzzing Engagement 2024-01 Code
Drips Network Fuzzing Specialist during Spearbit Security Review 2023-11 Report
Private Perimeter Fuzzing Engagement 2023-11
Origin Protocol Fuzzing Engagement 2023-09 Code
Origin Protocol Fuzzing & Audit 2023-03 Report

Bug Bounty & Competitions

Description Severity
Report Platform Protocol
Incorrect argument passed to Utils.characterToUnicodeBytes in Namespace.fuse High Report Code4rena Canto Identity
Calling OUSD.burn() on an address with zero balance causes the totalSupply to go down Low Report Immunefi Origin Protocol
Vault.redeem() fails with only non-rebasing credits in the protocol Low Report Immunefi Origin Protocol
Total supply can become larger than max supply Low Report Immunefi Origin Protocol
LiquidityTree.push() does not always update state correctly Low Report Immunefi Azuro
OUSD.burn() allows for destroying supply while balance remains Low Report Immunefi Origin Protocol

Other Work & Initiatives

Project Link
Maintaining a List of Public Fuzzing Campaigns Link
Reproduction of the Rari Finance hack using on-chain fuzzing with Echidna Link
Reproduction of the Curve Reentrancy hacks using on-chain fuzzing with Echidna Link
Author of Echidna Exercise: Solve Damn Vulnerable DeFi - Side Entrance Exercise, PR

Contact

Don't hesitate to contact me with questions, discussions, or business requests.