Halting the Cronos Gravity Bridge
December 11, 2023In January 2023, I found and reported two separate bugs to the Cronos Gravity Bridge project on Immunefi. The first bug would allow an…
Hello! I am Faraz, a Web3 auditor at Zellic. I used to be a Chrome + Android vulnerability researcher in a previous life. Follow me on twitter!
You can find my old vulnerability research blog here.
Finding a Critical Vulnerability in Astar
December 05, 2023I wrote this blog post for the Zellic blog. You can find the post here. If you're after a high quality audit, please contact Zellic to set…
ParadigmCTF 2023 Challenges Writeup
October 30, 2023I spent a little bit of time on ParadigmCTF 2023. This post will give an in-depth rundown on how I solved two of those challenges: Grains of…
SportsDAO Flashloan Attack Analysis
November 21, 2022@CertiKAlert tweeted out an alert for a flash loan attack on SportsDAO yesterday (November 21, 2022). I spent ~1.5 hours recreating the…
Nereus Finance Flashloan Attack Analysed and Exploited
November 18, 2022I was scrolling through the @PeckShieldAlert and @CertiKAlert twitter accounts, looking for a complicated looking price manipulation style…
TempleDAO Exploit Remastered
November 14, 2022So.. It's been a long time since I've written anything on this blog. I've been out of touch with the cyber security twitterverse, and have…