Smart Contract Auditor Portfolio

Dacian is the Audit Team Leader at cyfrin.io whose published Deep Dive security research is routinely shared on Twitter & in high-profile blockchain security newsletters such as BlockThreat [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]. Some of Dacian's most notable security research publications include:

• Vulnerabilities In Permissioned Capital Market Protocols

• DeFi Liquidation Vulnerabilities

• Solidity Inline Assembly Vulnerabilities

• Find Highs Using Certora Formal Verification

• Find Highs Using Invariant Fuzz Testing

• DAO Governance Vulnerabilities

• Concentrated Liquidity Manager Vulnerabilities

• Lending & Borrowing Vulnerabilities

• DeFi Slippage Vulnerabilities

• Precision Loss Errors

• Chainlink Oracle Security Considerations

Dacian has presented on smart contract security at:

• ElectiSec Block 7 Guest Speaker - Auditing Heuristics, Business, Branding & Marketing

• Fuzz Fest 2024 - Finding Highs Using Invariant Fuzz Testing & Formal Verification

• DeFi Security Summit 2024 - Workshop on Finding Highs Using Invariant Fuzz Testing (not recorded)

• Fuzzing & Heuristics Interview With Patrick

• OpenSense - How To Effectively Learn Smart Contract Auditing

Dacian has led successful private audits for protocols such as Wormhole, Swell, Solidly, Beefy, Ondo, Linea [1, 2], DeXe and for TradFi platforms such as Kaio and Securitize.

Dacian has earned a $28,000 USD bug bounty for discovering a vulnerability in a live smart contract that combined missing access control & unchecked state transition vulnerabilities to permanently brick the contract admin, future token inflation & staking rewards.

Dacian can identify a wide range of smart contract vulnerabilities; some of Dacian's publicly available findings include:

• Trader can make themselves impossible to liquidate using multiple active markets to trigger liquidation revert due to corruption of ordering in TradingAccount::activeMarketsIds

• Attacker can perform a risk-free trade to mint free USDz tokens by opening then quickly closing positions for markets using negative makerFee

• GlobalConfiguration::removeCollateralFromLiquidationPriority corrupts the collateral priority order resulting in incorrect order of collateral liquidation

• Trader can't reduce open position size when under initial margin requirement but over maintenance margin requirement

• Attack can drain protocol tokens by sandwich attacking two onlyOwner functions to force redeployment of liquidity into an unfavorable range

• Polygon chain reorgs will change mystery box tiers which can be gamed by validators

• Attacker can combine flashloan with delegated voting to decide a proposal bypassing all flashloan protections

• Attacker can destroy user voting power by setting ERC721Power::totalPower and all existing NFTs currentPower to 0

• Attacker can at anytime dramatically lower ERC721Power::totalPower voting power close to 0

• Attacker can use delegation to bypass voting restriction to vote on proposals they are restricted from voting on

• Static GovUserKeeper::_nftInfo.totalPowerInTokens used in quorum denominator can incorrectly make it impossible to reach quorum

• Attacker can bypass token sale maxAllocationPerUser restriction to buy out the entire tier

• Delegators incorrectly receive less rewards for longer proposals with multiple delegations

• DistributionProposal 'for' voter rewards diluted by 'against' voters and missing rewards permanently stuck in DistributionProposal contract

• Signature replay against different reward pool for same organizer/contest as signature digest missing implementation parameter

• Attacker can mint free tokens by exploiting rounding down to zero precision loss

• Borrow rate calculation can DoS all major functionality

• Lender can take borrower's collateral before first payment is due

• Borrower can't repay but can be liquidated as token whitelist can prevent existing positions from repaying

• Trading fees should round up in favor of the protocol to prevent value from constantly leaking to traders

Dacian can be contacted via DM's.