My 3 am realization exposed a vulnerability in blockchain infrastructure handling billions in cryptocurrency transactions. This vulnerability writeup details a critical race condition I found in the Flashbots Ethereum MEV-Boost relay that allowed attackers to hijack MEV auctions and trick validators.

How I turned a competition distraction into a 0-day. This writeup covers the discovery and exploitation of CVE-2022-35420, an auth bypass in Scada-LTS that exposes critical industrial control systems to unauthenticated account takeover.

Here’s a fun html-injection vulnerability in one of Stanford University’s websites and how I found it. Screenshot of HTML-injection vulnerability proof of concept:

Announcing my latest developer tool: Source Snapshot – A source code directory visualizer for your browser.

A simple cheatsheet for Solidity Integer ranges, from uint8 to uint256. In data types, size does matter :0.