https://github.com/0ksecurity/portfolio
This is my portfolio showcasing the vulnerabilities I have discovered during my one-year journey as a bug hunter.
https://github.com/0ksecurity/portfolio
bugbounty contest evm fuelvm immunefi solidity sway
Last synced: about 1 year ago
JSON representation
This is my portfolio showcasing the vulnerabilities I have discovered during my one-year journey as a bug hunter.
- Host: GitHub
- URL: https://github.com/0ksecurity/portfolio
- Owner: 0Ksecurity
- License: other
- Created: 2024-01-01T20:44:33.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2025-04-26T16:30:23.000Z (about 1 year ago)
- Last Synced: 2025-04-26T17:31:25.564Z (about 1 year ago)
- Topics: bugbounty, contest, evm, fuelvm, immunefi, solidity, sway
- Homepage:
- Size: 46.9 KB
- Stars: 9
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
## Audit portfolio
This repository highlights 0kSecurity, also known as zeroK, showcasing my expertise and achievements over 1 year as bug hunter in the Web3 security field.
- [About zeroK](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#about-zerok)
- [Expertise](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#expertise)
- [top 5 reports](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#my-top-5-reports)
- [Attackathon](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#my-top-5-reports)
- [Invite-only-program](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#invite-onlyiop-program-on-immunefi)
- [contests](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#contestboost-on-immunefi)
- [Bug bounties](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#bug-bounties)
- [private audit](https://github.com/0Ksecurity/Portfolio/edit/main/README.md#contestboost-on-immunefi)
## About zeroK
I'm security researcher with two years of experience in the Web3 security field. Specializing in Solidity, Sway, EVMs, and DeFi protocols, I also brings expertise in the Fuel blockchain ecosystem(fuelVM). Starting as a warden on CodeArena then i transitioned to bug hunting on Immunefi, achieved **Elite Rank** (ranked 40th for 2024) in just 8 months from zero programming background. You can explore my Immunefi portfolio [here](https://immunefi.com/profile/zeroK/?scope=year), I've been actively involved in contests and bug bounties on Immunefi, and found over 20 valid reports, and participated in the Fuel Attackathon, mastering the Fuel ecosystem within just 15 days.
Lately, I have started providing private security reviews in the Web3 space. If you’re interested in getting a quick and professional private quote, feel free to reach out via:
- Telegram @zero0K.
- X account [@0K_Security](https://x.com/0K_Security)
- Discord @0k_sec.
# Expertise
| Expertise | Proficiency |
| ------------ | ----------- |
| **Solidity** | ⚡⚡⚡⚡⚡ |
| **EVM** | ⚡⚡⚡⚡⚡ |
| **sway** | ⚡⚡⚡⚡⚡ |
| **fuel VM** | ⚡⚡⚡⚡⚡ |
| **DEFI** | ⚡⚡⚡⚡⚡ |
## my top 5 reports
This list includes the top reports from my participation in contests and attackathons. Please note that the details for BBP reports are not shared publicly yet, as permission required for the BBP reports. This list is subject to change as I discover new creative and worthy bugs.
| Contest/BBP/Attackathon | Status | Work Duration | Severity | State | Report | Platform |
| ----------------------- | ------ | ------------- | -------- | ------------ | --------------------------------------------------------------------------------------- | --------------------------------- |
| Fuel Attackathon | PAID | 17-20 days | HIGH | Chief Finder | [Link](https://github.com/0Ksecurity/top_reports/blob/main/Fuel_blockchain_report_1.md) | [Immunefi](https://immunefi.com/) |
| Fuel Attackathon | PAID | 17-20 days | HIGH | Chief Finder | [Link](https://github.com/0Ksecurity/top_reports/blob/main/Fuel_blockchain_report_2.md) | [Immunefi](https://immunefi.com/) |
| ThunderNFT | PAID | 17 days | HIGH | Chief Finder | [Link](https://github.com/0Ksecurity/top_reports/blob/main/thunderNFT_report1.md) | [Immunefi](https://immunefi.com/) |
| ThunderNFT | PAID | 17 days | Medium | Chief Finder | [Link](https://github.com/0Ksecurity/top_reports/blob/main/thunderNFT_report2.md) | [Immunefi](https://immunefi.com/) |
| ALCHEMIX veALCX | PAID | 7-10 days | Medium | Chief Finder | [Link](https://github.com/0Ksecurity/top_reports/blob/main/Alchemix_report_1.md) | [Immunefi](https://immunefi.com/) |
## Attackathon on Immunefi
| attackathon | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
| ---------------- | ------ | ---- | ------------- | ------------------------ | ----------------------------------------------------------------------------------- | --------------------------------- |
| fuel attackathon | PAIDs | 5th | 17-20 days | 3 high, 5 low/insights | [Link](https://github.com/0Ksecurity/report/tree/main/attackathon/Fuel_attackathon) | [Immunefi](https://immunefi.com/) |
## Invite only program (IOP) on Immunefi
| IOP | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
| ---------- | ------ | ---- | ------------- | -------------------------------- | --------------------------------------------------------------------- | --------------------------------- |
| ThunderNFT | PAIDs | 2th | 17 days | 3 high, 2 medium, 3 low/insights | [Link](https://github.com/0Ksecurity/report/tree/main/IOP/ThunderNFT) | [Immunefi](https://immunefi.com/) |
## contest/boost on Immunefi
| Contest/boost | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
| --------------- | ------ | ---- | ------------- | -------------------------- | ------------------------------------------------------------------------------- | --------------------------------- |
| ALCHEMIX veALCX | PAIDs | 15th | 7-10 days | 2 critical, 1 medium, 1low | [Link](https://github.com/0Ksecurity/report/tree/main/contests/Alchemix_veALCX) | [Immunefi](https://immunefi.com/) |
## Bug bounties
| Contest | status | work Duration | Severity | Report | Platform |
| ---------------------- | ------------------------------------ | ------------- | -------- | ---------------------- | --------------------------------- |
| APE coin | PAID | 12 days | Medium | soon | [Immunefi](https://immunefi.com/) |
| waiting for permission | NOT PAID (non-mentioned known issue) | 6 days | Critical | waiting for permission | [Immunefi](https://immunefi.com/) |
| waiting for permission | PAID | 6 days | Low | waiting for approval | [Immunefi](https://immunefi.com/) |
| waiting for permission | PAID | 15 days | Medium | waiting for approval | [Immunefi](https://immunefi.com/) |
| waiting for permission | PAID | 4 days | Low | waiting for approval | [Immunefi](https://immunefi.com/) |
## private audit
I started performing private audits in January 2025 and have since completed two audits with the [Shieldify](https://www.shieldify.org/) team. During these engagements, I worked diligently to identify and address potential vulnerabilities, ensuring the clients codebases were as secure and reliable as possible.
| Private Audit | Required Duration | Client Platform/Website | Vulnerability Discovered | Report |
| ------------------------ | ----------------- | ------------------------------------------- | ------------------------ | ------ |
| guanciale veGuan | 2 days | [link](https://terminal.guanciale.ai/stake) | soon | soon |
| guanciale wheel contract | 3 days | [link](https://terminal.guanciale.ai/stake) | soon | soon |