Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/carlosalegreur/audits-by-carlosalegreur
Here is a summary and navigation hub to all the audits I've conducted and I'm allowed to show.
https://github.com/carlosalegreur/audits-by-carlosalegreur
audit auditor audits blockchain-security evm solidity web3
Last synced: about 1 month ago
JSON representation
Here is a summary and navigation hub to all the audits I've conducted and I'm allowed to show.
- Host: GitHub
- URL: https://github.com/carlosalegreur/audits-by-carlosalegreur
- Owner: CarlosAlegreUr
- License: mit
- Created: 2023-07-25T18:51:09.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-11-02T14:04:02.000Z (about 2 months ago)
- Last Synced: 2024-11-02T14:18:31.540Z (about 2 months ago)
- Topics: audit, auditor, audits, blockchain-security, evm, solidity, web3
- Homepage:
- Size: 465 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# [General Stats π](#general-stats) - [Rankings π](#rankings)
# [Audits List π](#audits-list) - [Interesting Findings π΅οΈ](#interesting-findings)
# General Stats π
| `Total Audits` π‘οΈ | `Findings' Value` πΈ | `Time Spent π (at 02/11/2024)` |
| ---------------- | ------------------- | ------------------------------ |
| **_`21`_** | **_`6747.51$`_** | **_`822.18h`_** |
| _High Risk_ π
| _Medium Risk_ π₯ | _Low Risk_ π₯ |
| ------------- | --------------- | ------------ |
| 15 | 16 | 28 |
##### `Detailed time spent stats π`
ππ
At **02/11/2024**:
| `Contests` | `Private` | `Bug Bounty` | `Practice` | **`Total`** |
| ---------- | --------- | ------------ | ---------- | -------------- |
| 765.68 | 0 | 0 | 56.5 | **`822.18 h`** |
> π **Note** βΉοΈ: Practice means audits I expected no rewards from due to not fully conducting them. I just spent time on them to learn and get exposed to more codebases.
# Rankings π
| `code4arena` | `codeHawks` | `sherlock` | `solodit` | `cantina` |
| ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| 
| 
| 
| 
| 
|
| **`TOP ~13%`** registered wardens (08/05/2024) | **`TOP 100`** auditors **`NΒΊ98`** (06/03/2024) | **`Top ~10%`** Leaderboard (08/05/2024) | **`TOP 100`** auditors **`NΒΊ58`** (27/05/2024) | **`NΒΊ 283 out of 516`** auditors' leaderboard (02/11/2024) |
| [See profile](https://code4rena.com/@carlos__alegre) | [See profile](https://www.codehawks.com/profile/clk3wmzul0008l808andx29ul) | [See profile](https://audits.sherlock.xyz/watson/charles__cheerful) | [See profile](https://solodit.xyz/user/charles__cheerful) | [See profile](https://cantina.xyz/u/charlesCheerful) |
# Audits List π
See detailed info πποΈ
**Specific findings and details** of each audit in the `go to report` link.
##### `Keys ποΈ`
ποΈ
- π§ββοΈ => **being judged**
- π΅ => **rewards are known**
- π€ => **contest where I disagree with some judgements**
- π§ => **found nothing valid but gained knowledge**
- 0οΈβ£ => **no-one found valid, rewardable findings**
- π§βπ€βπ§ => **audited in a team, (XXX$) -> total rewards of the team**
- π => **not allowed to share finding details**
- π΅ => **I coudn't put much effort in the audit**
(from **most recent** to **oldest**)
| _State_ | _Topic_ | _$ / H / M / L / G / QA_ | _Audit Reports_ | _Date_ |
| -------------- | ---------------------------------------------------------------------------------------------------- | -------------------------------- | ---------------------------------------------------------------------- | ----------------------------------- |
| π§ββοΈ | ***Sablier Flow***: P2P debt tracking and settling | **`$0/0/0/0/0/0`** | [go to report](./reports/2024-10-sablierFlow/) | 25/October/2024 - 01/November/2024 |
| π§ββοΈπ§βπ€βπ§ | ***Stake Link***: LINK staking v0.2 | **`$0/0/0/0/0/0`** | [go to report](./reports/2024-09-stakelink/) | 30/September/2024 - 17/October/2024 |
| π§ββοΈ | ***Uniswap v4***: ERC20's AMM DEX | **`$0/0/0/0/0/0`** | [go to report](./reports/2024-09-uniswapv4/) | 06/September/2024 - 01/October/2024 |
| π΅π§βπ€βπ§ | ***Zeta-Chain***: universal hub chain | **`$388.38/1/3/4/0/0`** | [go to report](./reports/2024-08-zetta-chain/) | 19/August/2024 - 04/September/2024 |
| π΅ | ***Winnables-Raffles***: raffles using Chainlink VRF and CCIP | **`$35.98/2/2/0/0/0`** | [go to report](./reports/2024-08-winnables-raffles/) | 16/August/2024 - 20/August/2024 |
| π΅ | ***Tadle***: marketplace of pre-sale tokens | **`$489/7/2/4/0/0`** | [go to report](./reports/2024-08-tadle/) | 05/August/2024 - 12/August/2024 |
| π§ π΅π€ | ***TempleGold***: stock for farming rewards from TempleDAO | **`$0/0/0/0/0/0`** | [go to report](./reports/2024-07-templegold/) | 04/July/2024 - 11/July/2024 |
| π΅π§βπ€βπ§ | ***Size***: loans order book | **`$78.97/2/2/0/0/0`** | [go to report](./reports/2024-06-size/) | 10/June/2024 - 2/July/2024 |
| π΅π€ | ***Midas***: tokenization of U.S. TBills | **`$69.66/0/1/1/0/0`** | [go to report](./reports/2024-05-midas/) | 28/May/2024 - 31/May/2024 |
| π§βπ€βπ§π§ | ***Sablier***: generalized streaming tokens solution | **`$0/0/0/0/0/0`** | [go to report](./reports/2024-05-Sablier/) | 10/May/2024 - 31/May/2024 |
| π§βπ€βπ§π΅ | ***Panoptic***: options trading over UniV3 liquidity ranges | **`$0(8,126.32$)/0/0/0/0/0`** | [go to report](./reports/2024-04-panoptic/) | 1/April/2024 - 22/April/2024 |
| π§βπ€βπ§0οΈβ£π΅ | ***vVv Vesting & Staking***: eth baesd staking and vesting of vVv token sPMM | **`$515.82($515.82)/0/0/2/0/0`** | [go to report](./reports/2024-03-vvv-vesting-staking) | 25/March/2024 - 28/March/2024 |
| ππ΅ | ***WOOFi Swap***: the cross-chain exchange of WOOFi, using their sPMM | **`$3992.17/0/3/3/0/0`** | [go to report](./reports/2024-03-woofi-swap) | 12/March/2024 - 20/March/2024 |
| π§ 0οΈβ£ | ***Avail Bridge***: bridge ETH<->AVAIL, a modular blockchain | **`$0/0/0/0/0/0`** | [go to report](./reports/2023-12-avail) | 19/January/2024 - 22/January/2024 |
| π΅ | ***The Standard***: 2 stablecoins backed by assets to borrow assets | **`$340.13/1/0/1/0/0`** | [go to report](./reports/2023-12-the-standard) | 27/December/2023 - 10/January/2024 |
| π΅π | ***Chainlink Staking v0.2***: staking feature to strengthen reliability by offering extra incentives | **`$367.34/0/0/9/0/5`** | [go to report](./reports/2023-08-chainlink) | 25/August/2023 - 12/September/2023 |
| π΅ | ***Sparkn***: Marketplace for problem solving deals | **`$19.88/0/0/1/0/0`** | [go to report](./reports/2023-08-sparkn) | 21/August/2023 - 23/August/2023 |
| π΅ | ***veRWA***: Voting-escrow incentivization model & Rewards Distribution | **`$9.82/0/0/1/0/4`** | [go to report](./reports/2023-08-verwa) | 07/August/2023 - 10/August/2023 |
| π΅ | Stablecoin Pegged to $ | **`$1.32/0/0/1/0/1`** | [go to report](./reports/2023-07-foundry-defi-stablecoin) | 29/July/2023 - 31/July/2023 |
| π΅ | ***Beedle***: ERC20 Perpetual Lending Oracle-Free | **`$166.05/2/3/0/2/5`** | [go to report](./reports/2023-07-beedle) | 25/July/2023 - 29/July/2023 |
| π§ | Escrow Contract | **`$0/0/0/0/0/0`** | [go to report](./reports/2023-07-escrow) | 23/July/2023 - 25/July/2023 |
| Practice Audit | Stablecoin Pegged to $ | **`0/0/0/0/0/0`** | [go to report](https://github.com/CarlosAlegreUr/AuditExamplePractice) | 16/July/2023 - 22/July/2023 |
- π -> Best contest so far
- ![]()
just image filler for the markdown table
| | | | | |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ![]()
| ![]()
| ![]()
| ![]()
| 
|
| 
| 
| 
| 
| 
|
| 
| 
| 
| 
| 
|
| 
| 
βοΈπ | 
| 
| 
|
| 
| 
| 
| 
| 
|
# Interesting Findings π΅οΈ
### π¦ Unique && π΄ semi-Unique
See them ποΈπ¦π΄
- [π¦π‘ Medium - User pays extra fees, Sherlok Long Successful Escalation](https://github.com/sherlock-audit/2024-03-woofi-swap-judging/issues/95)
- [π¦π΅ Low- A low worth 340.12$!](./reports/2023-12-the-standard/VulnerabilitiesReport/Low2-MakeConsolidatePublic-CarlosAlegreUr.md)
- [π΄π‘ Medium - User receives less than mintTo limit, Sherlok Successful escalation](https://github.com/sherlock-audit/2024-03-woofi-swap-judging/issues/97)
### π€ Controversial
See them ποΈπ€
- Controversy in `Midas` contest, [see here](./reports/2024-05-midas/controversy.md).
- Controversy in `TempleGold` contest, [see here](./reports/2024-07-templegold/controversy.md).
### Miscellaneous π¨
See them ποΈπ¨
- [β« Critical- My first critical, DOS cause of array size](./reports/2023-12-the-standard/VulnerabilitiesReport/Critical1-ArraysExceedGasLimit-CarlosAlegreUr.md)
- [π΄ High- My first High, Decimals not handled properly](./reports/2023-07-beedle/Vulnerabilities-Reports/High1-Decimals-CarlosAlegreUr.md)
- [βͺ Chainlink QA+LowRisk report grade A. I was proud of getting grade A on a famous bussines's code in my firsts audits. (Not allowed to show the results, you can see it's true in my code4arena profile)](https://code4rena.com/@carlos__alegre)
- [π΅ Low- Low-level .call emits incorrect event. I was proud of realizing this, it was tricky for me at that time.](./reports/2023-08-sparkn/Low2-EventCanBeEmittedIncorrectly-CarlosAlegreUr.md)
### π©· Pretty
See them ποΈπ©·
- [βͺπ΅ QA-Low- Report Grade A for code4arena](./reports/2023-08-verwa/QALowRisk-Report-veRWA-CarlosAlegreUr.md)
- [β½ Gas- Compiler Flag Usage (looks pretty)](./reports/2023-07-beedle/Gas-Reports/Gas1-CompilerFlag-CarlosAlegreUr.md)
- [βͺ QA- Refactor of the codebase (chosen for report in codeHawks)](./reports/2023-07-beedle/QA-Reports/QA2-Refactor-CarlosAlegreUr.md)
## Practice Audits π
> π **Note** βΉοΈ: Audits I expected no rewards from due to not fully conducting them. I just spent time on them to learn and get exposed to more codebases.
| | | |
| ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 
zk-sync Era
| 
Arcadia V2
| 
Acala
|