Web2 Security Advisories
Responsible disclosure of vulnerabilities
| Advisory | Component | Description | Link |
|---|---|---|---|
| CVE-2023-32402 | WebKit EME | An out-of-bounds read issue was addressed with improved input validation | View |
| CVE-2023-32423 | WebKit EME | A buffer overflow issue in WebKit was addressed with improved memory handling | View |
| CVE-2025-31217 | WebKit WebGL | Processing maliciously crafted web content may lead to an unexpected process crash | View |
| CVE-2025-43216 | WebKit WebAudio | A use-after-free issue was addressed with improved memory management | View |
| CVE-2025-43368 | WebKit WebGL | A use-after-free issue was addressed with improved memory management | View |
| CVE-2025-43419 | WebKit ANGLE | A use-after-free issue was addressed with improved memory management | View |
| Issue 435683799 | Chromium ANGLE | Memory corruption in a highly privileged process (GPU) | View |
Presentations
Conference talks and technical presentations
| Title | Year | Description | Link |
|---|---|---|---|
| Supporting Solana Program Analysis in Radare2 | 2025 | Exploring Solana's runtime model, sBPF ISA, and demonstrating new radare2 plug-ins developed for sBPF disassembly and analysis | Watch |
Open Source Contributions
Contributions to security and blockchain tooling projects
| Project | Category | Description | Link |
|---|---|---|---|
| Radare2 sBPF Architecture Support | Solana | Initial sBPF architecture support for Solana's sBPF v0, v1, v2 and v3 including disassembly, and Rust string aggregation capabilities for Solana programs | View |
| r55 | RISC-V ETH | r55 an experimental RISCV Ethereum Execution Environment. | View |
| Aderyn | EVM | Hackathon winner contribution to Cyfrin's Aderyn static analyzer for Solidity. | View |
| Eburger | EVM | Contributions to Eburger, a static analysis tool for Solidity | View |
Papers
Academic and industry research publications
| Title | Year | Description | Link |
|---|---|---|---|
| Uniswap v4 - A Mathematical Primer | 2024 | LVR & IL Hedge Hook for Concentrated Liquidity Providers, Dynamic Fees & Delta-Gamma Neutrality: Power Perpetuals & Lending Protocols | Read |
| Introducing SHELF Loading | 2020 | Novel technique for loading ELF binaries with enhanced anti-forensic capabilities, demonstrating generation of static PIE files with single loadable segments | Read |
| SHELF encounters of the elements kind | 2022 | Exploitation of V8 vulnerability (CVE-2020-6418) to achieve reflective loading of ELF binaries in Chrome, demonstrating deployment of SHELF payloads | Read |