Skip to content
View rotcivegaf's full-sized avatar
53 followers · 27 following

Achievements

Achievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx3

Achievements

Achievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Arctic Code Vault ContributorAchievement: Pull Sharkx3

Block or report rotcivegaf

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 250 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
rotcivegaf/README.md

Solidity auditor and developer

Profiles

Security Review Audits

Date From Date To Company Repository Report
2025/07/01 2025/07/29 vaquita.fi vaquita-lisk πŸ“„

--- WORK IN PROGRESS ---

Bug bounty program reports

Date Company Protocol Severity Report Tittle
2024/01/04 Immunefi TruFin Medium πŸ“„ DoS attack on the function compoundRewards
2023/08/02 Immunefi Request Network Medium πŸ“„ Always passing 0 as the value of the _chainlinkMaxRateTimespan parameter of swapTransferWithReference and use deprecated chainlink functions
2023/07/31 Immunefi Request Network Critical πŸ“„ burn(uint256,uint256) function should be have onlyOwner modifier
2024/07/18 Immunefi Xterio Critical πŸ“„ DUP Reentrancy attack on buyKeys function
2023/06/09 Immunefi Stack It Critical πŸ“„ Transaction sandwich attack on _swapTokenForEther function
2023/08/23 Immunefi YoCash Critical πŸ“„ DUP Stuck funds in contract Bankroll and all contracts inherited from contract Common
2023/02/02 Immunefi Thena Low πŸ“„ DUP Can manipulate the mappings rewardRate, periodFinish and the function left
2022/12/06 Immunefi Thena Low πŸ“„ An attacker can reduce to minimum the distribution rewards

--- WORK IN PROGRESS ---

PoC of on-chain exploits:

Protocol Stolen(USD) Stolen The attacker use PoC
Penpiexyz_io ~$27.35M USD 11,113.6 ETH Reentrancy-Reward Manipulation Penpiexyzio_exp.sol
OnyxDAO >$3.8M USD 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT Flash loan-price manipulation-fake market OnyxDAO_exp
Bedrock_DeFi ~$1.7M USD 27.84 BTC Swap ETH/BTC 1/1 in mint function Bedrock_DeFi_exp
P719Token ~$312K USD 547.18 BNB Flash loans-price manipulation P719Token_exp
LavaLending ~$130K USD 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH 5 Flash loans-price manipulation LavaLending_exp
FIREToken ~$20K USD 8.45 ETH A flash loan-pair manipulation with the _transfer FireToken_exp
AIZPTToken ~$20K USD 34.88 BNB Flash loans-wrong price calculation AIZPTToken_exp

--- WORK IN PROGRESS ---

Developments and Hackathons

Hackathons

Date Hackathon Project Repository Awards
2025/08/09 CodeNYC MafiaCaster MafiaCaster 2nd place on Base Mini App + CDP

--- WORK IN PROGRESS ---

Pinned Loading

  1. rcnfinance/rcn-network rcnfinance/rcn-network Public

    RCN​ is a global p2p lending protocol based on smart contracts and blockchain technology

    JavaScript 99 43

  2. oracle-rate-provider oracle-rate-provider Public

    JavaScript 4

  3. solidity-coverage solidity-coverage Public

    Forked from sc-forks/solidity-coverage

    Code coverage for Solidity smart-contracts

    JavaScript 4 4

  4. rcnfinance/ramp-contracts rcnfinance/ramp-contracts Public

    Ramps allow lend and pay to be made with any ERC-20 token while the protocol receiving RCN their token.

    Solidity 2 3

  5. mooniswap_orders mooniswap_orders Public

    JavaScript 3 1