Available for Security Audits

Seenu Vasan
Web3 Security Researcher

Specialized in smart contract security, vulnerability research, and blockchain auditing. Ranked #236 in First Flights with 930 EXP earned.

View Achievements Get in Touch
First Flights
Rank #236
Total Earned 930.00 EXP

Performance Metrics

#0
Global Rank
0
Total EXP
0
Valid Submissions

Vulnerability Findings

Breakdown of security issues discovered and reported

High
0

Critical vulnerabilities that could lead to significant security breaches

Medium
0

Moderate security issues requiring attention and remediation

Low
0

Minor issues and best practice recommendations

Journey Highlights

First Flights Program

Achieved rank #236 with consistent high-quality submissions

Active Participant

930 EXP Milestone

Accumulated experience through 15 valid security findings

Achievement Unlocked

Multi-Severity Expertise

Demonstrated ability to identify vulnerabilities across all severity levels

Ongoing

Core Competencies

🔐

Smart Contract Auditing

Expert in reviewing Solidity code for vulnerabilities and security flaws

🛡️

Vulnerability Research

Specialized in discovering and documenting security issues in blockchain protocols

Bug Bounty Programs

Active participant in Web3 security competitions and bug bounty platforms

📊

Security Analysis

Comprehensive analysis of DeFi protocols and smart contract systems

Security Audit Portfolio

Detailed breakdown of smart contract audits and vulnerability discoveries

🎄 Snowman Merkle Airdrop

2 High 1 Medium 2 Low
H-1 Typo in MESSAGE_TYPEHASH Breaks All EIP-712 Signature Verifications
H-2 Missing Access Control on mintSnowman() Allows Unlimited NFT Minting
M-1 Merkle Leaf Calculation Uses Current Balance Instead of Snapshot
L-1 Global earnTimer Enables Griefing Attacks and Unfair Token Distribution
L-2 Missing Claim Status Check Allows Multiple Claims Per User

🔄 RebateFi Hook

2 High 1 Medium
H-1 Duplicate Condition Check Preventing Proper ReFi Validation
H-2 _isReFiBuy Returns Incorrect Buy/Sell Direction
M-1 withdrawTokens Uses Unsafe ERC20 Transfer

🔐 Secret Vault on Aptos

2 High 2 Medium 1 Low
H-1 Incorrect Access Control — Hard-Coded Owner Check
H-2 Sensitive Data Exposure — Secrets Stored in Plaintext On-Chain
M-1 Incorrect Access Control — Hard-Coded Owner Check
M-2 Incorrect Resource Access — Vault Always Borrowed from Deployer
L-1 Resource Already Exists — Users Cannot Update Secret

👑 Last Man Standing

2 Medium 1 Low
M-1 No Incentive Given to Previous King Despite Stated Game Rules
M-2 Incorrect Logic in claimThrone Allows Only Current King to Claim
L-1 Integer Division Truncation in Fee Calculation

Let's Work Together

Looking for a security researcher to audit your smart contracts or join your bug bounty program? Let's connect and discuss how I can help secure your Web3 project.

LinkedIn GitHub Reddit