Finding 08: Asymmetric EdDSA Uses Unsalted Commitment
EdDSA commitment uses unsalted SHA-256, enabling rainbow-table-style precomputation against fixed nonce structures.
Read the writeup →Latest research - page 3
38 writeups & notesFinding 07: Missing Signature Verification in Offline ECDSA
Offline-ECDSA path accepts unverified signature shares.
Read the writeup →Finding 06: Unbounded alloca() in generate_basis → Stack Overflow
Unbounded alloca() on attacker-sized range-proof input stack-overflows the verifier.
Finding 05: Integer Overflow in Quadratic ZKP Deserialization
Integer overflow during quadratic-residue ZKP deserialization.
Read the writeup →Finding 04: Fiat-Shamir Challenge Truncates proof.A in MTA Range ZKP
Fiat-Shamir transcript truncation in MtA.
Read the writeup →Finding 03: MTA Batch Ring Pedersen Verification Uses 8-bit Randomness
MtA batch verification uses 8 bits of randomness, allowing forged batches with non-negligible probability.
Read the writeup →Finding 02: Heap Buffer Overflow in Signing Data Destructors
Heap overflow in destructor path.
Read the writeup →Finding 01: Ring Pedersen Accepts Degenerate Parameters (t=1, s=1)
Ring-Pedersen parameter generation accepts degenerate values.
Read the writeup →How I Found Two SSRF Vulnerabilities in a Major Cloud Platform's Image Pipeline
Two SSRFs in the same platform via different code paths (webhook callbacks + image processor). The systemic pattern matters more than either finding.
Read the writeup →Sql Query Optimizer Idor
Cross-project access to SQL optimizer artifacts via predictable object IDs.
Read the writeup →Project Name Enumeration
403 vs 404 oracle on /v1/project/<name> enumerates the entire managed-services customer base.
Email Enumeration Timing
/v1/userauth timing differential distinguishes registered vs unregistered emails.