hey there, I'm tincho 👋
currently security researcher at OpenZeppelin
find me as @tinchoabbate in Twitter and GitHub
📜 Articles
- Argent Vulnerability, collaborating with Alice Henshaw, who originally discovered the vulnerability.
- Backdooring Gnosis Safe Multisig wallets
- A Year of Research at OpenZeppelin
- Libra's Move IR Compiler Vulnerability, collaborating with several people at OpenZeppelin, but special mention to Alejo Salles and Ignacio Bonilla.
- Deep dive into the Minimal Proxy contract
- Exploiting Uniswap: from reentrancy to actual profit
- OpenZeppelin’s online ERC20 verifier: behind the scenes
- Beware of the proxy: learn how to exploit function clashing
📣 Talks, panels
- Secure Development series. Session #1. The Dangers of Token Integration
- Smart contract security: the power of audits @ IdentiHack 2021 (in Spanish)
- DeFi Security Panel @ ETHGlobal June 2021
- White hat panel: DeFi exploits @ ETHGlobal January 2021
- 7 Phases of Smart Contract Hacking @ DEF CON Safe Mode Blockchain Village
- Anatomy of Smart Contract Exploits in the Wild @ Ekoparty 2020 (in Spanish)
- Tactics for the defense of smart contracts in Ethereum @ Blockchain Summit LATAM 2019 (in Spanish)
- Smart contract security @ Ethereum BA Meetup 2019 (in Spanish): the time when the one and only Andreas Antonopoulos warmed up the stage for me
🔍 Public auditing work
This is a non-comprehensive list of public audit reports that I've contributed to. All of these are the result of team efforts of amazing auditors at OpenZeppelin 🦾.
- Augur v2 and additional components
- UMA: Phase 1, Phase 2, Phase 3
- Compound: Open Price Feed, Open Price Feed Uniswap integration, Alpha Governance
- AAVE v1
- Primitive finance
- RNDR Token
- PROPS Token