Cosmos (User Facing)
- IBC-Anywhere
- Interchain Spaces Archive
Cosmos (Validators / Relayer)
- Governance Notifications
- Balance Notifications
- Validator Stats Notifications
- RPC & REST Node Cache
Cosmos (General)
- Airdrop Tools & Utils
- Chain Indexer
Juno-Network
- Juno Custom Module UI
- Balance & Staking Exports
- juno-rpc.reece.sh
- juno-api.reece.sh
Juno Testnet (Uni)
- uni-rpc.reece.sh
- uni-api.reece.sh
Secret-Network
- Stashh Notifications
[reece@arch ~/Skills] $ ls -l 22 - GoLang Juno Network (Cosmos) 22 - Typescript REST APIs 22 - Rust, CosmWasm (Marketplace) 22 - Docker w/ Akash 21 - Cosmos SDK Integration 21 - ABET B.S IT (3mo 4.0) 20 - A.S General IT (2yr 3.66) 19 - MongoDB & Redis 17 - Java 16 - Bash 16 - Linux System Admin 14 - Python [reece@arch ~/Skills] $ █
In Q1 2023,
Q1 '23: I identified a Security issue in the cosmwasm/wasmd blockchain repo, allowing bad actors to halt the chain of any cosmwasm network.
If funds are removed from the distribution module without their special message, the chain's state machine throws an invariance if checked.
CosmWasm failed to properly check if its governance instantiate & execute functions deny funds movement from this account,
allowing attackers to submit valid proposals to move funds to their contract and use x/crisis module to halt the network after taking funds.
This issue was patched in the Juno Network v12.0.0 mainnet upgrade, with other chains using my patch shortly following.
Major Contributions
- v12 Mainnet Security Upgrade
- v13 Developer Gas x/FeeShare
- v13 x/TokenFactory
- CW20->TokenFactory CosmWasm Middleware
- Validator Coordination & Scripting
- CW20->Auto nightly exports
- Cached Node Infrastructure & Software
In 2020 I decided to participate in Robinhood's Bug Bounty program.
After learning how a clearing house works, I decided to come up with possible ways to break
it for user benefit. With Robinhoods addition of Fractional shares trading, I was able to
exploit their fractional rounding
which lead to 33-66% discounts on all public stocks through their web platform.
With this, I was awarded for finding the bug. I also purchased their premium
membership to ensure no funds were lost for their shareholders.