{"uuid": "d282c584-a1a1-4d8a-a306-494f61138925", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4722", "type": "seen", "source": "https://gist.github.com/Raiders0786/13386ce9b5d01281a91b90d60e1225b3", "content": "# Security Audit Profile \u2014 Raiders0786\n\nGMT+5:30, India\nEmail: chiragkcv2020@gmail.com\n\n**Public CVEs:** CVE-2022-4722, CVE-2023-3067\n\n**Public Good Projects:**\n- https://digibastion.com\n- https://web3sec.news\n\n## 1. Portfolio, Languages, and Protocol Experience\n\n- GitHub Security Portfolio: https://github.com/Raiders0786/Raiders0786/blob/main/SECURITY-PORTFOLIO.md\n- X / Research Updates: https://x.com/__Raiders\n- Telegram: https://t.me/raiders0786\n\nMost Web2 security work stays private (NDAs / internal company policy). Many companies don't publish pentest reports publicly \u2014 work is handled internally or via platforms like Synack.\n\nWas part of the **Synack Red Team** (invite-only vetted researcher community, private client infra tested through a controlled VPN). Reports are generated on-platform; IP is owned by Synack + client, so they can't be shared publicly. More on the model: https://www.synack.com/why-synack/\n\nRedacted versions of past private audit reports (screenshots/PDFs attached separately, not inline here):\n- https://drive.google.com/file/d/1GW18fVNiCXGmETISFO88nbDL4FehsQCF/view?usp=sharing\n- https://drive.google.com/file/d/1eWqEZA8N_zgNvfxnTJcOXKC7wWklO8A5/view?usp=sharing\n- https://drive.google.com/file/d/16RCokoE8Yt-svPrz5OvE0RXTG_ky1R-2/view?usp=sharing\n- https://drive.google.com/file/d/1ENOvFNqw4tboNObCmVcGWA5kc7R1dU21/view?usp=sharing\n\n## 2. Public Audit Reports\n\n- **MetaMask Connect** (offchain library) \u2014 with Cyfrin: https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2026-03-05-cyfrin-metamask-connect-v2.0.pdf\n- **Predict.fun** Chainlink CRE Integration \u2014 with Cyfrin: https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2026-04-25-cyfrin-predict-cre-integration-v2.1.pdf\n- **Omen.trade** \u2014 decentralized perps/options platform on a Rust matching engine. Full off-chain + on-chain audit (web, backend, mobile app, admin dashboard): https://sherlock-files.ams3.digitaloceanspaces.com/reports/2026.07.02%20-%20Final%20-%20Omen.trade%20Collaborative%20Audit%20Report%201782995574.pdf\n\n## 3. Projects Worked With\n\nMetaMask \u00b7 LayerZero \u00b7 Omen Perps \u00b7 Predict.fun \u00b7 Nocturnal \u00b7 BNBShare.fun \u00b7 Fractalized \u00b7 Aztec Network \u00b7 Libre Capital (now kaio.xyz) \u00b7 ZyfAI \u00b7 Biconomy \u00b7 Astaria \u00b7 Ethos Reserve \u00b7 1inch \u2014 and more.\n\n## 4. Public Work &amp; Contributions\n\n- Admin and Creator of **OSWAR**: https://oswar.org\n- Author \u2014 *Domain &amp; DNS Security Framework* (SEAL Alliance): https://frameworks.securityalliance.dev/infrastructure/domain-and-dns-security\n- EthSecurity DAO Badge Holder: https://x.com/__Raiders/status/2043883600152801651\n- SEAL announcement: https://x.com/_SEAL_Org/status/2021222150057693478\n- Ethereum ecosystem operational security project (grant supported): https://x.com/__Raiders/status/1952779461331460240\n- Octant Grant \u2014 Top 30 Ethereum Security Content Creators (~$10k): https://x.com/__Raiders/status/1981273644707029437\n\n**Featured in BlockThreat Newsletter:**\n- https://blockthreat.com/blockthreat-week-46-2025/#:~:text=How%20Multi%2DAgent%20AI%20Is%20Catching%20the%2080%25%20of%20Hacks%20That%20Audits%20Miss\n- https://blockthreat.com/blockthreat-week-24-2025/#:~:text=The%20Need%20for%20Robust%20Web3%20Pentesting%20and%20Supply%20Chain%20Security\n- https://blockthreat.com/blockthreat-week-27-2025/#:~:text=The%20Need%20for%20Robust%20Web3%20Pentesting%20and%20Supply%20Chain%20Security\n- https://blockthreat.com/blockthreat-week-36-2025/#:~:text=DNS%20Security%20in%20Web3%3A%20Attacks%20%26%20Monitoring%20Setup\n\n**MITRE ATT&amp;CK-style Supply Chain Research:**\n- https://aadapt.mitre.org/techniques/ADT1195/\n- https://aadapt.mitre.org/techniques/ADT1195.001\n\n**Public CVEs Discovered:**\n- Windows Thick Client Application: https://huntr.com/bounties/4772ceb7-1594-414d-9b20-5b82029da7b6\n- Backup Management Software Web Interface: https://huntr.com/bounties/c62126dc-d9a6-4d3e-988d-967031876c58\n\n**Articles &amp; Disclosed Findings:** https://medium.com/@chirag-agrawal\n**Example Pre-Audit Report:** https://hackmd.io/vwz7F9B_T32xFbIiIpNr8A\n\nAlso conducted audits/security reviews with **Cyfrin, Sherlock, Adevarlabs, BailSec, Failsafe**, plus several private protocol engagements.\n\n- **18+** independent full-stack security audits completed\n- Past growth/technical-writing clients: Certora, Guardrail.ai, Cyvers, Spearbit/Cantina, Credshields, Sayfer, Cyfrin, GetRecon, All Things Fuzzy\n- Example collaboration with Cyfrin for a large TradFi crypto company: https://x.com/__Raiders/status/1968997526050066827\n\n## 5. Languages &amp; Technologies\n\nWeb2 and Web3 stacks.\n\n- **Languages/Frameworks:** TypeScript, JavaScript, Angular, Django, React.js / Next.js, Svelte, Rust, Go, Python, Solidity, Cairo, Move\n- **Mobile Security:** React Native, Swift, Kotlin, Dart\n- **Cloud &amp; Infra:** AWS (AWS Certified Security Specialty), Google Cloud security assessments, CI/CD &amp; supply chain security\n- **AI Security:** LLM Security\n\n## 6. Certifications\n\n- Certified LLM Security Professional: https://courses.redteamleaders.com/exam-completion/22d59a6278d33cfe\n- Certified in DevSecOps\n- Certified Blockchain Practitioner\n- Certified AppSec Practitioner\n- AWS Cloud Security Practitioner\n- Certified Blockchain Developer\n\n## 7. Types of Protocols &amp; Systems Audited\n\nWeb2 infra + Web3 protocol stacks: yield aggregators, perps &amp; prediction markets, trading platforms/financial infra, oracle-integrated systems, TradFi-integrated crypto platforms, cryptography-heavy applications, zero-knowledge systems, custody/wallet infra, backend systems supporting blockchain protocols, supply chain &amp; dependency security for Web3 projects.\n\nFull-stack reviews covering: backend logic, infra/cloud config, frontend security &amp; wallet integrations, API/auth flows, domain/DNS infra security, threat modeling &amp; risk assessment, supply chain &amp; third-party risk exposure.\n\n## 8. Web2 / Web3 Security Background\n\nStarted in Web2 security mid-2018, primarily bug bounty + private pentesting.\n\n- Reported multiple vulnerabilities across private and public programs\n- Led security efforts for a Series C tech company in Bangalore for ~4 years\n- Conducted infrastructure, application, and cloud security reviews\n- Worked with vetted pentesting communities like Synack Red Team\n\nStarted in Web3 security late 2022. Since then:\n- Participated in competitive audit contests (Code4rena)\n- Won Secureum Race 14\n- Worked on private protocol audits and backend security reviews\n- Conducted security assessments with firms like Cyfrin, Sherlock, Guardian Audits, and Failsafe\n\nAlso performed rapid-response security reviews for projects under active incidents \u2014 e.g. helped secure a BNB ecosystem launchpad/fee-sharing project that had suffered two prior hacks. After ~7 days of continuous review, patching, and mitigation, the project stabilized with no further compromises and later scaled to a top-3 position in its category in early 2026.\n\nFlexible depending on project requirements and long-term collaboration potential.\n\n## 9. Audit Pace\n\nVaries by complexity:\n- Simple / moderate logic: ~1000\u20131500 LOC/day\n- Complex logic (cryptography, financial systems, ZK, etc.): ~500\u2013800 LOC/day\n\nTypically ~8 focused hours/day; during critical launches or tight timelines, often 12+ hours/day.\n\n## 10. Proof / Confidential Materials\n\n*(Screenshots from audits, bug bounties, and private engagement reports \u2014 attach separately as images; not included inline in this gist.)*\n", "creation_timestamp": "2026-07-15T09:44:28.897928Z"}