Samczsun
(Redirected from Sam Sun)
Bio
- Aka Sam Sun
- A prominent crypto white-hacker.
- Has worked with Alexander Wade multiple times (24-9-2020).
Employer and funding
- Trail of Bits; will become (13-4-2020) part of their team.
- Got $20,335 in total from Gitcoin Grants round 5.
- Works for Paradigm's A+ team according to Messari (12-2020).
Bugs found
- He has found bugs and disclosed them for 0x (check this interview to find out how, spoiler, by checking Etherscan), Curve, ENS, Kyber, Cheeze Wizards, Livepeer, Authereum, and others.
- Found out about the Flash Loan hacks (17-2-2020) of Fulcrum months before (30-9-2019).
- Found (25-2-2020) bugs in Nexus Mutual.
- Found (26-3-2020) a bug in Synthetix mainnet code;
"There is an old saying in DeFi; If samczsun hasn't found a bug in your code are you even on mainnet?"
- Found (30-3-2020) a bug in Aragon Court.
- Found (23-6-2020) Atomic Loans vulnerabilities, loans essentially disabled until v2.
- Found (10-8-2020) a bug in the initial release of yEarn’s yVault where an attacker could “man in the middle” the swaps.
- Found a xSNX bug (21-8-2020).
- Found a bug in the Incognito Network (30-9-2020).
- From Week in Ethereum (29-3-2021)
"Samczsun and Tina Zhen save $4.5m from an ElasticDAO unguarded transfer function."
- Samczsun found a tokenlon vulnerability (4-5-2021).
- Found three bugs in Geth (27-5-2021).
- From Week in Ethereum (28-8-2021):
"SushiSwap paid $1 million bounty to samczsun for Miso vulnerability disclosure where $350 million was at risk and assistance with mitigation"
- From Week in Ethereum (18-12-2021):
"Gelato G-UNI Router vulnerability, $26 million secured with no funds lost, alerted by samczsun, revoke approvals given to vulnerable contract."
Whitehack
- Saved the last crypto during a hack on Opyn (6-8-2020).
- Lien Finance. From Decrypt (25-9-2020):
"He discovered what later turned out to be a part of Lien Finance’s protocol: a smart contract that contained over 25,000 ETH. Since Lien Finance’s team was anonymous, the whitehat went through a bunch of potential connections to anyone involved. Alexander Wade, a security researcher at ConsenSys—one of the two companies that audited the smart contract and Ethereum security specialist Scott Bigelow soon joined the rescue operation. With the help of blockchain researcher Tina Zhen, the team added members of both CertiK—the second company that audited the smart contract—and Ethereum mining pool SparkPool to the rescue effort, as well as finally reaching out to Lien Finance."