Skip to content
View loopghost's full-sized avatar

Block or report loopghost

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
loopghost/README.md

Portfolio

Data Science + Business student doing AI-driven Web3 security research. I run autonomous auditing pipelines. Focus: zero-knowledge circuits, L1 consensus clients, and smart contracts.

Selected disclosures

Every entry is publicly verifiable: each links to a merged fix, a published advisory, or a writeup. Dates are the fix-merge or publication month.

Date Project Severity Vulnerability Reference
2026-06 Payy Network Critical ZK circuit soundness: forged burn messages drain rollup USDC CVE-2026-48100
2026-04 Ripple rippled Medium Invariant flag overwrite (= vs |=): violations silently committed PR #6609
2026-04 Trezor Critical Solana ALT-backed recipient spoofed on the signing screen: SOL and SPL theft advisory
2026-04 Trezor Critical Solana account-type misclassification hides a CPI token drain in the blind-signing view advisory
2026-03 Celestia Critical x/forwarding collateral-token poisoning: permissionless TIA theft PR #6906
2026-03 Celestia Critical x/forwarding synthetic-slot poisoning: permanent TIA lock PR #6906
2026-03 Polkadot SDK Critical XCM fees register not restored on rollback: permissionless asset duplication PR #11320
2026-03 Ripple xrpl-py Critical SField registry corruption: binary-codec crash and silent tx corruption PR #918
2026-02 f(x) Protocol Critical FxUSD wrapFrom unbacked mint after pool liquidation commit
2026-02 Zircuit Critical zkVM l1_blocks witness bypass: stale system-config in proven roots writeup
2026-02 Chainflip Critical AMM U256 overflow in on_finalize: consensus halt, ~$24M TVL frozen commit

Additional findings remain under private disclosure or embargo and are added here as fixes ship.

Research areas

  • Zero-knowledge proof systems: Noir, Halo2, circuit soundness
  • L1 and consensus clients (Go, Rust, Scala): consensus halts, pre-auth DoS, runtime panics, state-machine safety
  • EVM and non-EVM smart contracts: DeFi accounting, bridges, codec and invariant correctness
  • Hardware wallet signing-path integrity: transaction-display (WYSIWYS) and blind-signing bugs

Profiles

Popular repositories Loading

  1. loopghost loopghost Public

    Security research profile