Rappie is the CTO and Lead Fuzzing Specialist at Perimeter, an Associate Security Researcher at Spearbit, and active in Bug Bounty on Immunefi.
As a security researcher, he specializes in fuzzing EVM-based smart contracts.
Beyond his professional roles, Rappie is an active member of the fuzzing community, contributing to its growth through various initiatives, including maintaining a List of Public Fuzzing Campaigns.
Rappie found some extremely subtle behaviors in our code that many others missed. He not only uses the cutting edge of multiple fuzzing engines, but also helps shape how these fuzzers are built. We've been delighted to use his mastery to make our contracts more secure.
Rappie went above and beyond to deeply understand our protocol and cover all the edge cases. His experience and knowledge about the art of fuzzing is unparalleled. Overall he is an incredible security expert, we certainly will be returning to him with our future smart contracts.
| Protocol | Engagement Type | Completed | Report | Code |
|---|---|---|---|---|
| Berachain | Fuzzing Specialist during Spearbit Security Review | 2024-08 | ||
| Private | Fuzzing Specialist during Spearbit Security Review | 2024-05 | ||
| Origin Protocol | Perimeter Fuzzing Engagement | 2024-05 | Report | Code |
| Private | Perimeter Fuzzing Engagement | 2024-04 | ||
| Private | Fuzzing Specialist during Spearbit Security Review | 2024-03 | ||
| Drips Network | Perimeter Fuzzing Engagement | 2024-01 | Code |
|
| Drips Network | Fuzzing Specialist during Spearbit Security Review | 2023-11 | Report | |
| Private | Perimeter Fuzzing Engagement | 2023-11 | ||
| Origin Protocol | Fuzzing Engagement | 2023-09 | Code | |
| Origin Protocol | Fuzzing & Audit | 2023-03 | Report |
| Description | Severity |
Report | Platform | Protocol |
|---|---|---|---|---|
Incorrect argument passed to Utils.characterToUnicodeBytes in Namespace.fuse |
High | Report | Code4rena | Canto Identity |
Calling OUSD.burn() on an address with zero balance causes the totalSupply to go down |
Low | Report | Immunefi | Origin Protocol |
Vault.redeem() fails with only non-rebasing credits in the protocol |
Low | Report | Immunefi | Origin Protocol |
| Total supply can become larger than max supply | Low | Report | Immunefi | Origin Protocol |
LiquidityTree.push() does not always update state correctly |
Low | Report | Immunefi | Azuro |
OUSD.burn() allows for destroying supply while balance remains |
Low | Report | Immunefi | Origin Protocol |
| Project | Link |
|---|---|
| Maintaining a List of Public Fuzzing Campaigns | Link |
| Reproduction of the Rari Finance hack using on-chain fuzzing with Echidna | Link |
| Reproduction of the Curve Reentrancy hacks using on-chain fuzzing with Echidna | Link |
| Author of Echidna Exercise: Solve Damn Vulnerable DeFi - Side Entrance | Exercise, PR |
Don't hesitate to contact me with questions, discussions, or business requests.
- X: rappie_eth
- Discord:
rappie - Telegram:
@rappenstein - Cantina: Rappie