Experience
Content Researcher · Dreamhack (Theori)
ReservedContents & Challenges Create · ETC
Security Researcher · RedAlert (NSHC)
CurrentWeb2 & Mobile Research · Real-world services · Responsible disclosure
Pentester · ██ ████████
FormerPenetration testing for the bank
Activity
Web3.0 Auditor
PauseMainly audit EVM and CVM as a hobby
CTF Player, No team
Apr, 2020 - PresentParticipate alone often, these days, only participate in Web3.0
Dreamhack Challenge Author
URLParserCon
- There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
- Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
- Earned $4,170 through this project
Bug Bounty/Audit Contests
Web3 Audit Contests, Code4rena, Sherlock, ETC
PauseWeb2 Bug Bounty, In the world ($18,613)
Sep, 2021 - Present- CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117,CVE-2023-6013, CVE-2024-57711, CVE-2025-62713, CVE-2025-66509 (NN+/$15513.5)
- NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292, NBB-2025-0162 ($1,050)
- KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464 (1,600)
- Leak all write ups via IDOR in dreamhack.io ($500)
- Just XSS Sanitizer flaw - VULN-064235
- 0-Day, Copy and Paste ReDos in github.com
- 4 XSS in Rakuten, [1], [2], [3], [4]
- Remote Code Execution in NASA (0-Day Exploit)