Mainly audit EVM and CVM as a hobby

Participate alone often, these days, only participate in Web3.0

• easyxss-v3 (XSS, Race Condition?) at Dreamhack#2303
• easyxss-v2 (XSS, SSRF, IDOR, URL Parser Confusing) at Dreamhack#451
• easyxss (XSS, Hostname Bypass) at Dreamhack#273
• Environment Pollution (Prototype Pollution, Strtoupper) at Dreamhack#205

• There are various flaws in many URL parsers. This flaw can lead to SSRF, XSS, and Open Redirect
• Have listed the various URL Parser modules of NPM. Found 0-Day in the parser and reported it.
• Earned $4,170 through this project

• CVE-2021-3815, CVE-2021-3829, CVE-2021-3831 ~ CVE-2022-21649, CVE-2023-1117,CVE-2023-6013, CVE-2024-57711, CVE-2025-62713 (NN+/$15513.5)
• NBB-2081, NBB-2082, NBB-2083, NBB-2153, NBB-2256, NBB-2285, NBB-2286, NBB-2287, NBB-2292, NBB-2025-0162 ($1,000)
• KVE-2021-1229, KVE-2021-1276, KVE-2021-1416, KVE-2021-1417, KVE-2021-1456, KVE-2021-1462, KVE-2021-1464 (1,600)
• Leak all write ups via IDOR in dreamhack.io ($500)
• Just XSS Sanitizer flaw - VULN-064235
• 0-Day, Copy and Paste ReDos in github.com
• 4 XSS in Rakuten, [1], [2], [3], [4]