Reece

Software Engineer, System Admin, Security, & Blockchain

My Open-Source Work Log

Cosmos (User Facing) - Interchain Spaces Archive
Cosmos (Validators / Relayer) - Governance Notifications - Balance Notifications - Validator Stats Notifications - RPC & REST Node Cache
Cosmos (General) - Local Interchain - Airdrop Tools & Utils - Chain Indexer
Juno-Network - juno-rpc.reece.sh - juno-api.reece.sh
Juno Testnet (Uni) - uni-rpc.reece.sh - uni-api.reece.sh
Secret-Network - Stashh Notifications
Stargaze - stargaze-rpc.reece.sh - stargaze-api.reece.sh

[reece@arch ~/Skills] $ ls -l 22 - GoLang Juno Network (Cosmos) 22 - Typescript REST APIs 22 - Rust, CosmWasm (Marketplace) 22 - Docker w/ Akash 21 - Cosmos SDK Integration 21 - ABET B.S IT (3mo 4.0) 20 - A.S General IT (2yr 3.66) 19 - MongoDB & Redis 17 - Java 16 - Bash 16 - Linux System Admin 14 - Python [reece@arch ~/Skills] $





Why I started doing games

Note: view github for latest :)




PigeonFall

(( PFM Halt Exploit - High Severity ))

On Wednesday October 11th, 2023, I found a high-severity vulnerability affecting affecting the packet-forward-middleware v7.0.0 release
I found, migrated, and distributed the patch, with the help of other Strangelove Employees, to 6 networks within just 24 hours of discovery. Our swift actions allowed for no networks to be exploited accidentally or maliciously by any actors.



CosmWasm 0-day & patch

(( CosmWasm Halt Exploit - Medium Severity ))

In Q1 2023, I identified a Security issue in the cosmwasm/wasmd blockchain repo, allowing bad actors to halt the chain of any cosmwasm network.

If funds are removed from the distribution module without their special message, the chain's state machine throws an invariance if checked. CosmWasm failed to properly check if its governance instantiate & execute functions deny funds movement from this account, allowing attackers to submit valid proposals to move funds to their contract and use x/crisis module to halt the network after taking funds.

This issue was patched in the Juno Network v12.0.0 mainnet upgrade, with other chains using my patch shortly following.






My Playlist

Cosmos Bytes

"Byte" sized content teaching developers the Cosmos-SDK internals & interactions

Interviews