rappie/portfolio

## 关于我 大家好！我是Rappie，Perimeter的CTO和首席模糊测试专家，Spearbit的副安全研究员，并在Immunefi上积极参与漏洞赏金。我专注于各种系统的模糊测试，在基于EVM的智能合约方面拥有深厚的专业知识。 除了安全研究和协议评估之外，我还通过开源项目如[EVM模糊测试资源](https://github.com/perimetersec/evm-fuzzing-resources)和[公共模糊测试活动列表](https://github.com/perimetersec/public-fuzzing-campaigns-list)为模糊测试社区做出贡献。 ## 简历 ## 安全与模糊测试合作 | 协议 | 合作类型 | 完成 | 报告 | 代码 | | -------------------------------------------------- | -------------------------------------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | | [Monad](https://www.monad.xyz/) | Perimeter模糊测试合作 | 2026-03 | [报告](https://github.com/category-labs/monad-audits/blob/main/client/202602/perimeter/Monad%20Fuzzing%20Part%203%20Report%20Public.pdf) | | | [Monad](https://www.monad.xyz/) | Perimeter模糊测试合作 | 2025-12 | [报告](https://github.com/category-labs/monad-audits/blob/main/client/202601/perimeter/Monad%20Fuzzing%20Part%202%20Report%20Public.pdf) | | | [Monad](https://www.monad.xyz/) | Perimeter模糊测试合作 | 2025-12 | [报告](https://github.com/category-labs/monad-audits/blob/main/client/202601/perimeter/Monad%20Fuzzing%20Part%201%20Report%20Public.pdf) | | | [Zest Protocol](https://www.zestprotocol.com) | Perimeter模糊测试合作 | 2025-10 | | | | [Berachain](https://www.berachain.com) | Perimeter模糊测试合作 | 2025-05 | | | | [Berachain](https://www.berachain.com) | Perimeter模糊测试合作 | 2025-04 | | | | [Origin Protocol](https://www.originprotocol.com/) | Perimeter模糊测试合作 | 2025-03 | [报告](https://github.com/perimetersec/resources/blob/main/reports/Origin%20Protocol%20WOETH%20-%20Fuzzing%20Report.pdf) | [Code](https://github.com/perimetersec/origin-woeth-fuzz) | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2025-01 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-BeaconKit-Perimeter-2.pdf) | | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2024-12 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-Honey-Perimeter-2.pdf) | | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2024-12 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-PoL-Perimeter-2.pdf) | | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2024-11 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-BeaconKit-Perimeter.pdf) | | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2024-10 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-Honey-Perimeter.pdf) | | | [Berachain](https://www.berachain.com/) | Perimeter模糊测试合作 | 2024-09 | [报告](https://github.com/berachain/security-audits/blob/main/20250107-PoL-Perimeter.pdf) | | | [Berachain](https://www.berachain.com/) | Spearbit安全审查期间的模糊测试专家 | 2024-08 | | | | [Seven Seas](https://sevenseas.capital/) | Spearbit安全审查期间的模糊测试专家 | 2024-05 | [报告](https://github.com/Se7en-Seas/boring-vault/blob/main/audit/spearbit-boring-vault-arctic-0.pdf) | | | [Origin Protocol](https://www.originprotocol.com/) | Perimeter模糊测试合作 | 2024-05 | [报告](https://github.com/perimetersec/origin-oeth-fuzzing/blob/main/reports/Origin%20Protocol%20OETHVault%20-%20Fuzzing%20Report.pdf) | [Code](https://github.com/perimetersec/origin-oeth-fuzzing/tree/main/src/fuzz/oethvault) | | Private | Perimeter模糊测试合作 | 2024-04 | | | | [Coinbase](https://www.coinbase.com/) | Spearbit安全审查期间的模糊测试专家 | 2024-03 | [报告](https://cantina.xyz/portfolio/2ad1900a-8e2c-4ee2-9d79-223b293ce469) | | | [Coinbase](https://www.coinbase.com/) | Spearbit安全审查期间的模糊测试专家 | 2024-03 | [报告](https://cantina.xyz/portfolio/8aa6bff0-16ff-4111-996d-861c11e473c9) | | | [Drips Network](https://www.drips.network/) | Perimeter模糊测试合作 | 2024-01 | | [Code](https://github.com/perimetersec/drips-fuzzing/tree/main/src/echidna) | | [Drips Network](https://www.drips.network/) | Spearbit安全审查期间的模糊测试专家 | 2023-11 | [报告](https://drive.google.com/file/d/1qj0tCxzkgQONzWTENFk5MKroH5D6PUVG/view?usp=drive_link) | | | Private | Perimeter模糊测试合作 | 2023-11 | | | | [Origin Protocol](https://www.originprotocol.com/) | 模糊测试合作 | 2023-09 | | [Code](https://github.com/OriginProtocol/origin-dollar/tree/master/contracts/contracts/echidna) | | [Origin Protocol](https://www.originprotocol.com/) | 模糊测试与审计 | 2023-03 | [报告](reports/Origin%20Protocol%20-%20Security%20assessment%20of%20PR%20%231239.md) | | ## 开源贡献 | 项目 | 链接 | | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | EVM模糊测试资源 | [链接](https://github.com/perimetersec/evm-fuzzing-resources) | | 公共模糊测试活动列表 | [链接](https://github.com/perimetersec/public-fuzzing-campaigns-list) | | Fuzzlib，一个通用的无偏见的Solidity模糊测试库 | [链接](https://github.com/perimetersec/fuzzlib) | | 使用Echidna进行链上模糊测试重现Rari Finance漏洞 | [链接](https://github.com/rappie/echidna-rari-hack) | | 使用Echidna进行链上模糊测试重现Curve重入漏洞 | [链接](https://github.com/rappie/echidna-curve-reentrancy-hack) | | Echidna练习：解决Damn Vulnerable DeFi - Side Entrance | [练习](https://github.com/crytic/building-secure-contracts/blob/master/program-analysis/echidna/exercises/Exercise-7.md), [PR](https://github.com/crytic/building-secure-contracts/pull/143) | ## 漏洞赏金与竞赛 | 描述 | 严重性 | 报告 | 平台 | 协议 | | ----------------------------------------------------------------------------------------- | ------------ | ------------------------------------------------------------------------------------------------------------------- | --------- | -------------------------------------------------- | | 在`Namespace.fuse`中向`Utils.characterToUnicodeBytes`传递了错误的参数 | 高 | [报告](https://github.com/code-423n4/2023-03-canto-identity-findings/issues/101) | Code4rena | [Canto Identity](https://www.cantoidentity.build/) | | 在地址余额为零的情况下调用`OUSD.burn()`导致`totalSupply`下降 | 低 | [报告](reports/Origin%20Protocol%20-%20Token%20burn%20bug.md) | Immunefi | [Origin Protocol](https://www.originprotocol.com/) | | `Vault.redeem()`在协议中只有非再基信用时失败 | 低 | [报告](reports/Origin%20Protocol%20-%20Redeem%20with%20no%20rebasing%20credits.md) | Immunefi | [Origin Protocol](https://www.originprotocol.com/) | | 总供应量可以超过最大供应量 | 低 | [报告](reports/Origin%20Protocol%20-%20Total%20supply%20can%20become%20larger%20than%20max%20supply.md) | Immunefi | [Origin Protocol](https://www.originprotocol.com/) | | `LiquidityTree.push()`不总是正确更新状态 | 低 | [报告](reports/Azuro%20-%20Function%20push%20does%20not%20always%20update%20correctly.md) | Immunefi | [Azuro](https://azuro.org/) | | `OUSD.burn()`允许在余额保持的情况下销毁供应量 | 低 | [报告](reports/Origin%20Protocol%20-%20OUSD%20burn%20allows%20destroying%20supply%20while%20balance%20remains.md) | Immunefi | [Origin Protocol](https://www.originprotocol.com/) | ## 联系我 我欢迎模糊测试合作、安全研究、咨询以及与模糊测试相关的一般性问题。请随时联系！ - **X**: [@rappie_eth](https://x.com/rappie_eth) - **Discord**: `rappie` - **Telegram**: `@rappenstein` - **Cantina**: [Rappie](https://cantina.xyz/u/Rappie)

标签：CTO, DNS解析, EVM安全, 安全专家, 安全代码审计, 安全协议评估, 安全报告, 安全测试, 安全漏洞, 安全研究员, 安全社区贡献, 开源项目, 攻击性安全, 智能合约安全