Josselin Feist

Blockchain Security Researcher

Former Trail of Bits Engineering Director – Author of Slither

The folllowing contains example of public security reviews I have participated in.

Year	Protocol	Description	Report Link
2024	Uniswap V4	AMM	Link
2024	Balancer V3	AMM	Link
2023	BlueFin (Move/SUI)	Perpetual swap	Link
2023	Mass.money	Tetris VM	Link
2023	Mass.money	Account abstraction, vesting, on-chain DCA	Link
2022	Folksfinance (Algorand)	Lending protocol	Link
2021	Balancer V2	AMM	Link
2020	Balancer core	AMM	Link
2020	Curve dao	Governance for Stablecoin AMM	Link
2020	Curve	Stablecoin AMM	Link
2020	StakerDAO (Algorand)	Vault	Link
2020	Dexter (Tezos)	AMM on Tezos	Link
2019	Computable	Data marketplace protocol	Link
2019	Flexa	Staking	Link
2018	Basis	Stablecoin	Link
2018	Gemini	Stablecoin	Link
2018	Origin	Marketplace protocol	Link
2018	Parity	Multisig wallet	Link
2017	Sai	Stablecoin	Link
2017	Dapphub	Smart contract library	Link

Year	Name	Description	Report Link
2024	Offchain BoLD Fixes	L2 bridge + dispute resolution	Link
2022	Offchain Nitro	L2 rollup	Link
2020	Hermez	L2 rollup	Link
2019	Centrifuge	Asset tokenization chain	Link
2017	RSKj	Bitcoin sidechain client	Link

Non-public reviews include:

Year	Project	Description	Link
2020	Tezos	Callback authorization bypass & Callback injection	Post
2020	Aave	Selfdestruct through uninitialized proxy	Blog
2020	Vyper	Function collision	Github, Blog
2020	E&Y’gs Nightfall	Unused return value allows minting free tokens	N/A
2020	DOSNetwork	ABI encodePacked Collision	N/A
2020	EthKids	Msg.value reused	N/A
2019	Kleros	Array’s length overwrite allows arbitrary write	N/A
2017	Gitcoin	Lack of check on ERC20 return value	Github

Year	Project	CVE	Description	Link
2016	Giflib	CVE-2016-3177	Use after free and double free	Link
2015	Jasper-JPEG-200	CVE-2015-5221	Use after Free	Link
2016	Alsabat	N/A	Use after free	Link
2015	Openjpeg	CVE-2015-8871	Use after free	Link
2015	Gnome-nettool	N/A	Use after free	Link
2015	Accel-ppp	N/A	Use after free	Link