Skip to content
View johnsonstephan's full-sized avatar

Highlights

  • Pro

Block or report johnsonstephan

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
johnsonstephan/README.md

Hi there, I'm Stephan.

Here's a bit more about my story.

This is a public profile of my adventure as an auditor and researcher.

Some of my early projects and contributions are shared below.

Twitter: StephanJohnson_

Table of Contents

  1. Smart Contracts
  2. Vulnerabilities and Safeguards
  3. Wargames
  4. My Toolkit
  5. Community Contributions

Smart Contracts

Here are various smart contracts I've developed, including:

Vulnerabilities and Safeguards

Here is a compilation of projects that underline common vulnerabilities and exhibit how they can be exploited. For some, improved contracts are included, showcasing best practices to fortify the contract's security. Highlights include:

Wargames

Here are my solutions to blockchain security wargames, challenges, and capture the flag (CTF) competitions.

My Toolkit

Security Tools

  1. Mythril: I appreciate its extensibility, enabling me to script custom modules to detect specific vulnerabilities. For example, it can help in identifying a flawed external call that leads to a reentrancy attack.
  2. Slither: I find it invaluable during preliminary code assessments, when I can run a static analysis to identify vulnerabilities without executing the code. For instance, it can highlight an uninitialized state variable.
  3. Echidna: I value its property-based testing approach which expands my toolkit beyond traditional unit testing to testing properties. One practical example is verifying that a transfer function consistently maintains integrity of the total token supply.
  4. Foundry: Ultimately, I believe manual testing is the most powerful tool and Foundry enables me to generate POCs with simulated real-world contract interactions.

Others: Surya, Ethlint

Research Environment

  • Linux Distribution: ZIION. I enjoy using ZIION because it is tailored for smart contract security and minimizes the usual environment setup woes. It has dozens of pre-installed tools (ranging from decompilers to vulnerability scanners) that I enjoy using and it supports Solidity/EVM + Rust-based blockchains.
  • IDE: VS Code. I appreciate the suites of great blockchain extensions. A few of my favorites include the Solidity extension to enable syntax highlighting and the Solidity Visual Auditor to visualize control flow graphs. For quick code review and testing I enjoy using Remix as well.

Pinned Loading

  1. smart-contract-security-researcher-portfolio smart-contract-security-researcher-portfolio Public

    Portfolio of work regarding smart contract security research

    Solidity

  2. awesome-uniswap-v4-hooks awesome-uniswap-v4-hooks Public

    A curated list of awesome Uniswap v4 hooks resources -- including examples, tools, templates, tutorials, and more.

    18