智能合约审计员作品集

Dacian
发布于 2023-06-27 20:50
阅读 7

Dacian是Cyfrin.io的审计团队负责人，在智能合约安全领域拥有丰富的经验，其研究成果广泛分享。他曾领导多个知名协议的私有审计，发现并报告了多个智能合约漏洞，并获得了高额的漏洞赏金。他擅长识别各种智能合约漏洞，并在多个会议上发表过关于智能合约安全的演讲。

[Dacian](https://x.com/DevDacian) 是 [cyfrin.io](https://www.cyfrin.io/) 的审计团队负责人，他发表的 [深度研究](https://dacian.me/series/vulnerability-deep-dives) 安全研究经常在 Twitter 上分享，并在诸如 BlockThreat 等备受瞩目的区块链安全新闻通讯中发布 \[ [1](https://newsletter.blockthreat.io/i/121265449/research), [2](https://newsletter.blockthreat.io/i/114008864/research), [3](https://newsletter.blockthreat.io/i/117918271/vulnerabilities), [4](https://newsletter.blockthreat.io/i/121240155/media), [5](https://newsletter.blockthreat.io/i/121265449/research), [6](https://newsletter.blockthreat.io/i/124903609/research), [7](https://newsletter.blockthreat.io/i/136226787/research), [8](https://newsletter.blockthreat.io/i/138881272/research), [9](https://newsletter.blockthreat.io/i/143896210/research), [10](https://newsletter.blockthreat.io/i/145362797/research), [11](https://newsletter.blockthreat.io/i/149644748/research), [12](https://newsletter.blockthreat.io/i/156072664/research), [13](https://newsletter.blockthreat.io/p/blockthreat-week-12-2025?open=false#%C2%A7research), [14](https://newsletter.blockthreat.io/i/168229385/research), [15](https://newsletter.blockthreat.io/i/168229385/tools)\]。Dacian 一些最值得关注的安全研究出版物包括：

- [许可资本市场协议中的漏洞](https://learnblockchain.cn/article/19665)

- [DeFi 清算漏洞](https://learnblockchain.cn/article/20113)

- [Solidity 内联汇编漏洞](https://learnblockchain.cn/article/20114)

- [使用 Certora 形式化验证查找高危漏洞](https://learnblockchain.cn/article/15275)

- [使用不变性模糊测试查找高危漏洞](https://learnblockchain.cn/article/10147)

- [DAO 治理漏洞](https://learnblockchain.cn/article/20116)

- [集中流动性管理器漏洞](https://learnblockchain.cn/article/20115)

- [借贷漏洞](https://dacian.me/lending-borrowing-defi-attacks)

- [DeFi 滑点漏洞](https://learnblockchain.cn/article/19673)

- [精度损失错误](https://learnblockchain.cn/article/19675)

- [Chainlink 预言机安全注意事项](https://learnblockchain.cn/article/11287)

Dacian 曾在以下智能合约安全会议上发表演讲：

- [ElectiSec Block 7 嘉宾演讲 - 审计启发法、业务、品牌和营销](https://www.youtube.com/watch?v=AiNneURcxDw)

- [Fuzz Fest 2024 - 使用不变性模糊测试和形式化验证查找高危漏洞](https://www.youtube.com/watch?v=Cqmu-mhSLt8)

- 2024 年 DeFi 安全峰会 - 使用不变性模糊测试查找高危漏洞的研讨会（未录制）

- [与 Patrick 的模糊测试和启发法访谈](https://www.youtube.com/watch?v=IZTvXfC14Ig)

- [OpenSense - 如何有效地学习智能合约审计](https://www.youtube.com/watch?v=5a2sEGWi7c4)

Dacian 曾为 [Wormhole](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-01-10-cyfrin-wormhole-thermae-v2.1.pdf)、[Swell](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-02-23-cyfrin-swell-barracuda-v2.0.pdf)、[Solidly](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-01-24-cyfrin-solidlyV3-v2.0.pdf)、[Beefy](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-04-06-cyfrin-beefy-finance-v2.0.pdf)、[Ondo](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-04-18-cyfrin-ondo-finance-v2.0.pdf)、Linea \[ [1](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2024-05-24-cyfrin-linea-v2.0.pdf), [2](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2025-01-06-cyfrin-linea-v2.2.pdf)\], [DeXe](https://github.com/Cyfrin/cyfrin-audit-reports/blob/main/reports/2023-11-10-cyfrin-dexe-v2.0.pdf) 等协议以及 [Libre Capital](https://www.librecapital.com/) 等 TradFi 平台领导了成功的私有审计。

Dacian 因发现一个实时智能合约中的漏洞而获得了 [$28,000 美元的漏洞赏金](https://dacian.me/28k-bounty-admin-brick-forced-revert)，该漏洞结合了缺失的访问控制和未检查的状态转换漏洞，导致合约管理员、未来的代币通货膨胀和质押奖励永久失效。

Dacian 可以识别各种智能合约漏洞；Dacian 公开的一些发现包括：

- [交易者可以使用多个活跃市场使自己无法被清算，从而触发清算回滚，原因是 `TradingAccount::activeMarketsIds` 中的排序损坏](https://solodit.xyz/issues/impossible-to-liquidate-accounts-with-multiple-active-markets-as-liquidationbranchliquidateaccounts-reverts-due-to-corruption-of-ordering-in-tradingaccountactivemarketsids-cyfrin-none-cyfrinzaros-markdown)

- [攻击者可以通过为使用负 `makerFee` 的市场开仓然后快速平仓来进行无风险交易，以铸造免费的 USDz 代币](https://solodit.xyz/issues/attacker-can-perform-a-risk-free-trade-to-mint-free-usdz-tokens-by-opening-then-quickly-closing-positions-for-markets-using-negative-makerfee-cyfrin-none-cyfrinzaros-markdown)

- [`GlobalConfiguration::removeCollateralFromLiquidationPriority` 破坏了抵押品优先级顺序，导致抵押品清算顺序不正确](https://solodit.xyz/issues/globalconfigurationremovecollateralfromliquidationpriority-corrupts-the-collateral-priority-order-resulting-in-incorrect-order-of-collateral-liquidation-cyfrin-none-cyfrinzaros-markdown)

- [当交易者低于初始保证金要求但高于维持保证金要求时，无法减少未平仓头寸规模](https://solodit.xyz/issues/trader-cant-reduce-open-position-size-when-under-initial-margin-requirement-but-over-maintenance-margin-requirement-cyfrin-none-cyfrinzaros-markdown)

- [攻击者可以通过三明治攻击两个 onlyOwner 函数来耗尽协议代币，从而强制将流动性重新部署到不利的范围](https://solodit.xyz/issues/attacker-can-drain-protocol-tokens-by-sandwich-attacking-owner-call-to-setpositionwidth-and-unpause-to-force-redeployment-of-beefys-liquidity-into-an-unfavorable-range-cyfrin-none-cyfrin-beefy-finance-markdown)

- [Polygon 链重组将改变盲盒等级，验证者可以利用这一点](https://solodit.xyz/issues/polygon-chain-reorgs-will-change-mystery-box-tiers-which-can-be-gamed-by-validators-cyfrin-none-cyfrin-mode-earnm-markdown)

- [攻击者可以将闪电贷与委托投票相结合来决定提案，绕过所有闪电贷保护](https://solodit.xyz/issues/attacker-can-combine-flashloan-with-delegated-voting-to-decide-a-proposal-and-withdraw-their-tokens-while-the-proposal-is-still-in-locked-state-cyfrin-none-cyfrin-dexe-markdown)

- [攻击者可以通过将 `ERC721Power::totalPower` 和所有现有 NFT 的 `currentPower` 设置为 0 来摧毁用户的投票权](https://solodit.xyz/issues/attacker-can-destroy-user-voting-power-by-setting-erc721powertotalpower-and-all-existing-nfts-currentpower-to-0-cyfrin-none-cyfrin-dexe-markdown)

- [攻击者可以随时将 `ERC721Power::totalPower` 投票权大幅降低到接近 0](https://solodit.xyz/issues/attacker-can-at-anytime-dramatically-lower-erc721powertotalpower-close-to-0-cyfrin-none-cyfrin-dexe-markdown)

- [攻击者可以使用委托来绕过投票限制，对他们被限制投票的提案进行投票](https://solodit.xyz/issues/attacker-can-use-delegation-to-bypass-voting-restriction-to-vote-on-proposals-they-are-restricted-from-voting-on-cyfrin-none-cyfrin-dexe-markdown)

- [在法定人数分母中使用的静态 `GovUserKeeper::_nftInfo.totalPowerInTokens` 可能会错误地导致无法达到法定人数](https://solodit.xyz/issues/static-govuserkeeper_nftinfototalpowerintokens-used-in-quorum-denominator-can-incorrectly-make-it-impossible-to-reach-quorum-cyfrin-none-cyfrin-dexe-markdown)

- [攻击者可以绕过代币销售 `maxAllocationPerUser` 限制来买断整个层级](https://solodit.xyz/issues/attacker-can-bypass-token-sale-maxallocationperuser-restriction-to-buy-out-the-entire-tier-cyfrin-none-cyfrin-dexe-markdown)

- [对于具有多个委托的较长提案，委托人错误地收到较少的奖励](https://solodit.xyz/issues/delegators-incorrectly-receive-less-rewards-for-longer-proposals-with-multiple-delegations-cyfrin-none-cyfrin-dexe-markdown)

- [`DistributionProposal` “赞成”投票者的奖励被“反对”投票者稀释，并且丢失的奖励永久滞留在 `DistributionProposal` 合约中](https://solodit.xyz/issues/delegators-incorrectly-receive-less-rewards-for-longer-proposals-with-multiple-delegations-cyfrin-none-cyfrin-dexe-markdown)

- [针对同一组织者/竞赛的不同奖励池的签名重放，因为签名摘要缺少实现参数](https://github.com/Cyfrin/2023-08-sparkn/issues/306)

- [攻击者可以通过利用向下舍入到零的精度损失来铸造免费代币](https://github.com/code-423n4/2023-06-lybra-findings/issues/344)

- [借款利率计算可能导致所有主要功能 DoS](https://code4rena.com/reports/2023-05-venus#m-15-borrow-rate-calculation-can-cause-vtokenaccrueinterest-to-revert-dosing-all-major-functionality)

- [贷方可以在第一笔付款到期前拿走借款人的抵押品](https://github.com/sherlock-audit/2023-03-teller-judging/issues/92)

- [借款人无法偿还但可以被清算，因为代币白名单可以阻止现有头寸偿还](https://github.com/sherlock-audit/2023-04-blueberry-judging/issues/4)

- [交易费用应向上取整，以有利于协议，防止价值不断泄漏给交易者](https://github.com/sherlock-audit/2023-06-dinari-judging/issues/7)

可以通过 DM 联系 [Dacian](https://x.com/DevDacian)。

>- 原文链接： [dacian.me/smart-contract...](https://dacian.me/smart-contract-auditor-portfolio)
>- 登链社区 AI 助手，为大家转译优秀英文文章，如有翻译不通的地方，还请包涵～

Dacian 是 cyfrin.io 的审计团队负责人，他发表的深度研究安全研究经常在 Twitter 上分享，并在诸如 BlockThreat 等备受瞩目的区块链安全新闻通讯中发布 [ 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]。Dacian 一些最值得关注的安全研究出版物包括：