This is a loose archive of security work I've done for open-source projects, including security engineering and source code reviews.
- Wormhole Guardian (30 open PRs, 164 merged PRs, 8 issues)
- Native Token Transfers (18 merged PRs, 24 issues)
- Liquidity Layer (7 issues)
- Wormhole Solidity SDK (bug reports): PR #105, PR #106
(Pull requests labelled "AR" --> Asymmetric Research)
- Solana M (10 merged PRs)
- Solana M Extensions (11 merged PRs)
- Clarity-Go Parser (4 issues)
- Commonware monorepo (2 issues)
- Ghostfolio: Insecure randomness for new passwords (Discussion #3192, PR #3196)
LORIS Neuroimaging Software (407 merged PRs, 207 issues)
Formal audit reports for which I was the primary auditor.
| Title | Organization | Type | Programming Language | Link |
|---|---|---|---|---|
| BoostyLabs Tricorn Bridge Server | BoostyLabs | Bridge, EVM | Go | 📒 |
| ZetaChain Node Audit | ZetaChain | Cosmos Node Audit, Bridge, Bitcoin, Ethereum | Go, Solidity | 📒 |
| Groth16 Verifier Audit | MystenLabs (Sui Foundation) | Cryptography, ZK | Rust | 📒 |
| Mars Protocol - Custom Modules | Mars Protocol | Cosmos node, Governance, DeFi | Go | 📒 |
| Maya Node - Audit | MayaChain | Cosmos node | Go | 📒 |
| Maya Node - ETH Router | MayaChain | Cosmos module, DeFi | Go | 📒 |
| Maya Node - Liquidity Auction | MayaChain | Cosmos module, DeFi | Go | 📒 |
| Sifchain - CLP Update | Sifchain | Cosmos module, DeFi | Go | 📒 |
| Sifchain - Margin | Sifchain | Cosmos module, DeFi | Go | 📒 |
Personal website: https://johnsaigle.com
- Boredom Over Beauty: Why Code Quality is Code Security
- Solana Vulnerabilities That Aren't — Unpacking Common Misreports
- Top 5 Security Vulnerabilities Cosmos Developers Need to Watch Out For
- Don’t “Panic”: How Improper Error-Handling Can Lead to Blockchain Hacks
- locked-in -- Lint for unsafe package installation patterns that could lead to supply-chain attacks.
- go-unmaintained -- Find abandoned packages via go.mod.
- Anchor version detector -- Detect or infer the Anchor, Solana, and Rust versions needed for an Anchor project.
- Scary Strings -- If these strings are in your code, you might have a problem!
- Oblique Strategies for Hackers -- A deck of cards created to stimulate and inspire hackers. (Inspired by Brian Eno's project.)