Log inOpen app
Robert Chen
509 posts
user avatar
Robert Chen
@NotDeGhost
founder @osec_io | web/pwn with @redpwnctf + @dicegangctf | prev @dfsec_com
osec.io
Joined September 2018
674
Following
7,342
Followers
user avatar
@NotDeGhost

See Robert Chen’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Robert Chen
    @NotDeGhost
    Apr 4, 2021
    Finally got around to doing a write-up: Breaking GitHub Private Pages for $35k This was my first and biggest bounty. Found with @ginkoid on @Hacker0x01 :) #togetherwehitharder
    robertchen.cc
    Breaking GitHub Private Pages for $35k
    Abusing CRLF, cache poisoning, and other misconfigurations for a no-interaction XSS against GitHub Private Pages.
    11
    372
    1K
  • user avatar
    Robert Chen
    @NotDeGhost
    Jun 13, 2023
    I've spent hundreds of hours auditing Uniswap v3 implementations 🦄 Here are my top 3 takeaways from v4 🧵 github.com/Uniswap/v4-cor…
    7
    66
    367
    87K
  • user avatar
    Robert Chen
    @NotDeGhost
    Feb 22, 2025
    in light of the recent Bybit hack, what can Solana teams do to be more secure? Solana has a unique signature model, that is arguably safer for multisigs. I wrote a quick post exploring this model, proposing a procedure for safe signing.
    Solana multisig security
    Solana multisig security
    From osec.io
    57
    48
    288
    139K
  • user avatar
    Robert Chen
    @NotDeGhost
    Aug 2, 2023
    I helped with the @vyperlang whitehat and recovery. Here's a timeline and postmortem for what happened. In both cases, we lost the race to the hacker(s) by less than 10 minutes.
    Vyper hack timeline
    Vyper hack timeline
    From osec.io
    12
    69
    300
    96K
  • user avatar
    Robert Chen
    @NotDeGhost
    Sep 20, 2021
    Writeup of some cool vulnerabilities in NPM I found with @ginkoid:
    robertchen.cc
    5 RCEs in npm for $15,000
    Complexity breeds vulnerability; optimization demands compensation: an exploration of a series of vulnerabilities reported against NPM.
    2
    84
    273
  • user avatar
    Robert Chen
    @NotDeGhost
    Apr 30, 2025
    How can you trust a program without understanding it? We (.@GSfilatino) upgraded our Solana reverse engineering framework for this month's [REDACTED] hackathon. We integrated an MCP client into our decompiler plugin, automating parts of the reverse engineering process like type
    00:00
    14
    40
    147
    13K
  • user avatar
    Robert Chen
    @NotDeGhost
    May 1, 2025
    Coming to Solana Accelerate? I'll be speaking at the Scale or Die conference on May 19-20. Shoot me a DM if you're interested in talking about decompiling Solana programs :)
    14
    27
    131
    33K
  • user avatar
    Robert Chen
    @NotDeGhost
    Feb 2, 2024
    ever wanted to run @solana programs directly in the browser? introducing OtterVM, a Chromium-native @jump_firedancer wrapper. please report any bugs to ctf.dicega.ng. ddg.mc.ax
    11
    19
    133
    46K
  • user avatar
    Robert Chen
    @NotDeGhost
    Oct 9, 2023
    We’ve been doing a ton of cool Solana research lately, and I’ll be sharing some of it at #breakpoint2023! Will be giving a talk on "Fuzzing, Formal Verification, and a Loss of Funds". Hope to see you in Amsterdam :)
    5
    17
    137
    24K
  • user avatar
    Robert Chen
    @NotDeGhost
    Aug 27, 2024
    I'll be in Singapore this year talking about some cool bugs we found :)
    6
    9
    131
    6.2K
  • user avatar
    Robert Chen
    @NotDeGhost
    Sep 6, 2022
    How do we make smart contracts structurally safer? An exploration into some of Move's key features: Type safety and formal verification. osec.io/blog/tutorials…
    7
    37
    120
  • user avatar
    Robert Chen
    @NotDeGhost
    Aug 28, 2022
    Excited to be sharing our research into decompiling close-source @solana programs -- and shoutout to @hgarrereyn for writing it :)
    user avatar
    OtterSec
    @osec_io
    Aug 28, 2022
    Closed source @Solana programs used to be safe. We’ve changed that. Learn how to hack Solana programs with our open-source #BinaryNinja plugin 👇 osec.io/blog/tutorials…
    3
    11
    109
  • user avatar
    Robert Chen
    @NotDeGhost
    Jul 12, 2021
    Here's my writeup for the Chromium sandbox escapes I wrote for @redpwnCTF:
    robertchen.cc
    Empires and Deserts
    Abusing Mojo deserialization in the Chromium sandbox.
    2
    27
    96
  • user avatar
    Robert Chen
    @NotDeGhost
    Aug 26, 2025
    Excited to speak at @StellarOrg Meridian this September :)
    6
    6
    97
    14K