Robert Chen (@NotDeGhost) / X

Robert Chen

483 posts

Robert Chen

@NotDeGhost

founder @osec_io | web/pwn with @redpwnctf + @dicegangctf | prev @dfsec_com

osec.io

Joined September 2018

Robert Chen
@NotDeGhost
Apr 4, 2021
Finally got around to doing a write-up: Breaking GitHub Private Pages for $35k This was my first and biggest bounty. Found with @ginkoid on @Hacker0x01 :) #togetherwehitharder
robertchen.cc
Breaking GitHub Private Pages for $35k
Abusing CRLF, cache poisoning, and other misconfigurations for a no-interaction XSS against GitHub Private Pages.
Robert Chen
@NotDeGhost
Jun 13, 2023
I've spent hundreds of hours auditing Uniswap v3 implementations 🦄 Here are my top 3 takeaways from v4 🧵 github.com/Uniswap/v4-cor…
87K
Robert Chen
@NotDeGhost
Feb 22, 2025
in light of the recent Bybit hack, what can Solana teams do to be more secure? Solana has a unique signature model, that is arguably safer for multisigs. I wrote a quick post exploring this model, proposing a procedure for safe signing.
Solana Multisig Security
From osec.io
139K
Robert Chen
@NotDeGhost
Aug 2, 2023
I helped with the @vyperlang whitehat and recovery. Here's a timeline and postmortem for what happened. In both cases, we lost the race to the hacker(s) by less than 10 minutes.
Vyper Hack Timeline
From osec.io
96K
Robert Chen
@NotDeGhost
Sep 20, 2021
Writeup of some cool vulnerabilities in NPM I found with @ginkoid:
robertchen.cc
5 RCEs in npm for $15,000
Complexity breeds vulnerability; optimization demands compensation: an exploration of a series of vulnerabilities reported against NPM.
Robert Chen
@NotDeGhost
Apr 30, 2025
How can you trust a program without understanding it? We (.@GSfilatino) upgraded our Solana reverse engineering framework for this month's [REDACTED] hackathon. We integrated an MCP client into our decompiler plugin, automating parts of the reverse engineering process like type
00:00
13K
Robert Chen
@NotDeGhost
May 1, 2025
Coming to Solana Accelerate? I'll be speaking at the Scale or Die conference on May 19-20. Shoot me a DM if you're interested in talking about decompiling Solana programs :)
33K
Robert Chen
@NotDeGhost
Feb 2, 2024
ever wanted to run @solana programs directly in the browser? introducing OtterVM, a Chromium-native @jump_firedancer wrapper. please report any bugs to ctf.dicega.ng. ddg.mc.ax
46K
Robert Chen
@NotDeGhost
Oct 9, 2023
We’ve been doing a ton of cool Solana research lately, and I’ll be sharing some of it at #breakpoint2023! Will be giving a talk on "Fuzzing, Formal Verification, and a Loss of Funds". Hope to see you in Amsterdam :)
24K
Robert Chen
@NotDeGhost
Aug 27, 2024
I'll be in Singapore this year talking about some cool bugs we found :)
6.2K
Robert Chen
@NotDeGhost
Sep 6, 2022
How do we make smart contracts structurally safer? An exploration into some of Move's key features: Type safety and formal verification. osec.io/blog/tutorials…
Robert Chen
@NotDeGhost
Aug 28, 2022
Excited to be sharing our research into decompiling close-source @solana programs -- and shoutout to @hgarrereyn for writing it :)
OtterSec
@osec_io
Aug 28, 2022
Closed source @solana programs used to be safe. We’ve changed that. Learn how to hack Solana programs with our open-source #BinaryNinja plugin 👇 osec.io/blog/tutorials…
Robert Chen
@NotDeGhost
Jul 12, 2021
Here's my writeup for the Chromium sandbox escapes I wrote for @redpwnCTF:
robertchen.cc
Empires and Deserts
Abusing Mojo deserialization in the Chromium sandbox.
Robert Chen
@NotDeGhost
Aug 26, 2025
Excited to speak at @StellarOrg Meridian this September :)
14K