Exploiting The Off-Chain Ecosystem In Web 3 Bug Bounty
Bruno Halltari
Bug Bounty Village @ DEF CON 33 · Day 1 · Bug Bounty Village
In this insightful talk from Bug Bounty Village, Bruno Halltari, a security researcher at OtterSec, sheds light on a frequently underestimated area within Web3 security: the off-chain ecosystem. While much of the focus in Web3 bug bounties and security research gravitates towards the complex world of smart contracts and on-chain vulnerabilities, Halltari compellingly argues that significant, high-impact findings—and substantial payouts—are still readily available in the off-chain components of decentralized applications (dApps).
AI review
Competent bug bounty talk with real findings and honest technical walkthrough. The prototype pollution chain via elliptic into React's custom element handling is the one genuinely interesting piece here — the rest is solid tradecraft but not novel. Good village content; wouldn't headline a main track.