Security Research &
Smart Contract Audits

I help DeFi teams prevent insolvency, withdrawal freezes, and permission bypasses — with reproducible PoCs and fix-ready guidance.

Invariant-driven audits (Foundry harnesses)

High-signal findings, minimal noise

Clear severity rationale + remediation

Get In Touch Send Scope

Responsible disclosure. Professional communication. Scoped engagements.

Services

Audit Sprint (7–14 days)

Threat model + trust boundaries
Manual review + targeted fuzzing
Reproducible PoCs + fix guidance

Deliverable: Full report + verification checklist

Rapid Review (48–72h)

Pre-launch critical path review
Solvency / withdrawability / permissions focus
Go/No-Go risk summary

Deliverable: Short report + prioritized fixes

Security Retainer (Monthly)

Review PRs/releases and high-risk diffs
Fast feedback loop on fixes
Priority response window

Deliverable: Ongoing risk notes + recurring reviews

Optional: I can implement patches and test harnesses alongside the audit.

Method

Threat Model

Identify assets, roles, trust boundaries, and failure modes.

Invariants

Define what must never break: solvency, withdrawability, and permission integrity.

Harness

Build minimal reproducible tests (Foundry), forks where needed, and targeted fuzzing.

Delivery

Clear severity justification, PoCs, and fix-ready recommendations with verification steps.

What You Get

Executive summary (non-technical)
Detailed findings with severity rationale
PoC tests / reproduction steps
Remediation guidance + verification checklist

Focus Areas

◆

Solvency & accounting correctness (bad debt / invariants)

◆

Withdrawability & freeze risk (dependency failures / queue deadlocks)

◆

Access control & allowlisting correctness

◆

Cross-contract interactions (routers, vaults, diamonds, adapters)

◆

Economic abuse (where explicitly in-scope)

Proof of Work

High-signal security research, optimized for fast triage and reproducibility.

Multiple critical/high findings across DeFi architecture patterns

Reports structured for reviewer speed: impact → conditions → PoC → fix

Strong emphasis on reproducibility and verification

Permission Integrity Failure (Anonymized)

Identified a permissioning logic flaw that could expand allowed external calls beyond intended boundaries. Delivered a minimal PoC and a policy-aligned fix.

Withdrawability Freeze Risk (Anonymized)

Demonstrated a failure mode where a single dependency revert could block withdrawals under realistic conditions. Provided mitigation patterns and verification steps.

No sensitive targets or exploit details are disclosed publicly.

FAQ

Repo access (private is fine), scope list, deployed addresses/chains (if any), timeline, and any constraints.

By mapping impact and exploitability to program policy, including recoverability (e.g., funds frozen vs. quickly fixable).

Yes — reproducible tests or clear reproduction steps, plus verification guidance for the fix.

Yes — optional patch implementation and harness improvements, depending on timeline and scope.

Contact

For audit requests, include: scope, repos, chains, launch date, and preferred timeline.

Email: [email protected]

Response time: Usually within 24–48h

PGP Key: Available on request

Security Research & Smart Contract Audits