// security researcher
0x15
Web3 Security
Researcher
Independent security researcher hunting critical vulnerabilities across the stack — from Solidity and Move smart contracts to Rust consensus clients. 45+ High & Medium findings. One node-halting CVE. Five languages, zero mercy for bugs.
// recent work
Highlights
Zcash Zebra — Remote Node Suppression
Zcash Foundation · High Severity
Block suppression via NU5 same-header body poisoning of the sent-hash cache. A remote, unauthenticated peer could permanently stall a targeted Zebra node. Credited for the first report with an end-to-end reproduction.
Yearn yBOLD
Sherlock · 🥈 2nd Place
Silver finish in the Yearn yBOLD contest with a High-severity finding in the yield optimizer.
Rujira
Code4rena · #11
Four High-severity findings in THORChain's app-layer protocol suite.
Alchemix v3
Cantina · #20
Seven confirmed findings — five High, two Medium — in the self-repaying lending protocol.
Monad
Code4rena · #7
Top-10 finish with a High-severity finding in the high-performance L1.
Intuition
Code4rena · #4
4th-place finish auditing the trust-graph knowledge protocol.
Rova
Sherlock · 🥉 3rd Place
Bronze finish in the token launchpad contest.
// contest history
Track Record
| Date | Protocol | Platform | Rank | Findings |
|---|---|---|---|---|
| Apr '26 | XRP Ledger | Sherlock | #25 | — |
| Mar '26 | Intuition | Code4rena | #4 | 1 Medium |
| Feb '26 | Injective Peggy Bridge | Code4rena | #17 | 1 High |
| Dec '25 | Rujira | Code4rena | #11 | 4 High |
| Oct '25 | Centrifuge Protocol V3.1 | Sherlock | #11 | 1 Medium |
| Oct '25 | Index Fun Order Book | Sherlock | #10 | 1 Medium |
| Sep '25 | Monad | Code4rena | #7 | 1 High |
| Sep '25 | BMX Deli Swap | Sherlock | #9 | 1 High · 2 Medium |
| Sep '25 | Dango DEX | Sherlock | #21 | 1 Medium |
| Sep '25 | Ammplify | Sherlock | #36 | 1 High · 1 Medium |
| Aug '25 | USG — Tangent | Sherlock | #64 | 1 High |
| Aug '25 | Solayer Bridge | Cantina | #31 | 1 High |
| Jul '25 | GTE Spot CLOB & Router | Code4rena | #23 | 1 Medium |
| Jun '25 | Telcoin Network | Cantina | #43 | 2 High |
| May '25 | Yearn yBOLD | Sherlock | 🥈 #2 | 1 High |
| May '25 | LayerEdge — Staking | Sherlock | #7 | 1 Medium |
| May '25 | LEND | Sherlock | #63 | 3 High |
| May '25 | Alchemix v3 | Cantina | #20 | 5 High · 2 Medium |
| May '25 | Jigsaw Contracts | Cantina | #53 | 2 High |
| May '25 | Aave Aptos | Cantina | #10 | 1 Medium |
| May '25 | Space & Time (SXT) | Cantina | #22 | 2 Medium |
| Apr '25 | ZetaChain Cross-Chain | Sherlock | #16 | 1 Medium |
| Apr '25 | Mighty Contracts | Cantina | #115 | 1 High |
| Apr '25 | Mezo Monorepo | Cantina | #39 | 3 Medium |
| Apr '25 | Kinetiq | Code4rena | #18 | 1 Medium |
| Mar '25 | PumpSwap | Cantina | #7 | 1 Medium |
| Feb '25 | Yieldoor | Sherlock | #28 | 1 Medium |
| Feb '25 | Rova | Sherlock | 🥉 #3 | 1 Medium |
// about
Polyglot by design
Most auditors stop at Solidity. I don't. I work across Rust, Go, Move, Solidity, and Cairo — which means I can follow a vulnerability from the smart contract layer down into the node client executing it.
That range shows in the results: findings in EVM lending protocols, Move money markets, CosmWasm app layers, Solana AMMs — and a High-severity CVE in Zcash's consensus client that could remotely stall a node.
// active on