This is my Audit portfolio collecting the contests I participated in and my engagements in Web3 security.
I am a smart contract auditor with experience across major web3 security platforms and real-world protocol reviews. I combine public contest performance and private-audit experience. Also, worked as a Full-time security Engineer at Octane-Security.
- 20+ private audit at Octane Security.
- 10+ public audit contests on Code4rena, Cantina, and CodeHawks.
- Found more than 30+ confirmed H/Ms in public contests.
- Worked with Octane Security as a Fulltime Security Researcher.
- Solidity
- Rust
- Golang
I've audited projects in the following categories:
- Lending and Borrowing
- Synthetic tokens
- Vaults and Yield Aggregators
- AMMs (Automated Market Makers)
- Vesting
- Staking
- Launchpads
And a lot more..
This is a portfolio of my profile on Cantina
I do contests on different platforms like code4rena and Cantina, and bug bounty reports via HackenProof.
| Contest | Description | Findings | Rank |
|---|---|---|---|
| IGNITE-LABS | LB-Pair-AMM-DLMM | 3 C, 3 H, 7 M, 5 L | - |
| RESERVE | Revert Lend — V3Vault lending / daily throttle | 1 M | 4th |
| Sui Finance | Current Finance — Sui Move (lending, rewards, oracles, limits) | 2 H, 2 M | 6th |
| Soon | SVM, layer2, OP Stack | 1 H, 4 L | 4th |
| RAAC | Regnum Aurum Acquisition Corp | 6 H, 8 M, 3 L | - |
| JIGSAW | Jigsaw Finance: A CDP-based stablecoin protocol | 1 H | - |
| METROPOLIS | Liquidity-Vaults-books | 2 M | 10th |
| PLUME-NETWORK | EVM-compatible-blockchain | 1 C | X-proof |
| VECHAIN-STARGATE | Staking-Protocol | 1 C | X-proof |
Reports filed via HackenProof.
| Target | Finding | Severity | Report |
|---|---|---|---|
| NEAR Intent Bridge | AuxPoW difficulty target bypass — zero-cost block forgery enables bridge fund theft | Critical | dogecoin-auxpow-finding |
| NEAR Intent Bridge | is_refund_required() treats PromiseResult::Failed as success — user BTC deposit absorbed without minting nBTC |
Medium | finding-6-is-refund-required-bug |
| NEAR Intent Bridge | Entropy issue | Medium | olas-mpc-finding-1-entropy |
All undisclosed engagements can be backed with a reference, in case of interest
| Protocol | Firm | Ecosystem | Report |
|---|---|---|---|
| 246-core | Octane_Security | EVM | Private |
| capricorn-main | Octane_Security | EVM | Private |
| trust-biz | Octane_Security | EVM | Private |
| panoptic-next-core | Octane_Security | EVM | Private |
| marinde-finance-liquid-staking-program | Octane_Security | Solana | Private |
| mellow-finance-alm | Octane_Security | EVM | Private |
| drxtrade_v2 | Octane_Security | EVM | Private |
| coophive-alkahest-review | Octane_Security | EVM | Private |
| monday-v3-contracts | Octane_Security | EVM | Private |
| super-loop | Octane_Security | EVM | Private |
| Berachain-internal | Octane_Security | EVM | Private |
| Gamma-swap | Octane_Security | EVM | Private |
| Impulse | Octane_Security | EVM | Private |
| ETO | Octane_Security | EVM | Private |
| Chainlink | Octane_Security | EVM | Private |
| morphous | Octane_Security | EVM | Private |
| Zer0pulse-main | Octane_Security | EVM | Private |
| Skymavis-AxieBattlePass | Octane_Security | EVM | Private |
| Plofi-Og | Octane_Security | EVM | Private |
| ConvenantFi | Octane_Security | EVM | Private |
| Protocol | Description | Firm | Findings |
|---|---|---|---|
| Spicenet | DeFi brokerage network — cross-chain coordination and settlement; Spice Flow (distribution API/SDK) and Spice Edge (composable execution across liquidity venues and chains). | Pashov Group | Security review (PDF) |
| LI.FI | Cross-chain intent settlement on Solana — escrowed swap orders, solver competition on destination chains, Wormhole/Polymer oracle settlement. | Pashov Group | Ongoing |
| IGNITE-LABS | LB-Pair-AMM-DLMM | — | 3 C, 3 H, 7 M, 5 L |
| VENICE | Staking-Protocol | — | 1 H, 1 M |
| ASTERA-FINANCE | ERC721-based-withdraw-cooldown-mechanism | — | 1 M |
| MYSTIC-FINANCE | A Liquid Restaking Protocol | — | 3 H, 6 M, 5 L, 1 I |