Smart Contract Security · DeFi Protocols · Adversarial Thinking

I work on understanding, testing, and breaking smart contracts.

Not interested in copy-paste dApps.
Not interested in “hello world” audits.
I focus on protocol mechanics, invariants, and failure modes.

• Read real-world DeFi protocols (AMM / Vault / Bridge / Rebase)
• Reproduce vulnerabilities from public audit reports
• Design state-machine & invariant-based tests
• Compare on-chain behavior vs source code
• Write PoCs that prove something can break

If something looks “safe”, I assume I just haven’t found the bug yet.

Primary

• Solidity
• Foundry (forge / cast / anvil)
• Invariant & fuzz testing
• Manual adversarial review

Thinking Framework

• State transitions > function-level thinking
• Accounting correctness before business logic
• Invariants before optimizations
• Assume hostile users, broken oracles, bad configs

• AMM designs (constant product, variants, fee paths)
• Vaults (deposit / redeem / share accounting)
• Rebase tokens & interest distribution
• Cross-chain messaging & bridge risk
• Upgradeability & governance attack surfaces

This GitHub is not a portfolio of finished products.

Most repos are:

• Audit reproductions
• Experimental protocol implementations
• Security notes & testing patterns

If a repo looks messy, it’s probably because I was testing an edge case.

• Independent auditing of mid-to-high complexity DeFi protocols
• Competitive audits (Code4rena / similar)
• Building a reusable audit workflow:
  • read → model → test → break → prove

Long term: protocol security research.

• GitHub: https://github.com/starkxun
• Blog / Notes: https://medium.com/@starkxun5215
• Email: starkxun5216@gmail.com
• X: @starkxun

“Most bugs are not in functions.
They are in assumptions.”

Security is not about tools.
It’s about how you think when everything goes wrong.