Rust & Solana protocol security.
70+ systems reviewed Β· 100+ critical vulnerabilities found Β· Architecture reviews & audit reports
Finding critical bugs before attackers do.
I am an independent protocol security researcher focused on Rust, Solana, SVM, EVM, and Move security.
I help teams secure high-risk protocol logic through deep audits, architecture reviews, exploit-path analysis, and private security reporting.
So far, I have reviewed 70+ protocols and systems and found 100+ critical vulnerabilities across private audits, competitive security research, and production protocol reviews.
My primary focus is Rust and Solana protocol security, including Anchor programs, SVM-specific attack surfaces, account validation, CPI safety, economic logic, and production protocol architecture.
I am available for select security engagements involving:
- Solana / Rust audits
- Anchor smart contract reviews
- SVM protocol security
- Protocol architecture reviews
- EVM smart contract audits
- Move protocol reviews
- Bridge and cross-chain system reviews
- Critical bug analysis
- Private audit reports
For public examples of my work, see:
Some engagements, reports, and vulnerability details are private due to client confidentiality.
I work as an independent contractor with leading security teams and audit groups, including:
- Adevar Labs
- Cyfrin
- Pashov Audit Group
This includes private audits, protocol reviews, competitive security research, and production system assessments across Solana, EVM, Move, Berachain, L1s, bridges, and other on-chain systems.
I have identified critical vulnerabilities across production code, private audits, and competitive security reviews, including issues involving:
- Loss of funds
- Broken access control
- Incorrect account validation
- Faulty protocol accounting
- Unsafe CPI flows
- Economic logic flaws
- Liquidation and collateral bugs
- Bridge and cross-chain risk
- Incorrect state transitions
- Privilege escalation paths
My review experience spans:
- Solana protocols
- Rust / Anchor programs
- EVM smart contracts
- Move protocols on Aptos and Sui
- Berachain applications
- L1 systems
- Bridges and cross-chain infrastructure
- DeFi protocols
- Prediction markets
- Infrastructure and middleware systems
My strongest area is Solana protocol security, especially:
- Anchor program audits
- PDA and seed validation
- Account ownership and signer checks
- CPI safety
- Token account validation
- Rent, lamports, and account lifecycle issues
- Integer precision and accounting bugs
- State machine vulnerabilities
- Permission and authority design
- Protocol-level exploit paths
I also review EVM systems involving:
- DeFi protocol logic
- Access control
- Accounting and share math
- Liquidations
- Oracle assumptions
- Upgradeability risks
- Governance and permissioning
- Cross-contract interactions
I have reviewed Move-based systems across:
- Aptos
- Sui
- DeFi protocols
- Resource and capability-based logic
- State transition safety
A selection of public audit reports is maintained here:
The portfolio includes public reports across multiple ecosystems and protocol types.
Selected competitive audit placements:
- π₯ 2nd β KelpDAO, Code4rena
- π₯ 2nd β Aloe V2, Sherlock
- π₯ 3rd β Hubble Exchange, Sherlock
- 4th β Unstoppable, Sherlock
- 4th β Ondo Finance, Code4rena
- 6th β Axelar, Code4rena
Helped migrate PNP, a prediction market protocol, to Solana by rewriting its smart contracts in Anchor.
The migrated contracts have been in production for 8+ months.
This development experience helps me audit Solana systems from both an attacker and builder perspective.
I occasionally publish Solana and protocol security research here:
Research topics include:
- Solana security
- Rust smart contract bugs
- SVM internals
- Protocol architecture
- Exploit analysis
- Audit methodology
For audit inquiries, private reviews, or protocol security work:
Rust & Solana protocol security.
Finding critical bugs before attackers do.