Aspiring smart contract auditor building DeFi security expertise through deep protocol analysis. Focused on EVM security, Solidity analysis, and precision math. 2 valid High findings on Code4rena. Currently: Day 21/90 of intensive audit preparation
- 𧩠2 High-Severity Valid Findings (Rewarded) - Code4rena (Forte Float128)
- 𧱠1 Valid Finding - Sherlock (Crestal Network, duplicate)
- β 1 Invalid / Intended Behavior Report - documented for learning transparency
- π§ͺ Foundry-based test + PoC workflow
- π§° Tools: Foundry Β· Slither Β· Aderyn Β· Anvil Β· Echidna Β· Remix Β· Etherscan
Protocol Deep-Dives: Building security pattern recognition through line-by-line analysis
- β Uniswap V2 (AMM mechanics, K invariant, reentrancy patterns)
- π Aave V3 (lending, liquidations, health factors)
- π Next: Compound, Curve, Lido
Contest Strategy: Selective participation when protocols align with studied patterns
π Progress: Day 21/90 of intensive preparation
Deep-dive into swap(), mint(), burn() with security pattern analysis and architecture diagrams.
Key insights:
- Lock modifier prevents reentrancy across all state changes
- Balance-based calculations prevent spoofing attacks
-
MINIMUM_LIQUIDITYburn prevents donation attacks -
$\Large {k}$ invariant ensures pool integrity
Published: Twitter Thread | 790-line analysis
| Finding | Platform | Severity | Status | Link |
|---|---|---|---|---|
Float128::toPackedFloat Fails to Promote to L Size When Exponent Is Critically Low |
Code4rena β Forte | High | β Valid (Rewarded) | View Report |
Ln::ln() Fails to Validate Negative Inputs, Causing Division-by-Zero Panics |
Code4rena β Forte | High | β Valid (Rewarded) | View Report |
| Unauthorized Token Transfer via Insufficient Access Control | Sherlock β Crestal Network | Medium | View Report | |
| Reward Manipulation in Referral Logic | Code4rena β Nudge | β | β Invalid (Intended Behavior) | View Report |
π See full portfolio: z0L-audits
- Recon & Architecture Mapping: Identify trust boundaries and actor roles
- Static Review: Analyze state transitions and access modifiers
- Dynamic Testing: Foundry fuzz + invariant testing, mainnet forks
- Exploit Simulation: Model realistic attack paths
- Impact Analysis: Evaluate severity, risk exposure, and cascading effects
- Reporting: Clear PoC, rationale, mitigation, and lessons learned
| Domain | Tools / Frameworks |
|---|---|
| Security & Auditing | Foundry Β· Slither Β· Aderyn Β· Anvil Β· Echidna |
| Languages | Solidity Β· TypeScript |
| Analysis | Etherscan Β· Tenderly Β· Remix |
| Documentation | Markdown Β· Obsidian |
Building audit expertise through systematic protocol analysis:
Tier 1: Core DeFi Primitives (May - Oct 2026)
- β Uniswap V2 (Constant Product AMM)
- π Aave V3 (Lending & Liquidations)
- Compound V2 (Simpler Lending - Comparison Study)
- MakerDAO (CDP Mechanics & Oracles)
- Curve (StableSwap Invariant)
- Lido (Liquid Staking)
Tier 2: Advanced Patterns (2027)
- Uniswap V3/V4 (Concentrated Liquidity & Hooks)
- GMX V2 (Perpetuals)
- Synthetix (Derivatives)
Each deep-dive includes: architecture diagrams, security pattern analysis, attack vectors, and Foundry PoCs.
By July 2026:
- β Deep-dive 6 core DeFi protocols (Uniswap, Aave, Compound, Maker, Curve, Lido)
- β Participate in 5+ high-quality audit contests (selective focus)
- β Study 3+ major DeFi exploits with working PoCs
- β Active Twitter presence sharing learnings
By December 2026:
- π― Land junior auditor role or apprenticeship
- π― Published technical write-ups on AMM & lending security
- π― Contribute to open-source audit tooling
βPrecision is security.β
β z0L
I believe secure code is the byproduct of clarity, not just caution.
Every function should explain why itβs safe, not just assume it.
π‘οΈ Always learning. Always breaking (ethically). Always improving.