Web3 Security Research
clientSmart contract security taught me how to review lots of complex code fast.
Over the 2025-2026 period, I’ve done 5 smart-contract audits, all on Rust/Solana programs. I found a few things here and there, 1 high (DDoS), a few mediums and plenty of lows/infos.
I wouldn’t say I’m the world’s best security researcher, not even close. But I did enjoy it and I also learned a lot about not just web3 security but also how to review lots of very complex code very fast (hint: intuit and look for the hot paths). The latter has come in very handy when coding with agents.
I’ve audited a number of protocols, some were pretty big names with tens of millions of USD in TVL. We’re looking at oracle integrations, cross-chain bridge integrations, vesting logic, tranching logic, to name a few.
Along the way one of my security research articles even got featured in 0xMacro’s Awesome Solana Security list which is pretty cool (~600 github stars the moment I write this).
As enjoyable as it all was, as I write this I have my foot out of the door. I’ve written why in this article here. In a nutshell: there are greener pastures out there.
← all projects