Security writeups
Vulnerability deep-dives, DeFi exploit analysis, and pre-audit guidance — written to be useful to the teams I audit and build for.
Pear Protocol: A Fee Setter That Erased Every Referrer Payout
A smart contract audit finding from the Pear Protocol V1 review with Shieldify: how an overwrite instead of an add silently deleted every pending referrer fee.
How to Prepare Your Contracts for an Audit
What actually makes a smart contract audit faster and better, from the auditor reading your code: freeze scope, write the intent down, ship tests, and run the free tools first.
How I Use Foundry in Smart Contract Audits
How I actually use Foundry on a smart contract audit: writing proof-of-concept exploit tests, poking at contracts with Anvil and cast, and running gas reports.
How I Actually Audit a Smart Contract
My real smart contract audit process, start to finish: docs before code, why tests are gold, automated first, then manual function-by-function tracing.
A Hardcoded Health Factor That Liquidates Healthy DeFi Positions
A smart contract audit finding from my first CodeHawks contest: how a hardcoded 1e18 health factor can liquidate well-collateralized stablecoin positions.
AI Arena: Hand-Picking Rare Fighter NFTs via redeemMintPass
A smart contract audit finding from my AI Arena Code4rena audit: how redeemMintPass let players hand-pick rare fighter attributes and mint Dendroids at will.