Break the logic.Protect the protocol.
Adversarial security research for smart contracts, blockchain clients, and the systems around them—before attackers find the edge case.
Accounting · Solvency · Access control
Consensus mismatch → invalid state accepted
exploit(surface);
}
Recovery · Availability · Fee mechanics
Public track record · 11 private disclosures
01 / Selected work
Evidence over promises.
Public findings across production blockchain systems, DeFi protocols, wallets, and application layers.
XRP Ledger
L1 · C++
MPT transfer fees could cause book offers to misreport funded liquidity.
View public evidenceSomnia
L1 · C++
Client-side WebSocket framing and handshake weaknesses surfaced during audit.
View public evidenceMonad
L1 · Consensus
Consensus accepted blocks with mismatched execution base-fee values.
View public evidenceKuru
CLOB · Solidity
Two accepted findings across the onchain order-book protocol surface.
View public evidenceAave Aptos
Lending · Move
A top-ten finish reviewing a Move-based lending protocol deployment.
View public evidenceCore Contracts
Lending · Solidity
Accounting, solvency, liquidity-index, and boost logic vulnerabilities.
View public evidence02 / Expertise
Systems thinking.Attacker mindset.
From Solidity contracts to validator clients, reviews are built around the invariants that keep value safe—not a checklist of familiar bugs.
Protocol logic
State transitions, invariants, privilege boundaries, and adversarial paths.
Economic security
Oracle assumptions, solvency, liquidations, fee mechanics, and manipulation.
Client & consensus
Execution clients, networking, serialization, and consensus-critical behavior.
Fix verification
Remediation review with clear, reproducible guidance for engineering teams.
Languages & ecosystems
03 / The researcher
fromeo016hacks
An independent Web3 security research practice focused on breaking protocol assumptions. Public work spans Cantina, Sherlock, Code4rena, CodeHawks, and HackenProof, with accepted findings across lending, L1/L2 infrastructure, staking, DEXs, wallets, and cross-chain systems.
The track record also includes private disclosures covering 5 additional critical, 4 high, and 2 medium-severity vulnerabilities.
Based in Nigeria. Working globally. Direct researcher-to-team communication from scoping through remediation.
Need a security review?
Let’s make the exploit hypothetical.
Share your scope, timeline, and repository. Get a direct response from the researcher doing the work.
Contact @fromeo_016