Q2 booked · booking Q3 2026 audits · remote · global

~/panther $

panther.audits

smart_contract_security_researcher // multi-ecosystem

I find protocol-breaking bugs before mainnet. Deep expertise across Move, Rust/Solana, EVM, Cairo, TON, ZK, and AI security. Audited Aave, Deepbook, Decibel, Tensor, PancakeSwap, Venus, and 50+ others securing billions in TVL.

┌─ track_record ─────────────────────────────────────┐ │ $10B+ tvl_secured │ │ 50+ protocols_audited │ │ 6× top-3_contest_finishes │ │ 15+ critical_&_high_severity_findings │ │ 8+ languages_·_multi_ecosystem │ └────────────────────────────────────────────────────┘

book Q3 audit slot → view full work ↗ blog ↗

#01 trusted_by

Audit firms I've worked with

Three Sigma Sherlock Cyfrin Cantina Pashov Audit Group Adevar Labs Accretion Code4rena CodeHawks

#02 what_people_say

Testimonials

// feedback from lead auditors and protocol teams

The auditor bonus goes to @theblackpantherhere for this one! Great performance by all others as well, thank you!

Pashov / Founder, Pashov Audit Group ★ bonus_award

Just wanted to drop a positive feedback, I really like both your skills and dedication. It's great working with you ser.

Nic / Security Audit Lead, Three Sigma ★ team_lead

I wanted to thank you for your insanely good work throughout the engagement, you submitted a lot of findings, and each one was of high quality. I would recommend you eyes closed.

Salah Ismail / Security Researcher, Adevar Labs ★ strong_recommend

#03 best_fit

Best fit for

// where I add the most value for protocols and audit firms

01move-depth

Sui & Aptos Move depth

Object ownership, PTB composition, shared objects, abilities, resource accounts, upgrade paths, and Move-specific state corruption bugs.

02defi-heavy

Complex DeFi reviews

Lending, credit systems, perps, CLOBs, DEXes, vaults, staking, RWA, and cross-chain systems where accounting and liquidation paths need deep review.

03firm-side

Audit firm reviewer capacity

Private engagements under NDA, second-review support, contest-style depth, report-ready findings, and fast ramp-up on unfamiliar codebases.

04proof-driven

Formal verification support

Invariant design, Certora CVL, Sui Prover, Move Prover, and property-driven review for protocol-critical accounting and access-control logic.

05emerging-risk

ZK and AI security review

Constraint soundness, proof-system assumptions, circuit edge cases, AI model attack surfaces, data integrity, output integrity, and ML supply-chain risk.

#04 workflow

How I work

// structured enough for firm workflows, deep enough for protocol-critical code

Build the threat model first

Map trust boundaries, assets at risk, privileged roles, user flows, external dependencies, upgrade paths, and protocol-specific failure modes before hunting isolated bugs.

Prove the core invariants

Stress the accounting, solvency, access-control, oracle, liquidation, settlement, and state-machine invariants that must hold for the protocol to stay safe.

Attack real execution paths

Trace adversarial flows across deposits, withdrawals, liquidations, upgrades, callbacks, cross-chain messages, keeper actions, and partial-failure scenarios.

Deliver findings teams can act on

Each report is written with clear impact, root cause, exploit path, affected code, mitigation guidance, and PoC or test direction where the engagement allows it.

#05 stack

Languages & ecosystems

// multi-chain coverage across the highest-value platforms

Solidityevm

Movesui

Moveaptos

Rustsolana

Cairostarknet

Vyperevm

Swayfuel

Func / Tactton

defi_protocols

lendingcreditdex_ammperps yieldclobasset_mgmt

nft_infra

marketplacesbonding_curves nft_bridgesnft_amms

staking_restaking

liquid_stakingrestaking staking_vaultsvalidators

xchain_infra

bridgeswormholexchain_msg rwaaccount_abstraction

#06 contest_wins

Top 3 finishes

// 6× top-3 placements in competitive audit contests

2nd · silver

$16k+

Arcade.xyz

NFT-backed lending · Solidity

1 M

3rd · bronze

$24k+

Aave (Aptos)

Flagship lending protocol · Move

1 H1 M

3rd · bronze

$13k+

Tensor

Solana NFT marketplace w/ AMM · Rust

2 H1 M

3rd · bronze

$6.8k+

Velvet v4

Modular DeFi asset management · Solidity

6 H7 M

3rd · bronze

—

JuiceBox

Programmable treasury · Solidity

2 M8 L

3rd · bronze

—

Venus

Isolated lending, BNB Chain · Solidity

6 L

#07 proof_points

Proof points

// short examples of the bug classes and review depth I bring to audits

Aave AptosMove · Cantina

Wrong-address state reads would have bricked first non-EVM deployment

Configuration was stored at one address while getters read from another. The issue was confirmed as High severity and placed 3rd out of 409 auditors.

1 H$24k findingrank 3/409

OpenZeppelin CairoCairo · CVE

Forgotten ownership state could resurrect a previous owner

A subtle access-control cleanup issue in OpenZeppelin Cairo contracts became a public advisory and CVE-2024-45304.

1 Mpublic advisoryCVE

Aptos CoreMove · state safety

Return-after-mutation pattern permanently corrupted order book state

A Move-specific control-flow bug where an error path used return after deleting state, committing the mutation instead of reverting.

real bugfixed upstreamMove pattern

#08 notable_findings

Critical & High severity

// selected protocol-breaking findings across ecosystems

Saffron Lido Vaults

Liquid Staking · Pashov

1 C1 H

Decibel

Perpetuals · Aptos · private bounty

1 C1 H

Sui

L1 · bug bounty (in review)

1 C1 H

MightyFi

DeFi · Cantina

6 H

Velvet v4

Asset Management · Cantina

6 H

Rip.fun

NFT Marketplace · Pashov

2 H

HypurrFi

Leveraged Perps · Pashov

2 H

Tensor

NFT AMM · Solana · Cantina

2 H

StarVault

Crowdfunding · Solana · Adevar Labs

2 H

Chakra

Cross-chain · Cairo · Code4rena

2 H

Starknet Staking

Staking · Cairo · CodeHawks

1 H

Chorus One (TON)

Staking · Func · Cantina

1 H

─── bug_bounties ─────────────────────────────────────────────────────

// independent vulnerability disclosures across L1/L2 protocols

Decibel

Move · Aptos

confirmed

1 C 1 H 3 M

Private program — critical independently found (team's unpublished known issue); high and mediums confirmed and rewarded.

Sui

Move · Sui

in_review

1 C 1 H 1 M

Submitted to Sui bug bounty — pending triage.

OpenZeppelin

Cairo Contracts

public

1 M

view advisory →

ZKsync Lite

ZK Circuits

acknowledged

1 C (known issue)

Independently discovered a critical ZK circuit vulnerability — classified as known issue by the team.

programs

criticals

highs

mediums

ecosystems

view full audit history →

#09 recent_writing

From the blog

// deep dives into real vulnerabilities, audit war stories, and research

latest_post apr 15, 2026 · sui · move · perps

How to Audit a Perp Protocol on Sui Move

A practical checklist for Sui perps: object model risks, hot-potato request flows, PTB composition, shared collateral vaults, liquidations, and oracle/funding-rate attack surfaces.

read full post →

apr 2, 2026 · sui · upgrades

The Upgrade Trap — How Versioned Objects Can Brick Protocols on Sui

How a common Sui upgrade pattern can permanently brick dependent protocols when immutable packages rely on migrated shared objects.

read post →

feb 14, 2026 · move · aptos · aave

The Move Bug That Would Have Bricked AAVE on Aptos

A $24K finding from the AAVE Aptos V3 audit on Cantina. Data stored at one address, every getter reading from another — dead on arrival.

read post →

view all posts →

#10 contact

~/panther $ ./contact --protocol=yours

Ready to secure your protocol?

Q3 2026 audit slots, security consulting, formal verification, or collaboration. Move / Rust / Solidity / Cairo / Vyper / TON / ZK / AI security. Reach out on Twitter or Telegram — I reply within 24h.

send a short brief

protocol name, ecosystem, and audit scope
repo/docs access, estimated LoC, and target dates
whether you need solo review, firm-side reviewer capacity, or formal verification support

twitter / x telegram github