About Me
I'm an independent security researcher specializing in smart contract audits with a proven track record of excellence in public audit contests and extensive experience auditing complex and high-profile protocols. Currently, I'm a Security Researcher at @SpearbitDAO, Lead Senior Watson at @sherlockdefi, and Certified Warden at @code4rena.
Previous Life: 8 years of experience in reputable cybersecurity firms performing a wide range of security engagements for clients around the globe.
For private audits or security consulting, please contact me at Cantina.
For other business opportunities or potential collaboration, please reach out to me on Twitter (@xiaoming9090) or Discord (xiaoming90).
Highlights
- Ranked within the top 3 in 18 public audit contests across Code4rena and Sherlock
- Achieved #1 ranking on Sherlock's audit leaderboard
- Achieved #1 ranking on Code4rena's leaderboard (last 90 days) on September 2022
- Served as the Lead Senior Watson for 10 audit contests in Sherlock
Engagements
| Project | Description | Platform |
|---|---|---|
| Kiln | Leading enterprise-grade staking platform, enabling institutional customers to stake programmatically their digital assets, and to whitelabel staking functionality into their offering | Spearbit |
| Liquid Collective | Enterprise-grade liquid staking protocol built on Ethereum | Spearbit |
| Velodrome Finance V2 | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | Spearbit |
| Polygon zkEVM | Decentralized Ethereum Layer 2 scalability solution that uses cryptographic zero-knowledge proofs to offer validity and quick finality to off-chain transaction computation | Spearbit |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | Spearbit |
| Brahma Console | Custody and DeFi execution environment | Spearbit |
Public Audit Contests
| Contest | Description | Ranking | Platform |
|---|---|---|---|
| Tokemak (Autopilot) | LP-centric utility that optimizes yields for LPs across different pools and DEXs | π₯1 / 447 | Sherlock |
| Velodrome Finance | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | π₯1 / 70+ | Code4rena |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | π₯1 / 70+ | Code4rena |
| Nibbl | NFT fractionalization protocol with guaranteed liquidity and price-based buyout | π₯1 / 90+ | Code4rena |
| Notional V3 | Protocol that facilitates fixed-rate, fixed-term crypto asset lending and borrowing | π₯1 / 357 | Sherlock |
| Notional (Leveraged Vault) | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | π₯1 | Sherlock |
| Notional (Leveraged Vault) Update #1 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | π₯1 / 128 | Sherlock |
| Notional (Leveraged Vault) Update #2 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | π₯1 / 65 | Sherlock |
| Notional (Leveraged Vault) Update #4 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | π₯1 / 173 | Sherlock |
| Redacted Cartel | dApp centered around BTRFLY, which allows users to stake, earn incentives, and interact with governance proposals | π₯1 / 100+ | Code4rena |
| Bond Protocol | Enables the creation of Olympus-style bond markets for any token pair | π₯1 / 69 | Sherlock |
| Oku Trade (GFX Labs) | DeFi trading platform powered by Uniswap v3 | π₯1 / 106 | Sherlock |
| veToken Finance | Enables DeFi users to boost their yield and farming rewards | π₯2 / 70+ | Code4rena |
| Axelar Network | Decentralized interoperability network | π₯2 / 70+ | Code4rena |
| SYMMIO Protocol Update | Dedicated protocol devised for trading Symmetrical Derivatives | π₯2 / 64 | Sherlock |
| Bond Protocol Update #1 | Enables the creation of Olympus-style bond markets for any token pair | π₯3 / 113 | Sherlock |
| Notional x Index Coop | Collaboration between Notional and Index Coop to create fixed-rate yield index tokens | π₯3 / 70+ | Code4rena |
| SYMMIO Protocol | Dedicated protocol devised for trading Symmetrical Derivatives | π₯3 / 223 | Sherlock |
| Sentiment | Liquidity protocol that enables onchain permissionless undercollateralized borrowing | 6 | Sherlock |
| Putty Finance | Order-book based options market for NFTs and ERC20s | 6 / 130+ | Code4rena |
| Rubicon | On-chain order book protocol for Ethereum, built on L2s | 7 / 90+ | Code4rena |
| ParaSpace | Cross-margin NFT financialization protocol | 12 / 100+ | Code4rena |
| AAVE Gho Token (Formal Verification) | Decentralized multi-collateral stablecoin that is fully backed, transparent and native to the Aave Protocol | 15 / 35 | Certora |
| Fractional | Collective ownership platform for NFTs on Ethereum | 15 / 140+ | Code4rena |
| Aura Finance | Provide maximum incentives to Balancer liquidity providers and BAL stakers | 15 / 90+ | Code4rena |
| Harpie | On-chain firewall stopping hacks before they ever get on-chain | 16 | Sherlock |
| Optimism | Optimism is a low-cost and lightning-fast Ethereum L2 blockchain | 24 / 333 | Sherlock |