I don't just hunt bugs; I secure Protocol Solvency. Specializing in advanced business logic exploits and economic attack vectors.
I'm M3dython, a specialized Blockchain Security Researcher focused on DeFi protocol architecture. I actively compete in top-tier audit contests like Sherlock, where I've earned recognition for identifying High/Critical vulnerabilities in complex financial logic.
My mission is to help projects scale securely. I bridge the gap between raw code and business logic to prevent treasury-draining exploits.
- π Focus: Advanced smart contract security patterns & auditing.
- π± Learning: Solidity Fuzzing (Foundry/Echidna) and Formal Verification.
- π‘οΈ Services: Available for private audits and consultation.
- β‘ Fun fact: I find uncovering subtle logical flaws in Web3 protocols incredibly rewarding.
Primary Platform: Sherlock Profile
| Contest | Findings | Earnings | Rank |
|---|---|---|---|
| Privacy Cash (Nov '25) | - | 9.52 USDC | #49 |
| Saffron Fixed Income Vaults (Oct '25) | - | 13.77 USDC | #50 |
| 3Jane (Oct '25) | - | 77.00 USDC | #18 |
| Yield Basis (Aug '25) | 1 | 69.47 USDC | #10 |
| DeBank (Jul '25) | - | 465.45 USDC | #7 |
| DODO Cross-Chain DEX (Jun '25) | 1 | 75.65 USDC | #39 |
| LEND (May '25) | 5 | 41.26 USDC | #52 |
| Burve (Apr '25) | 3 | 2,509.74 USDC | #8 |
| PinLink RWA (Mar '25) | - | 19.47 USDC | #39 |
| Yieldoor (Feb '25) | 2 | 48.21 USDC | #15 |
π Click to expand specific vulnerability details
- Finding: Admin will brick gauge controller configuration for the protocol.
- Finding: Any External Actor will Steal Approved ZRC20 Tokens from
GatewayTransferNativeContract.
- Finding 1: CrossChainRouter uses incorrect collateral/token data during cross-chain liquidations, disrupting repayment logic.
- Finding 2:
_checkLiquidationValidlogic flaw allows unfair liquidations or prevents valid ones. - Finding 3: Interest logic in
borrowWithInterestunderstates cross-chain debt, risking insolvency. - Finding 4: CoreRouter prone to fund depletion due to miscalculated redemption payouts.
- Finding 5: Liquidators may under-liquidate positions due to
maxCloseusing incomplete accrued balances.
- Finding 1: Zero Tax Exploitation mechanism found in Withdrawal Function.
- Finding 2: Internal vs External vault share mismatch potentially traps user funds.
- Finding 3: Critical: ERC4626 inflation attack vector identified on underlying vault.
- Finding 1: Uninitialized
feeRecipientdiverts protocol fees to zero address (revenue loss). - Finding 2: Calculation error impacts leveraged position holders.
- Damn Vulnerable DeFi Solutions: My personal write-ups and solutions for the DVD wargame. View Repository
Β© 2025 M3dython. Open for audits and collaboration.