Skip to content
View z0Ld3v's full-sized avatar
18 followers · 35 following

Block or report z0Ld3v

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
z0Ld3v/README.md

πŸ‘‹ Hey, I'm Z! Web3 Security Researcher & Smart Contract Auditor

Solidity Foundry Code4rena Sherlock Etherscan Security%20Research

I break and fix smart contracts.
Focused on EVM security, Solidity analysis, and precision math in DeFi systems.
Actively auditing, while developing PoCs and independent case studies.

⚑ Highlights

  • 🧩 2 High-Severity Valid Findings (Rewarded) β€” Code4rena (Forte Float128)
  • 🧱 1 Valid Finding β€” Sherlock (Crestal Network, duplicate)
  • ❌ 1 Invalid / Intended Behavior Report β€” documented for learning transparency
  • πŸ§ͺ Foundry-based test + PoC workflow
  • 🧰 Tools: Foundry Β· Slither Β· Aderyn Β· Anvil Β· Echidna Β· Remix Β· Etherscan

πŸ“‚ Audit Portfolio

Finding Platform Severity Status Link
Float128::toPackedFloat Fails to Promote to L Size When Exponent Is Critically Low Code4rena – Forte High βœ… Valid (Rewarded) View Report
Ln::ln() Fails to Validate Negative Inputs, Causing Division-by-Zero Panics Code4rena – Forte High βœ… Valid (Rewarded) View Report
Unauthorized Token Transfer via Insufficient Access Control Sherlock – Crestal Network Medium ⚠️ Valid (No Reward) View Report
Reward Manipulation in Referral Logic Code4rena – Nudge – ❌ Invalid (Intended Behavior) View Report

πŸ‘‰ See full portfolio: z0L-audits

🧠 Audit Workflow

  1. Recon & Architecture Mapping: Identify trust boundaries and actor roles
  2. Static Review: Analyze state transitions and access modifiers
  3. Dynamic Testing: Foundry fuzz + invariant testing, mainnet forks
  4. Exploit Simulation: Model realistic attack paths
  5. Impact Analysis: Evaluate severity, risk exposure, and cascading effects
  6. Reporting: Clear PoC, rationale, mitigation, and lessons learned

🧰 Tech Stack

Domain Tools / Frameworks
Security & Auditing Foundry Β· Slither Β· Aderyn Β· Anvil Β· Echidna
Languages Solidity Β· TypeScript
Analysis Etherscan Β· Tenderly Β· Remix
Documentation Markdown Β· Obsidian

πŸ“ˆ Goals for 2026

  • πŸ•΅πŸ½ Expand audit catalog
  • ✍🏽 Publish monthly write-ups on logic & math vulnerabilities
  • πŸ§‘πŸ½β€πŸ’» Land a Web3 Security Auditor / Smart Contract Engineer role
  • πŸ”¬ Contribute to open-source audit tooling

🧩 Philosophy

β€œPrecision is security.”
β€” z0L

I believe secure code is the byproduct of clarity, not just caution.
Every function should explain why it’s safe, not just assume it.

πŸ“Š GitHub Stats

z0Ld3v's GitHub stats Top Languages

πŸ“¬ Connect

πŸ›‘οΈ Always learning. Always breaking (ethically). Always improving.

Pinned Loading

  1. z0L-audits z0L-audits Public

    Portfolio showcasing my smart contract security audits, identifying vulnerabilities and offering mitigation strategies.

  2. Pwntrcts Pwntrcts Public

    A repo of the most common smart contract vulnerabilities.

    Solidity