I'm an independent security researcher specializing in smart contract audits with a proven track record in public audit contests (with 24 top-three finishings) and extensive experience auditing complex and high-profile protocols. Currently, I'm a Security Researcher at @SpearbitDAO, Lead Senior Watson at @sherlockdefi, and Certified Warden at @code4rena.
Previous Life: 8 years of experience in reputable cybersecurity firms performing a wide range of security engagements for clients around the globe.
For private audits or security consulting, please reach out to me on Twitter (@xiaoming9090) or Discord (xiaoming90).
For other business opportunities, potential collaboration, or team audits, feel free to reach out to me on Twitter (@xiaoming9090) or Discord (xiaoming90). I'm always happy to discuss new ideas or collaborations with you.
- Ranked in the top 3 in 24 audit contests at Code4rena and Sherlock
- Achieved #1 ranking on Sherlock's audit leaderboard [1]
- Achieved #1 ranking on Code4rena's leaderboard (last 90 days) on September 2022
- Serve as the Lead Senior Watson for 17 audit contests in Sherlock
- Found 94 High and 159 Medium risk vulnerabilities in audit contests
| Project | Description | Platform |
|---|---|---|
| Kiln | Leading enterprise-grade staking platform, enabling institutional customers to stake programmatically their digital assets, and to whitelabel staking functionality into their offering | Spearbit |
| Liquid Collective | Enterprise-grade liquid staking protocol built on Ethereum | Spearbit |
| Velodrome Finance V2 | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | Spearbit |
| Polygon zkEVM | Decentralized Ethereum Layer 2 scalability solution that uses cryptographic zero-knowledge proofs to offer validity and quick finality to off-chain transaction computation | Spearbit |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | Spearbit |
| Brahma Console | Custody and DeFi execution environment | Spearbit |
| Contest | Description | Ranking | Platform |
|---|---|---|---|
| TITLES Publishing Protocol | TITLES creates tools with artist-owned AI for publishing referential NFTs, managing attribution, and splitting payments with creators. | 🥇1 / 201 | Sherlock |
| Napier Finance | Liquidity hub for yield trading built as an extension of Curve Finance | 🥇1 / 198 | Sherlock |
| Flat Money | Protocol that enables rETH leverage via perpetual futures contracts and allows users to mint decentralized delta-neutral flatcoin designed to outpace inflation | 🥇1 / 257 | Sherlock |
| Flat Money Fix Review Contest | Protocol that enables rETH leverage via perpetual futures contracts and allows users to mint decentralized delta-neutral flatcoin designed to outpace inflation | 🥇1 / 56 | Sherlock |
| Tokemak (Autopilot) | LP-centric utility that optimizes yields for LPs across different pools and DEXs | 🥇1 / 447 | Sherlock |
| Velodrome Finance | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | 🥇1 / 70+ | Code4rena |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | 🥇1 / 70+ | Code4rena |
| Nibbl | NFT fractionalization protocol with guaranteed liquidity and price-based buyout | 🥇1 / 90+ | Code4rena |
| Notional V3 | Protocol that facilitates fixed-rate, fixed-term crypto asset lending and borrowing | 🥇1 / 357 | Sherlock |
| Notional (Leveraged Vault) | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 | Sherlock |
| Notional (Leveraged Vault) Update #1 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 128 | Sherlock |
| Notional (Leveraged Vault) Update #2 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 65 | Sherlock |
| Notional (Leveraged Vault) Update #4 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 173 | Sherlock |
| Notional Update #5 | Protocol that facilitates fixed-rate, fixed-term crypto asset lending and borrowing | 🥇1 / 111 | Sherlock |
| Redacted Cartel | dApp centered around BTRFLY, which allows users to stake, earn incentives, and interact with governance proposals | 🥇1 / 100+ | Code4rena |
| Bond Protocol | Enables the creation of Olympus-style bond markets for any token pair | 🥇1 / 69 | Sherlock |
| Oku Trade (GFX Labs) | DeFi trading platform powered by Uniswap v3 | 🥇1 / 106 | Sherlock |
| veToken Finance | Enables DeFi users to boost their yield and farming rewards | 🥈2 / 70+ | Code4rena |
| Axelar Network | Decentralized interoperability network | 🥈2 / 70+ | Code4rena |
| SYMMIO Protocol Update | Dedicated protocol devised for trading Symmetrical Derivatives | 🥈2 / 64 | Sherlock |
| M^0 | A neutral value transmission framework able to permissionlessly mint currencies under decentralized governance. | 🥉3 / 123 | Sherlock |
| Bond Protocol Update #1 | Enables the creation of Olympus-style bond markets for any token pair | 🥉3 / 113 | Sherlock |
| Notional x Index Coop | Collaboration between Notional and Index Coop to create fixed-rate yield index tokens | 🥉3 / 70+ | Code4rena |
| SYMMIO Protocol | Dedicated protocol devised for trading Symmetrical Derivatives | 🥉3 / 223 | Sherlock |
| Sentiment | Liquidity protocol that enables onchain permissionless undercollateralized borrowing | 6 | Sherlock |
| Putty Finance | Order-book based options market for NFTs and ERC20s | 6 / 130+ | Code4rena |
| Rubicon | On-chain order book protocol for Ethereum, built on L2s | 7 / 90+ | Code4rena |
| ParaSpace | Cross-margin NFT financialization protocol | 12 / 100+ | Code4rena |
| AAVE Gho Token (Formal Verification) | Decentralized multi-collateral stablecoin that is fully backed, transparent and native to the Aave Protocol | 15 / 35 | Certora |
| Fractional | Collective ownership platform for NFTs on Ethereum | 15 / 140+ | Code4rena |
| Aura Finance | Provide maximum incentives to Balancer liquidity providers and BAL stakers | 15 / 90+ | Code4rena |
| Harpie | On-chain firewall stopping hacks before they ever get on-chain | 16 | Sherlock |
| Optimism | Optimism is a low-cost and lightning-fast Ethereum L2 blockchain | 24 / 333 | Sherlock |