Skip to content
/ z0L-audits Public

Portfolio showcasing my smart contract security audits, identifying vulnerabilities and offering mitigation strategies.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

z0Ld3v/z0L-audits

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
audit-contests
audit-contests
 
 
practice-audits
practice-audits
 
 
templates
templates
 
 
README.md
README.md
 
 
logo.png
logo.png
 
 

Repository files navigation

Logo Alt Text

z0L Security Audit Portfolio

Welcome to my Web3 security audit portfolio, a collection of my independent audits, contest submissions, and research write-ups.

Each entry documents findings, proof-of-concepts, and mitigation recommendations with professional formatting and reproducible tests.

🧩 Contest Findings

Title Platform Severity Status Link
Float128::toPackedFloat Fails to Promote to L Size When Exponent Is Critically Low Code4rena – Forte: Float128 Solidity Library High Valid (Rewarded) View Report
Ln::ln() Fails to Validate Negative Inputs, Causing Division-by-Zero Panics Code4rena – Forte: Float128 Solidity Library High Valid (Rewarded) View Report
Unauthorized Token Transfer via Insufficient Access Control Sherlock – Crestal Network Medium ⚠️ Valid (No Reward) View Report

🚧 Practice & False-Positives

Title Platform Status Link
Reward Manipulation in Referral Logic Code4rena – Nudge Invalid (Intended Behavior) View Report

Even invalid or duplicate findings are kept here for transparency and learning value.

Every false positive sharpens reasoning and pattern recognition.

🔍 My Audit Process

  1. Recon & Surface Mapping – Identify actors, roles, trust boundaries
  2. Code Reading & Control Flow – Trace key invariants, modifiers, and permission logic
  3. Access Control & Auth Checks – Verify function visibility, role dependencies
  4. Math, Precision & Overflow – Detect unsafe arithmetic, rounding drift, or precision mismatches
  5. External Calls & Reentrancy – Locate potential unsafe calls, pull vs. push payment patterns
  6. State Management & Edge Cases – Simulate abnormal flows (late joins, zero values, skipped states)
  7. Testing & PoCs – Reproduce behavior via Foundry, Anvil fork, or minimal Solidity harness
  8. Impact Analysis & Recommendations – Evaluate severity, realism, and potential mitigations

📚 Current Focus

  • Rebuilding deep audit workflow using Foundry invariant testing
  • Studying high-impact DeFi exploits and real audit reports
  • Preparing for upcoming contests
  • Writing concise, reproducible case studies for each finding

👤 About

I’m Z, a Web3 security researcher and Solidity developer with a focus on precision math, access control, and protocol-level logic flaws.
I audit for correctness, realism, and economic resilience, not just syntax.

🛠️ Contact

About

Portfolio showcasing my smart contract security audits, identifying vulnerabilities and offering mitigation strategies.

Topics

auditing best-practices ethereum blockchain sherlock solidity web3 foundry vulnerability-analysis smart-contract-security code4rena

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published