I'm an independent security researcher specializing in smart contract audits with a proven track record in public audit contests (with 28 top-three finishings) and extensive experience auditing complex and high-profile protocols. Currently, I'm a Security Researcher at @SpearbitDAO, Lead Senior Watson at @sherlockdefi, and Certified Warden at @code4rena.
Previous Life: 8 years of experience in reputable cybersecurity firms performing a wide range of security engagements for clients around the globe.
For private audits or security consulting, please reach out to me on Twitter (@xiaoming9090) or Discord (xiaoming90).
For other business opportunities, potential collaboration, or team audits, feel free to reach out to me on Twitter (@xiaoming9090) or Discord (xiaoming90). I'm always happy to discuss new ideas or collaborations with you.
- Ranked in the top 3 in 28 audit contests at Code4rena and Sherlock
- Achieved #1 ranking on Sherlock's audit leaderboard [1]
- Achieved #1 ranking on Code4rena's leaderboard (last 90 days) on September 2022
- Serve as the Lead Senior Watson for 20 audit contests in Sherlock
- Member of Code4rena's Zenith team [1]
| Project | Description | Platform |
|---|---|---|
| Pendle | A decentralized finance protocol that allows users to tokenize and sell future yields | Spearbit |
| Kiln | Leading enterprise-grade staking platform, enabling institutional customers to stake programmatically their digital assets, and to whitelabel staking functionality into their offering | Spearbit |
| Liquid Collective | Enterprise-grade liquid staking protocol built on Ethereum | Spearbit |
| Velodrome Finance V2 | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | Spearbit |
| Polygon zkEVM | Decentralized Ethereum Layer 2 scalability solution that uses cryptographic zero-knowledge proofs to offer validity and quick finality to off-chain transaction computation | Spearbit |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | Spearbit |
| Brahma Console | Custody and DeFi execution environment | Spearbit |
| Berachain | A high-performance EVM-Identical Layer 1 (L1) blockchain utilizing Proof-of-Liquidity (PoL) as a consensus mechanism | Cantina |
| Coinfund CESR™ | CESR™ is a periodic rate that measures the average annualized yield awarded to all eligible validators staking ether on the Ethereum blockchain | Cantina |
| Level Money | A stablecoin backed by restaked dollar tokens | Cantina |
| Reserve | A platform that allows for the permissionless creation of asset-backed, yield-bearing & overcollateralized stablecoins | Cantina |
| Khalani Network | A decentralized solvers platform for intent-driven generative coordination | Cantina |
| Karak | A universal restaking layer that makes it easy to provide cryptoeconomic security with any asset | Code4rena (Zenith) |
| Morpheus | A Network For Powering Smart Agents | Code4rena (Zenith) |
| ULTI.ORG | ULTI is a decentralized protocol designed for growth | Code4rena (Zenith) |
| Tempest Finance | Tempest is a liquidity management system built for Ambient Finance | Renascence Labs |
| Velodrome Superchain | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | Sherlock |
| Contest | Description | Ranking | Platform |
|---|---|---|---|
| SYMMIO v0.84 Update | A derivatives Peer2Peer clearing infrastructure, enabling LPs to provide synthetic leveraged exposure to any asset. | 🥇1 / 69 | Sherlock |
| SYMMIO v0.83 Update | A derivatives Peer2Peer clearing infrastructure, enabling LPs to provide synthetic leveraged exposure to any asset. | 🥇1 / 57 | Sherlock |
| TITLES Publishing Protocol | TITLES creates tools with artist-owned AI for publishing referential NFTs, managing attribution, and splitting payments with creators. | 🥇1 / 201 | Sherlock |
| Napier Finance | Liquidity hub for yield trading built as an extension of Curve Finance | 🥇1 / 198 | Sherlock |
| Flat Money | Protocol that enables rETH leverage via perpetual futures contracts and allows users to mint decentralized delta-neutral flatcoin designed to outpace inflation | 🥇1 / 257 | Sherlock |
| Flat Money Fix Review Contest | Protocol that enables rETH leverage via perpetual futures contracts and allows users to mint decentralized delta-neutral flatcoin designed to outpace inflation | 🥇1 / 56 | Sherlock |
| Tokemak (Autopilot) | LP-centric utility that optimizes yields for LPs across different pools and DEXs | 🥇1 / 447 | Sherlock |
| Velodrome Finance | Next-generation AMM that combines the best of Curve, Convex and Uniswap, designed to serve as Optimism's central liquidity hub | 🥇1 / 70+ | Code4rena |
| Connext Network | Cross-chain liquidity network enabling fully non-custodial transfers between EVM compatible chains and L2 systems | 🥇1 / 70+ | Code4rena |
| Nibbl | NFT fractionalization protocol with guaranteed liquidity and price-based buyout | 🥇1 / 90+ | Code4rena |
| Notional V3 | Protocol that facilitates fixed-rate, fixed-term crypto asset lending and borrowing | 🥇1 / 357 | Sherlock |
| Notional (Leveraged Vault) | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 | Sherlock |
| Notional (Leveraged Vault) Update #1 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 128 | Sherlock |
| Notional (Leveraged Vault) Update #2 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 65 | Sherlock |
| Notional (Leveraged Vault) Update #4 | Leveraged vaults that increase capital efficiency and turbocharge user returns with highly leveraged exposure to whitelisted DeFi yield strategies | 🥇1 / 173 | Sherlock |
| Notional (Leveraged Vault) Pendle PT and Vault Incentives | Leveraged Vault integration with Pendle where Notional users can take leverage to buy PT tokens. It also includes an update to existing vaults that allows incentives to be more flexibly managed | 🥇1 / 174 | Sherlock |
| Notional Update #5 | Protocol that facilitates fixed-rate, fixed-term crypto asset lending and borrowing | 🥇1 / 111 | Sherlock |
| Redacted Cartel | dApp centered around BTRFLY, which allows users to stake, earn incentives, and interact with governance proposals | 🥇1 / 100+ | Code4rena |
| Bond Protocol | Enables the creation of Olympus-style bond markets for any token pair | 🥇1 / 69 | Sherlock |
| Oku Trade (GFX Labs) | DeFi trading platform powered by Uniswap v3 | 🥇1 / 106 | Sherlock |
| veToken Finance | Enables DeFi users to boost their yield and farming rewards | 🥈2 / 70+ | Code4rena |
| Axelar Network | Decentralized interoperability network | 🥈2 / 70+ | Code4rena |
| SYMMIO Protocol Update | A derivatives Peer2Peer clearing infrastructure, enabling LPs to provide synthetic leveraged exposure to any asset. | 🥈2 / 64 | Sherlock |
| MakerDAO Endgame (Sky) | Endgame is a fundamental transformation of MakerDAO that improves growth, resilience and accessibility, with the aim of scaling the Dai supply to 100 billion and beyond. | 🥉3 / 108 | Sherlock |
| M^0 | A neutral value transmission framework able to permissionlessly mint currencies under decentralized governance. | 🥉3 / 123 | Sherlock |
| Bond Protocol Update #1 | Enables the creation of Olympus-style bond markets for any token pair | 🥉3 / 113 | Sherlock |
| Notional x Index Coop | Collaboration between Notional and Index Coop to create fixed-rate yield index tokens | 🥉3 / 70+ | Code4rena |
| SYMMIO Protocol | A derivatives Peer2Peer clearing infrastructure, enabling LPs to provide synthetic leveraged exposure to any asset. | 🥉3 / 223 | Sherlock |
| Sentiment | Liquidity protocol that enables onchain permissionless undercollateralized borrowing | 6 | Sherlock |
| Putty Finance | Order-book based options market for NFTs and ERC20s | 6 / 130+ | Code4rena |
| Rubicon | On-chain order book protocol for Ethereum, built on L2s | 7 / 90+ | Code4rena |
| ParaSpace | Cross-margin NFT financialization protocol | 12 / 100+ | Code4rena |
| AAVE Gho Token (Formal Verification) | Decentralized multi-collateral stablecoin that is fully backed, transparent and native to the Aave Protocol | 15 / 35 | Certora |
| Fractional | Collective ownership platform for NFTs on Ethereum | 15 / 140+ | Code4rena |
| Aura Finance | Provide maximum incentives to Balancer liquidity providers and BAL stakers | 15 / 90+ | Code4rena |
| Harpie | On-chain firewall stopping hacks before they ever get on-chain | 16 | Sherlock |
| Optimism | Optimism is a low-cost and lightning-fast Ethereum L2 blockchain | 24 / 333 | Sherlock |