Home About Audits Development Research Writing Talks

Writing

Public writeups, vulnerability analyses, audit notes, and technical research across zkVMs, Cairo, FHE, and protocol security.

A curated archive of public research, bug writeups, audit methodology, and technical notes.

Featured writing

Vulnerability Audit

GOAT Network — Slash Fraction Validation Bypass

A logic flaw in slash fraction calculations allowing negative slashing, validator inflation, and token siphoning.

Apr 03, 2026

ZK Vulnerability

Breaking LeanMultisig zkVM Shamir (Part 1)

Three bugs in LeanMultisig's Fiat–Shamir layer with one shared root cause.

Mar 28, 2026

Cairo Audit

Cairo Security Vulnerabilities Checklist

A practical checklist of common pitfalls and vulnerability patterns in Cairo smart contracts.

2026

Browse all writing

🔍

Vulnerability Audit

GOAT Network — Slash Fraction Validation Bypass

A logic flaw in GOAT Network's slash fraction calculations allowing negative slashing, validator inflation, and token siphoning.

Apr 03, 2026

ZK Vulnerability

Breaking LeanMultisig zkVM Shamir (Part 1)

Three bugs in LeanMultisig's Fiat-Shamir layer — transcript malleability, 32-bit shift panic, and a PoW bypass at max difficulty. All share the same root cause.

Mar 28, 2026

Cairo Vulnerability Audit

Cairo Security Vulnerabilities Checklist

A comprehensive checklist of common security pitfalls and vulnerability patterns in Cairo smart contracts on StarkNet.

2026

ZK Vulnerability

ZK-SNARKs Security — Vulnerabilities and Root Causes

An analysis of the most critical vulnerability classes in ZK-SNARK systems, their root causes, and how to reason about them during an audit.

2026

ZK

Nova and CycleFold

A deep dive into Nova's recursive proof system and CycleFold's cycle-of-curves folding scheme — how they work, their security assumptions, and trade-offs.

2026

FHE Audit

FHE Protocol Security Audit Checklist

A structured checklist for auditing Fully Homomorphic Encryption protocols — covering parameter selection, noise budgets, circuit correctness, and implementation pitfalls.

2026

Audit

My Security Audit Process

A transparent look at how I work with clients — from scope definition and kick-off calls through multi-pass code review, reporting, and fix verification.

2026

No posts match your search.

Request an Audit Book a Call GitHub X Telegram