work history · audit portfolio · 2023 → present

~/work

Audit portfolio across Move · Rust · Solidity · Vyper · Cairo · TON · Sway · Go. Private engagements, public contests, bounty triage, and formal verification.

11move engagements

7rust/solana reviews

30+private/firm-side audits

3formal verification

18contest results

9bounty triage

request Q3 audit slot jump to move rust/solana private formal verification contests triage

#01 move_ecosystem

Move — Sui & Aptos

// primary focus ecosystem · object model, abilities, PTB composition

$ ls ~/audits/move/

Protocol	Ecosystem	Description	Firm	Findings	Report
Aave	Aptos	Flagship lending protocol	Cantina	1 H1 M	↗ report
DeepBook	Sui	Decentralized CLOB with margin/leverage	Three Sigma	private	private
Elixir	Move	Multi-chain staking vault	Pashov	5 M10 L	↗ report
Abyss	Sui	Yield aggregator	Three Sigma	private	private
LayerBank	Aptos	Lending/borrowing protocol	Sherlock	private	private
Matrixdock	Sui	RWA & cross-chain	Cyfrin	private	↗ report
Decibel	Aptos	Perpetuals	Sherlock	private	private
WaterX Perps	Sui	Perpetuals	Adevar Labs	private	↗ report
WaterX Credit / Bridge	Sui EVM	Backed USDX mint/redeem credit system with Wormhole EVM bridge support	Adevar Labs	private	↗ report
WaterX Prediction	Sui	Broker-layer prediction market (Polymarket exposure on Sui)	Adevar Labs	private	↗ report
Private Move bounty triage	Sui Aptos	Firm-side validation across live bounty scopes; validated findings turned into deterministic reviewer-ready PoCs	Pashov	triage	↗ details

#02 rust_solana

Rust & Solana

// Anchor, native programs, SPL / Token-2022

$ ls ~/audits/rust/

Protocol	Description	Firm	Findings	Report
Tensor	Solana NFT marketplace with AMM	Cantina	2 H1 M	↗ 3rd place
StarVault	Crowdfunding platform on Solana	Adevar Labs	2 H9 M8 L	private
star-dot-fun v2	Launchpad	Adevar Labs	private	private
Centrifuge	RWA tokenization infrastructure	Cantina	1 M	↗ report
Cudis	Wearable DePIN / health rewards	Private	1 M2 L	private
CrunchDAO	Data marketplace / DAO tooling	Accretion	—	private
Oro	RWA Gold	Adevar Labs	—	↗ report

#03 private_audits

Private Engagements

// selected EVM/Solana engagements under firm-side NDAs — additional private Move, Rust, and FV work listed in the sections above · full list under NDA, references available on request

$ ls ~/audits/private/

Protocol	Language	Category	Findings	Firm
PancakeSwap	Vyper	DEX	private	Pashov
Saffron Lido Vaults	Solidity	Liquid Staking	1 C1 H1 M2 L	Pashov
HypurrFi	Solidity	Leveraged Trading	2 H3 M2 L	Pashov
Degen Dice	Solidity	RWA Tokenization	2 H3 M9 L	Pashov
Rip.fun	Solidity	NFT Marketplace	2 H6 M6 L	Pashov
Elytra	Solidity	Liquid Restaking	3 M7 L	Pashov
Noodles	Solidity	Bonding Curves	2 M5 L	Pashov
Biconomy	Solidity	Account Abstraction	1 M	Pashov
Yei Finance	Solidity	Aave Fork	private	Pashov
AspanFinance	Solidity	Yield	private	Adevar Labs
Edel Finance	TS/Solidity	Deployment Scripts	private	Adevar Labs

#04 formal_verification

Formal Verification

// mathematically proving protocol invariants · Certora CVL, Sui Prover, Move Prover

$ ls ~/audits/fv/

Protocol	Description	Firm	Findings	Report
Current Sui	Sui DeFi lending protocol	Sherlock	private	private
Spicenet Solidity	Spicenet Delegate contracts	Pashov	private	private
Decibel on Aptos	Perpetual futures trading engine — global markets, onchain	Sherlock	private	private

✓Certora CVL

✓Sui Prover

✓Solidity FV

✓Move Prover

#05 public_contests

Public Contest Results

// competitive audits · Cantina, Sherlock, Code4rena, CodeHawks

$ ls ~/contests/ | sort -r

Protocol	Language	Category	Findings	Rank
Arcade	Solidity	NFT Lending	1 M	🥈 2nd
Aave	Move	Lending (Aptos)	1 H1 M	🥉 3rd
Tensor	Rust	NFT AMM	2 H1 M	🥉 3rd
Velvet v4	Solidity	Asset Management	6 H7 M	🥉 3rd
Venus	Solidity	Governance	9 L	🥉 3rd
Juicebox	Solidity	Treasury	2 M8 L	🥉 3rd
RedStone	Sway	Oracle	1 H1 M1 L	6th
stake.link	Solidity	Liquid Staking	1 H3 L	8th
Chorus One (TON)	FunC	Staking	1 H	7th
Bima	Solidity	Liquity Fork	1 H3 M	8th
Starknet Staking	Cairo	Staking	1 H1 M1 L	9th
Dahlia	Solidity	DeFi	4 M	10th
Opal	Solidity	DeFi	1 H7 M2 L	12th
Centrifuge	Rust	RWA	1 M	12th
Farcaster	Solidity	Social	2 M	17th
MightyFi	Solidity	DeFi	6 H3 M	20th
ArkProject	Cairo	NFT Bridge	1 H2 M1 L	20th
Chakra	Cairo	Cross-chain	2 H	—

#06 bounty_triage

Bug Bounty Triage

// firm-side Move and Go/L2 triage · severity validation, PoC reproduction, reviewer handoff

$ ls ~/triage/

Protocol	Ecosystem	Category	Firm	Role	Notes
Optimism - Fault Proof	L2 Go	Fault proof / OP Stack / ~12.5k LOC	Pashov Audit Group	Verified / Triaged	↗ scope / repo
Sui Seal	Sui	Cryptography	Pashov	Triager / PoC	↗ notes
Sui Framework - Staking	Sui	Staking	Pashov	Triager / PoC	↗ notes
Aptos - Crypto	Aptos	Cryptography	Pashov	Triager / PoC	↗ notes
Scallop	Sui	Lending	Pashov	Triager / PoC	↗ notes
Walrus	Sui	Infrastructure	Pashov	Triager / PoC	↗ notes
Kai Finance	Sui	Lending	Pashov	Triager / PoC	↗ notes
Navi	Sui	Lending	Pashov	Triager / PoC	↗ notes
Astros	Sui	Perpetual	Pashov	Triager / PoC	↗ notes

#07 bug_bounties

Independent Bounty Disclosures

// my own vulnerability disclosures across L1/L2 protocols

$ ls ~/bounties/

Program	Ecosystem	Findings	Status	Proof
Decibel	Aptos	1 C2 H5 M	confirmed & rewarded	private program
OpenZeppelin	Cairo	1 M	public · CVE-2024-45304	↗ advisory
ZKsync Lite	ZK	1 C	acknowledged (known issue)	—

#08 next

Need an auditor?

// currently booking Q3 2026 audits · multi-ecosystem protocol security

request Q3 audit slot → ← home read blog