0xRayaa's Security Portfolio

I'm a security researcher specializing in Smart Contract Audits across Solidity, Rust (Solana, CosmWasm), Cairo (StarkNet), and DAML — along with professional Web2 bug bounty hunting & penetration testing.

Smart Contract: 130+ private audits · 150+ Critical/High vulnerabilities · 25+ Rust audits 🦀
Web2: 3 published CVEs · Critical/High findings at Stryker, Ivanti, BitGo, Decred, Tennessee Valley Authority & more · Active on Bugcrowd, HackerOne, and government platforms

Protocols & mechanisms audited across:

Category	Coverage
DeFi	AMMs · Lending & Borrowing · Bonding Curves · Token Launchers · Vesting · Restaking
Staking	Staking Vaults · NFT Staking · Liquid Staking · Validator Systems · Reward Mechanisms
GameFi	Lottery · Dice · Slots · Roulette · Prediction Markets · NFT Marketplaces
Tokens	ERC20 · SPL Tokens · Tokenomics · Airdrop & Distribution · Governance Modules
Infrastructure	Cross-chain · Chain Abstraction · Interchain Messaging · Browser Wallet Extensions
Ecosystems	EVM (Solidity) · Solana (Rust) · CosmWasm (Rust) · StarkNet (Cairo) · DAML

📩 Interested in working together?

• Twitter/X: @0xRayaa
• Telegram: @0xRayaa

---

🔐 Private Audits — Firm Engagement Review

Firm	Report	Description	Findings	Lang/Ecosystem	📑
Pashov Audits	Nucleus	Vault Contract	-	♦ EVM	Soon
Pashov Audits	Polygun	Prediction-market Trading Bot	-	Typescript	Soon
Pashov Audits	Pump.Fun	AMM & Bonding Curve	6 (1M, 5L)	🦀 Solana	🔗
Pashov Audits	Nucleus	Vault Contract	8 (8L)	♦ EVM	🔗
Pashov Audits	RAAC	Token and Minter Contract	10 (1M, 9L)	♦ EVM	🔗
Shieldify Audits	Springx	Vault and Pool staking	-	Solidity	🔗
Pashov Audits	SpiceNet	A Transaction Submission API	-	Typescript	🔗
Superteam	Prime Skills (Draft)	GameFi	4 (2H, 2L)	🦀 Solana	🔗

---

🔎 Public Audits — Contests & Bug Bounties

Rank	Report	Description	Critical/High	Medium	Lang/Ecosystem
50	Super DCA Liquidity Network	AMM, Uniswap V4 Hooks	1	1	♦ EVM
74	Rain Smart Contract Audit Contest	Decentralized Prediction Markets Protocol	1	2	♦ EVM
18	Bid Beasts	NFT MarketPlace	2	2	♦ EVM
20	Calyx Smart Contract	Decentralized Prediction Markets Protocol	0	1	♦ EVM

---

🔐 Private Audits — CredShields

📆 2026 Audits

Protocol	Description	Ecosystem	Language	Findings	📑
Mercuri Protocol	Uniswap V3 Pool Vault	♦ EVM	Solidity	4 (3C,0H,1M)	🔗
Blockwill	Defi Protocol	♦ EVM	Solidity	4 (0C,1H,3M)	🔗
Ardentis	Lending, Borrowing (Morpho Fork)	♦ EVM	Solidity	7 (0C,1H,6M)	🔗
HeyElsa	Staking	♦ EVM	Solidity	5 (0C,2H,3M)	🔗

---

📆 2025 Audits

Protocol	Description	Ecosystem	Language	Findings	📑
Amgi Studios-2	NFT Staking, Tokenomics	♦ EVM	Solidity	30 (16C,7H,7M)	Soon
LERN360	Staking	♦ EVM	Solidity	24 (6C,10H,8M)	🔗
Amgi Studios-1	NFT Staking, L1<>L2 RollUp	♦ EVM	Solidity	9 (4C,3H,2M)	Soon
Power Couple Coin	Staking, Lottery	🦀 Solana	Rust	9 (6C,0H,3M)	🔗
Power Couple Coin: Selltax	DeFi	🦀 Solana	Rust	9 (6C,0H,3M)	Soon
Tarmiiz	Staking Vault	♦ EVM	Solidity	9 (2C,3H,4M)	🔗
DotLabs: Mushi	DeFi, Lending/Borrowing	🦀 Solana	Rust	8 (1C,3H,4M)	🔗
BRLA Digital	ERC20 Token Swap	♦ EVM	Solidity	14 (2C,0H,3M,9L)	🔗

Show 15 more →

Protocol	Description	Ecosystem	Language	Findings	📑
Power Couple Coin: Staking	Staking	🦀 Solana	Rust	6 (4C,0H,2M)	Soon
Power Couple Coin: StakingPanelty	Staking	🦀 Solana	Rust	5 (4C,0H,1M)	Soon
Metaco Intelligence Corporation	Restaking	♦ EVM	Solidity	13 (1C,2H,3M,7L)	🔗
Artulabs Limited	Vesting, ERC20	♦ EVM	Solidity	9 (0C,1H,2M,5L)	🔗
mew.gg	AMM	♦ EVM	Solidity	11 (0C,1H,0M,10L)	🔗
Manadotwin	Vesting, Bonding Curve	♦ EVM	Solidity	5 (2C,1H,2M,0L)	🔗
Zodor	Staking	♦ EVM	Solidity	7 (2C,0H,1M,4L)	🔗
Avail	Chain Abstraction	♦ EVM	Solidity	4 (1C,0H,3M)	🔗
Safle Network	Cross-chain unified identity management	♦ EVM	Solidity	6 (2C,1H,3M)	🔗
LERN360	ERC20	♦ EVM	Solidity	4 (0C,2H,0M,2L)	🔗
Fomodotbiz	AMM, Bonding Curve	♦ EVM	Solidity	6 (3C,0H,3M)	🔗
Vouch	Tokenomics	♦ EVM	Solidity	7 (2C,0H,5M)	🔗
Artulabs Limited	Airdrop, SPL Tokens	🦀 Solana	Rust	5 (1C,2H,3M)	🔗
Landslide	ICM (Interchain Messaging)	♦ EVM	Solidity	7 (2C,0H,5M)	🔗
Save Planet Earth	Staking	♦ EVM	Solidity	5 (2C,1H,2M)	🔗

---

📆 2024 Audits

Protocol	Description	Ecosystem	Language	Findings	📑
LogX	Validator	♦ EVM	Solidity	11 (3C,2H,2M,4L)	🔗
AllinGames: Bank	GameFi	🦀 Cosmos (CosmWasm)	Rust	9 (4C,0H,5M)	🔗
Plutope	Token Launcher	♦ EVM	Solidity	12 (2C,0H,5M,5L)	🔗
AllinGames: Lottery	GameFi	🦀 Cosmos (CosmWasm)	Rust	4 (2C,0H,1M,1L)	🔗
AllinGames: Coin Flip	GameFi	🦀 Cosmos (CosmWasm)	Rust	2 (1C,1H,0M)	🔗
AllinGames: Hash Dice	GameFi	🦀 Cosmos (CosmWasm)	Rust	2 (1C,1H,0M)	🔗

Show 9 more →

Protocol	Description	Ecosystem	Language	Findings	📑
AllinGames: Classic	GameFi	🦀 Cosmos (CosmWasm)	Rust	7 (1C,0H,1M,5L)	🔗
Protop Vesting	Vesting	♦ EVM	Solidity	8 (1C,0H,0M,7L)	🔗
Arcana: Browser Extension	Wallet	♦ EVM	Solidity	5 (0C,0H,1M,4L)	🔗
Arcana Staking	Staking	♦ EVM	Solidity	11 (0C,1H,0M,10L)	🔗
AllinGames: Seven Up Seven Down	GameFi	🦀 Cosmos (CosmWasm)	Rust	5 (0C,0H,0M,5L)	🔗
AllinGames: Slot	GameFi	🦀 Cosmos (CosmWasm)	Rust	4 (0C,0H,0M,4L)	🔗
AllinGames: Roulette	GameFi	🦀 Cosmos (CosmWasm)	Rust	2 (0C,0H,0M,2L)	🔗
Lara Protocol	Staking	♦ EVM	Solidity	13 (0C,0H,5M,8L)	🔗
Tribally Games	GameFi	♦ EVM	Solidity	6 (0C,1H,0M,5L)	🔗

---

🕸️ Web2 Bug Bounties & CVEs

Report	Bug Description	Severity	Application
Stryker	3 Bugs - Information Disclosure	Critical	Webapp
Stryker	2 Bugs - Stored and Blind XSS	Critical	Webapp
Ivanti🔒	Information Disclosure	Critical	Webapp
BitGo Managed Public Bug Bounty Engagement	Business Logic Vulnerability	High	Webapp
Decred	Improper Restriction of Authentication Attempts	High	Webapp
ChargeOver 🔒	SSRF	High	Webapp
E-GOI 🔒	XSS	Medium	Webapp
CVE-2023-3580	HTML injection	Medium	Webapp
CVE-2023-0827	XSS	Medium	Webapp
CVE-2023-1239	XSS	Medium	Webapp
Drugs.com	Improper Authentication - Generic	Medium	Webapp
Tennessee Valley Authority	Improper Restriction of Authentication Attempts	High	Webapp
University of Twente	Information Disclosure	High	Webapp
National Australia Bank	Information Disclosure	Low	Webapp
Kistler Company	Improper Restriction of Attempts	Low	Webapp
Thomson Reuters	Information Disclosure	Low	Webapp
Affinity 🔒	Information Disclosure	Low	Webapp

---

Last updated: April 2026