Independent smart-contract security research — execution-verified.
I audit DeFi protocols (EVM / Solidity) with one rule: no finding ships without a fork-PoC against the deployed bytecode. Plausible-and-graded ≠ verified. Most "criticals" die between the model and the fork — this repo publishes both the confirmations and the refutations, because the refutations are what make the confirmations trustworthy.
- Handle:
danySSG(same handle across Sherlock and here — one track record). - Focus: stablecoin / CDP, ERC4626 vaults & yield, lending, LST / LRT, AMM / DEX, perps, HyperEVM.
- Method: deployed-source (Sourcify / Blockscout exact-match) + Foundry fork-PoC on real mainnet state — never a mock that begs the question, never a model of a third-party protocol's internals I haven't run.
Two worked examples of the discipline killing my own findings — including a textbook Twyne (Aave V3 integration) "rounding-freeze → unfair-liquidation" High that a fork-PoC refuted: the live Aave aTokens round up, so the one-wei undershoot the finding depended on never happens. The runnable proof is in poc/twyne-aave-rounding-refutation — 200 real rebalances against the deployed wrapper + Aave pool, 0 undershoots.
| Path | What |
|---|---|
writeups/ |
Research write-ups. |
poc/ |
Runnable Foundry proof-of-concepts (mainnet fork tests). |
tools/ |
Reusable security-testing tooling — incl. a HyperCore Foundry mock for unit-testing HyperEVM contracts. |
MIT. PoCs are for defensive research and responsible disclosure only.