Skip to content

0xluk3/portfolio

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

0xluk3

Smart Contract Auditor & Security Researcher

Solidity Move Rust CosmWasm Solana Substrate TON TypeScript Noir

Security Researcher @ Spearbit (ASR). Senior Blockchain Security Auditor @ Oak Security. CTO & Co-Founder @ Monethic. Builder of MAIA - AI-powered smart contract auditing engine (192 detectors across EVM & Move). Technical blog at luk3.tech.
Twitter/X 0xluk3
Cantina 0xluk3
Blog luk3.tech
Sherlock ArmedGoose

You can book me for an audit on Cantina or reach out on Twitter for private engagements.

Highlights
100+ audits across 8+ ecosystems
10+ years in offensive security
3+ years focused on web3
2x 2nd place Code4rena competitions
13 CVEs in IBM, Oracle, F5, Dell, Red Hat

Worked with Spearbit/Cantina, Oak Security, Sherlock, Pashov Audit Group, Cyfrin.

Featured Assessments

Protocol Description Report
Coinbase (Verified Pools v2) DeFi smart contract on Base Report
MegaETH (salt) Cryptographic library (Banderwagon curve), Rust Report
Kyber (UniswapV4 Hook) Kyber Exclusive AMM, Solidity Report
Jupiter JUPUSD Solana stablecoin Report
Zilliqa L1 blockchain - smart contracts + migration Report
Gala Games GalaChain DEX, wallet, launchpad (4 engagements) Report
IOTA L1 smart contracts (Move/Sui) Not public
Initia Move DeFi on MoveVM - 2nd place, Code4rena Report

Public Audit Reports

Organized by domain. Many additional engagements are under NDA and not listed.

Infrastructure, L1 & L2

Protocol Type Chain / Language Firm Report
MegaETH (salt) Smart Contract Rust Spearbit/Cantina Report
Layer N Smart Contract - Spearbit/Cantina Not public
IOTA Smart Contract Move (Sui) Sherlock Not public
Zilliqa Smart Contract Solidity Hashlock Report
Zilliqa (Migration) Smart Contract Solidity Hashlock Report
Zenchain (8 engagements) Penetration Test TypeScript / Rust Hashlock Report
Acurast Blockchain Audit Substrate Monethic Report
Acurast Token Smart Contract - Monethic Report
Arkeo Blockchain Audit Golang (Cosmos) Monethic Report
Syndicate (3 engagements) TEE Audit - Oak Security Report
Tecnodes Network Audit - Hashlock Report

DeFi, Lending & Yield

Protocol Type Chain / Language Firm Report
Coinbase (Verified Pools v2) Smart Contract Solidity (Base) Spearbit/Cantina Report
Jupiter JUPUSD Smart Contract Solana (Rust) Pashov Report
Kyber (UniswapV4 Hook) Smart Contract Solidity Spearbit/Cantina Report
Crown (BRL) Smart Contract Solidity Spearbit/Cantina Report
Elixir Smart Contract Move (Sui) Pashov Report
Hydro Protocol Smart Contract CosmWasm Oak Security Report
Magma Core Smart Contract CosmWasm Oak Security Report
SendIt Smart Contract CosmWasm Oak Security Report
MELD Smart Contract Solidity AuditOne Not public
Cabal - Liquid Staking Smart Contract Move (Aptos) Zenith Security Not public
Drop Initia LP Smart Contract Move (Aptos) Oak Security Report
Astroport Updates Smart Contract CosmWasm Oak Security Report
Cypher Autoload Smart Contract Solidity Oak Security Report
Satay Finance Smart Contract Move (Aptos) Halborn Not public
Drop Updates 2 Smart Contract CosmWasm Oak Security Report
Drop Updates 3 Smart Contract CosmWasm Oak Security Report
MANTRA Claimdrop Smart Contract - Oak Security Report
MANTRA Claimdrop Updates Smart Contract - Oak Security Report
Orderly Network Smart Contract - Monethic Report
Immersve Penetration Test TypeScript Hashlock Report

DEX & AMM

Protocol Type Chain / Language Firm Report
Gala Games (4 engagements) SC Audit + Pentests TypeScript / GalaChain Hashlock Report
Pontem / Liquidswap Smart Contract Move (Aptos) - Not public
Balanced Network Smart Contract Move (Sui) Hashlock Report
Razor DEX Smart Contract Move Monethic Report
Neony Exchange Smart Contract - Monethic Report
Dexlyn Bridge Smart Contract Move (Aptos) CDSecurity Report
AgriDex SC Audit + Pentest Solana / Web2 Hashlock Report

Bridges & Cross-Chain

Protocol Type Chain / Language Firm Report
Hello Labs Bridge Smart Contract Solana Hacken Not public
Archie Bridge + Backend Solana / Web2 Hashlock Not public

Wallets, Snaps & Application Security

Protocol Type Chain / Language Firm Report
U2U Mobile Wallet Mobile Pentest TypeScript (iOS/Android) Hashlock Not public
Xtreamly MetaMask Snap Snap Audit Web2 Sayfer Not public
Silencio Network Pentest + SC Audit Solidity / Mobile Hashlock Report
Dedcat Penetration Test TypeScript Hashlock Report
Flamatech Penetration Test TypeScript Hashlock Report
Sogni AI Penetration Test TypeScript Hashlock Report
Cabal - Backend Penetration Test Web2 Zenith Security Not public
Crash Game Penetration Test Web2 CDSecurity Report

Gaming, NFT & Other

Protocol Type Chain / Language Firm Report
Dark Mythos Smart Contract Solidity AuditOne Not public
Wolf Game Smart Contract Solidity Monethic Report
WYachts Smart Contract Solidity Monethic Report
TokenTable Smart Contract Move (Sui) CODESPECT Not public
Tand3m Launchpad Smart Contract TON (Tact) Hashlock Report
BJustCoin SC Audit + Pentest Solidity / Web2 Monethic Report
Magic Beans Smart Contract Solana Monethic Report
Summitx Penetration Test Web2 Monethic Report
Dither Smart Contract - Oak Security Report
StylusPort Smart Contract - Oak Security Report
Zephyrus Smart Contract - Oak Security Report
Glue Vesting Smart Contract Substrate Hashlock Not public
PRXVT (Staking) Smart Contract Solidity Spearbit/Cantina Report
Panana Predictions Smart Contract Move (Aptos) Sherlock Not public

Competitive Audits

Contest Platform Rank Findings
Initia Move Code4rena #2 2H, 3M
ThreeS / Chromia Cantina #6 1H, 2M, 2L
Spectra Code4rena #2 1M
Revolution Protocol Code4rena #9 1H, 1M
Real Wagmi #2 Sherlock #6 1H, 1M
RabbitHole Quest Code4rena #9 1H, 2M

5 top-10 finishes | 2x second place

Tooling & Research

Built MAIA, an AI-powered smart contract auditing engine with 192 vulnerability detectors across EVM/Solidity, Move-Aptos, and Move-Sui - covering access control, oracle manipulation, vault accounting, liquidation logic, DEX/AMM invariants, governance, and cross-chain flows. Technical blog at luk3.tech. Author of Monethic blog.

Background

10+ years in offensive cybersecurity - penetration testing, red teaming, exploit development, and fuzzing. Beyond smart contracts, experienced in TEE security assessments, infrastructure audits (Kubernetes, Docker), and full-stack application security across C++, Java, Python, and PHP. Security training author for INE. Full web3 focus since 2022.

CVE Disclosures

CVE Vendor Type
CVE-2017-1181 IBM TEP Server SQL Injection
CVE-2017-1183 IBM TEP Server Authentication Bypass
CVE-2017-1182 IBM TEP Server OS Command Injection
CVE-2017-10059 Oracle BI Publisher Stored XSS
CVE-2017-10060 Oracle BI Publisher XXE
CVE-2017-10068 Oracle PeopleSoft XSS
CVE-2017-1631 IBM Tivoli Netcool CSRF
CVE-2018-6498 Micro Focus AutoPass RCE
CVE-2018-2651 Oracle PeopleSoft XXE
CVE-2018-2652 Oracle PeopleSoft SSRF
CVE-2018-2653 Oracle PeopleSoft XSLT Code Execution
CVE-2019-2932 Oracle PeopleSoft SSRF
CVE-2020-2563 Oracle Hyperion XSS
CVE-2020-5907 F5 TMOS Privilege Escalation
CVE-2021-3584 Red Hat Foreman Authenticated RCE
CVE-2021-21558 Dell EMC NetWorker Information Disclosure
CVE-2021-21559 Dell EMC NetWorker SSL Validation Bypass

About

A summary of my auditing/pentesting achievements.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors