0xluk3

Connect

TelegramTwitterGitHub

0xluk3

Web2 & Web3 security researcher since 2022. Move, Rust (Solana, Cosmwasm etc), EVM. 10 yrs in penetration testing.

Available
4 years experience
Vetted

Programming Languages

MoveRustSolidity

Expertise & Skills

WalletCross-chainLendingAMMStaking

Let Us Help You Connect

Our team can assist with project requirements, timeline coordination, and finding the perfect match

Get Support

Portfolio & Experience

Detailed audit history and technical expertise

Portfolio

Who am I

I am an offensive cybersecurity professional with 10 years in the industry with a solid pentesting/red teaming background. Since more than 3 years present in web3, auditing Smart Contracts and assessing security of other blockchain-related tech. I do specialize in EVM (Solidity), Move (Sui/Aptos) and Rust-based languages such as CosmWasm and Solana. I am proficient with blockchain-related technologies such as blockchain-specific web2 threats, auditing wallets, metamask snaps and backend infrastructure, discord and telegram bots, bridge offchain components and any other hybrid web2/3 solutions. Currently I am an independent auditor working with firms such as, but not limited to: Oak Security, Spearbit (ASR) and Zenith.

Scored several TOP10 places in contests such as Sherlock, Code4rena and Cantina. My Cantina profile is available here. Moreover I am Co-Founder of Monethic.

Web3

Contest results

Note: In some of them participating as ArmedGoose

DatePlatformProtocolPositionFindings
March 2025Code4ArenaInitia Move22H, 3M
April 2024Code4ArenaDYADN/A2H, 3M
March 2024Code4ArenaSpectra21M
December 2023Code4ArenaRevolution Protocol91H, 1M
October 2023SherlockReal Wagmi #261M
September 2023Code4ArenaDopexN/A1M
September 2023SherlockAllo V2 / GitcoinN/A2M
August 2023SherlockDinari171M
January 2023Code4ArenaRabbitHole Quest Protocol181H, 2M

Audit repoirts (both solo and team engagements)

Protocol NameTechReport Link
Crash GameWeb2Report
Drop Initia LPMove (Aptos)Report
IOTAMove (Sui)Report not yet public
Tand3m LaunchpadTON (Tact)Report
Cabal - backend servicesWeb2Report not yet public
Cabal - liquid staking tokenMove (Aptos)Report not yet public
ArchieSolana, Web2Report not yet public
Dexlyn BridgeMove (Aptos)Report
Balanced NetworkMove (Sui)Report
U2U Mobile WalletMobile AppReport
Magma CoreCosmWasmReport
AgriDexSolana, Web2Report
SendItCosmWasmReport
Glue VestingSubstrateReport not yet public
Astroport UpdatesCosmWasmReport
Dark MythosSolidityReport
Xtreamly Metamask SnapWeb2Report
Cypher AutoloadSolidityReport
Hydro ProtocolCosmWasmReport
MELDSolidityReport
Hello Labs - BridgeSolanaReport
Satay FinanceMove (Aptos)Report
Pontem Network - LiquidswapMoveReport

Articles written

TopicDateLink
MOVE demystified part 32024Medium
MOVE demystified part 22024Medium
MOVE demystified part 12024Medium
Deep dive into ERC4626 issues2024Medium
Proxy vulnerabilities part 22023Medium
Proxy vulnerabilities part 12023Medium
Ethereum signatures for hackers2023Medium
A guide to reentrancy2023Medium

Web 2

0 day vulnerabilities found which were assigned CVE numbers - mostly web applications

CVEDescriptionDetails
CVE-2017-1181
CVE-2017-1183
CVE-2017-11821		IBM TEP Server - SQL Injection, Authorization Bypass, OS Command InjectionSecurity advisory
CVE-2017-10059Oracle BI Publisher - Stored XSSSecurity advisory
CVE-2017-10060Oracle BI Publisher XXESecurity advisory
CVE-2017-10068
CVE-2018-2651
CVE-2018-2652
CVE-2018-2653
CVE-2018-2695		BI Publisher, PeopleSoft Enterprise PeopleTools XSS, XXE, SSRF, XSLT executionSecurity advisory
CVE-2017-1631Tivoli Netcool/OMNIbus WebGUI CSRFSecurity advisory
CVE-2018-6498
CVE-2018-6499		Microfocus - AutoPass License Server Remote Code ExecutionSecurity advisory
CVE-2020-2563Oracle Hyperion Cross-Site ScriptingSecurity advisory
CVE-2019-2932Oracle PeopleSoft Tree Manager SSRFSecurity advisory
CVE-2020-5907F5 TMOS Shell privilege escalation vulnerabilitySecurity advisory
CVE-2021-21558
CVE-2021-21559		Dell EMC NetWorker information disclosure & vulnerability in SSL validation logicSecurity advisory