Let Us Help You Connect
Our team can assist with project requirements, timeline coordination, and finding the perfect match
Portfolio & Experience
Detailed audit history and technical expertise
oakcobalt Security Research
Ranking
- x5 First place
- x19 Top 3
- #6 on Code4Rena 2024
Audit Experience
See below a curated list of public contest or private audits:
- 2023.04: Teller Protocol Audit on Sherlock (Rank No.7 out of 230)
- 2023.06: Iron Bank Protocol Audit on Sherlock (Rank No.4 out of 271)
- 2023.06: Ajna Protocol Audit on Sherlock (Rank No.3 out of 155)
- 2023.07: Basin Protocol Audit on Code4rena (Rank No.3 Report)
- 2023.08: Shell Protocol Part1 Audit on Code4rena (Rank No.3 Report)
- 2023.11: Shell Protocol Part2 Audit on Code4rena (Rank No.2 Report )
- 2023.12: ZetaChain Protocol Audit on Code4rena (Rank No.3 Report)
- 2024.01: Salty.IO Protocol Audit on Code4rena (Rank No.9)
- 2024.02: Thruster Protocol Private Audit on Code4rena (Rank No.3 Report)
- 2024.02: HydraDx Protocol Private Audit on Code4rena (Rank No.9)
- 2024.03: Gitcoin Protocol Private Audit on Code4rena (Rank No.1 Report)
- 2024.03: zkSync Era Protocol Private Audit on Code4rena (Rank No.2 Report)
- 2024.04: Gitcoin Protocol Mitigation Private Audit on Code4rena (Rank No.1)
- 2024.04: Canto Protocol Private Audit on Code4rena (Rank No.1 Report)
- 2024.04: Gondi Protocol Private Audit on Code4rena (Rank No.3 Report)
- 2024.05: Gondi Protocol Mitigation Private Audit on Code4rena (Rank No.2 Report)
- 2024.06: Gondi Protocol Private Audit on Code4rena (Rank No.1 Report)
- 2024.08: BendDao Protocol Private Audit on Code4rena (Rank No.3 Report)
- 2024.09: Superposition Protocol Audit on Code4rena(Rank No.2 Report)
- 2024.09: Kakarot Audit on Code4rena (Rank No.6)
- 2024.11: Mantra Dex Audit on Code4rena (Rank No.2 Report)
- 2025.01: Gondi Private Audit with Zenith (Report)
- 2025.01: BendDao(NFT backed lending) (Rank No.1 Report)
- 2025.02: Gondi Pool Handler Private Audit with Zenith
- 2025.02: Initia Cosmos on Code4rena (Rank No.5 Report)
- 2025.03: Blend V2 on Code4rena (Rank No.2 Report)
- 2025.03: Silo Finance on Code4rena (Rank No.4 Report)
- 2025.05: Virtuals on Code4rena (Rank No.2 Report)
- 2025.06: CircuitDao on Cantina (Rank No.5)
Findings
See below some highlights of findings:
| Protocol | Type | Report | Key Findings & Learnings |
|---|---|---|---|
| Superposition - Concentrated liquidity AMM - 2024.09 | Rust, ERC20, Stylus | link | - Confirmed findings: 4 High 5 Medium - Example Finding: High: swapOut functions have invalid slippage check, causing user loss of funds |
| BendDao - Composable lending and leveraging - 2024.08 | Solidity, ERC20, ERC721 | link | - Confirmed findings: 5 High 10 Medium - Example Finding: Medium: Incorrect accounting of utilization, supply / borrow rates due to vulnerable implementation in IsolateLogic::executeIsolateLiquidate |
| Gondi - NFT lending,capital efficient loan primitive - 2024.04 | Solidity, ERC20, ERC721 | link | - Confirmed findings: 5 High 10 Medium - Example Finding: High: Incorrect circular array check in _updatePendingWithdrawalWithQueue flow , causing received funds added to the wrong queues |
| Canto - L1 Blockchain, omnichain messaging - 2024.03 | Solidity, LayerZero | link | - Confirmed findings: 2 High 2 Medium - Example Finding: Medium: asdRouter.sol is at risk of DOS due to vulnerable implementation of NOTE address |
| Gitcoin Passport - Identify staking - 2024.04 | Solidity, ERC20 | link | - Confirmed findings: 2 High - Example Finding: High: userTotalStaked invariant will be broken due to vulnerable implementations in release() |
| zkSync Era - L2 scaling, briding, migration - 2024.03 | Solidity, Yul | link | - Confirmed findings: 3 Medium - Example Finding: Medium: User might be able to double withdraw during migration |
| Thruster - Dex, Uniswap v2/v3 fork - 2024.02 | Solidity, Blast | link | - Confirmed findings: 3 Medium - Example Finding: Medium: Lottery winners might lose some of their entitled prize due to vulnerable implementation in claimPrizesForRound() |
| HydraDX - Dex on polkadot, omnipool - 2024.02 | Rust, Substrate | link | - Confirmed findings: 3 Medium - Example Finding: Medium: In Omnipool, Users will be over charged withdrawal_fee when the withdrawal is safe |
| Salty.IO - Dex, autromqtic arbitrage, stablecoin - 2024.01 | Solidity, ERC20 | link | - Confirmed findings: 1 High 5 Medium - Example Finding: High: USDS repaid will not be transferred to Liquidizer, but Liquidizer will still burn the amount of USDS in upkeep, causing Liquidizer always draining protocol owned liquidity |
| ZetaChain - L1 blockchain, crosschain - 2023.12 | Solidity, Go, Cosmo-sdk | link | - Confirmed findings: 2 High 5 Medium - Example Finding: High: In ZetaTokenConsumerTrident. strategy.sol, swapping zeta for other tokens will always revert due to incorrect exactInputSingle router method being used |
| Shell - Dynamic Liquidity Concentration AMMs - 2023.08 | Solidity, ERC-1155 | link | - Confirmed findings: 1 High - Example Finding: High: checkBalances can be bypassed, resulting in untested and unsafe parameters of the bonding curve being used |
| Basin - Composable AMMs - 2023.07 | Solidity, ERC-20 | link | - Confirmed findings: 1 High 1 Medium - Example Finding: Medium: Single hardcoded cap used for multiple tokens in a pump causing some assets to be more stale, while having no effects on other stable assets |
| Ajna - Lending and borrowing with no price feeds - 2023.06 | Solidity, ERC-20 | link | - Confirmed findings: 1 Medium - Example Finding: Medium: Lenders lose interests and pay deposit fees due to no slippage control |
| Iron Bank - Lending and borrowing - 2023.05 | Solidity, ERC-20 | link | - Confirmed findings: 3 Medium - Example Finding: Medium: Wrong Price will be Returned When Asset is PToken for WstETH |
| Teller - Lending and borrowing - 2023.04 | Solidity, ERC-20 | link | - Confirmed findings: 1 Medium - Example Finding: Medium: Premature Liquidation When a Borrower Pays early |