Let Us Help You Connect
Our team can assist with project requirements, timeline coordination, and finding the perfect match
Portfolio & Experience
Detailed audit history and technical expertise
AuditPortfolio
About
Oot2k has collaborated with leading security platforms such as Sherlock, Immunefi, and Bailsec to help secure high-profile projects including Aave, 1inch, Symbiotic, and Nouns DAO. They have completed a total of 33 security audits and submitted three rewarded reports through bug bounty platforms. Several of these audits were conducted in collaboration with renowned auditors including thekmj and Shogoki. Their work primarily focuses on decentralized finance (DeFi), with a selection of their most interesting findings highlighted below under Interesting Discoveries.
Live vulnerabilities
| Company | Date | Platform | Severity | Report |
|---|---|---|---|---|
| EUROe Stable coin | 15.01.2024 | Live code | Low | - |
| Undisclosed | 20.12.2023 | Live code | Critical (13M at risk) | - |
| Ankr | 10.12.2023 | Immunefi | Low | - |
Security Audits and Bug Bounty Contests
| Contest / Company | Date | Platform | Rank | Report | Team |
|---|---|---|---|---|---|
| Hydrex Finance | 04.08.2025 | Sherlock | Researcher | - | - |
| MetaLend Rebalancer | 05.08.2025 | Sherlock | Researcher | - | - |
| Tree Protocol | 18.07.2025 | Solo | Researcher | - | - |
| 40acres Update | 05.07.2025 | Sherlock | Researcher | - | - |
| Symbiotic Middleware SDK | 28.05.2025 | Bail Sec | Researcher | - | - |
| MetaLend Rebalancer | 25.05.2025 | Sherlock | Researcher | - | - |
| Based opinion markets | 19.05.2025 | Solo | Researcher | - | - |
| Lazy Bear | 05.05.2025 | Sherlock | Researcher | - | - |
| 40acres Update | 22.04.2025 | Sherlock | Researcher | - | - |
| 1Inch | 17.04.2025 | Sherlock | Researcher | - | - |
| Tree Protocol NFT | 15.02.2025 | Solo | Researcher | - | - |
| 40acres | 25.03.2025 | Sherlock | Researcher | - | - |
| Dodo Swap Velo Fork | 20.03.2025 | Sherlock | Researcher | - | - |
| MetaLend | 01.02.2025 | Sherlock | Researcher | - | - |
| Parallel Protocol Audit 2 | 01.01.2025 | Bail Sec | Researcher | - | - |
| Parallel Protocol Audit | 11.12.2024 | Bail Sec | Peer Auditor | - | - |
| Covalent | 24.10.2024 | Sherlock | First | - | PUSH0 |
| Predict.fun | 24.10.2024 | Sherlock | First | - | PUSH0 |
| Magic Sea | 24.07.2024 | Sherlock | Lead | - | PUSH0 |
| Terrace | 01.06.2024 | Sherlock | First | - | PUSH0 |
| Arcadia Update | 25.04.2024 | Sherlock | 2. | Link | PUSH0 |
| Perpetual | 18.03.2024 | Sherlock | 3. | Link | PUSH0 |
| Arcadia | 16.02.2024 | Sherlock | 4. | Link | PUSH0 |
| Covalent | 22.01.2024 | Sherlock | First | Link | PUSH0 |
| Nouns Builder | 01.12.2023 | Sherlock | First | Link | Silent Defenders of DeFi |
| LooksRare | 04.11.2023 | Sherlock | 4. | Link | Silent Defenders of DeFi |
| Perennial V2 Update #1 Judging | 14.11.2023 | Sherlock | First | Link | |
| Notional V3 Judging | 15.05.2023 | Sherlock | 2. | Link |
Supporting roles (Judge)
Oot2k has been the lead judge in multiple audit contests. In this role, they are responsible for creating the final report of all issues found during a bug bounty competition. To do this well, judges need a strong understanding of the system or protocol being tested so they can decide which issues should be included in the report for the client.
| Company | Date | Platform | Role | Report |
|---|---|---|---|---|
| Aave v3.3 | 01.01.2025 | Sherlock | Lead Judge | - |
| Symbiotic Middleware SDK | 22.07.2025 | Sherlock | Lead Judge | - |
| Nouns DAO | 01.12.2024 | Sherlock | Lead Judge | - |
| Dinari | 06.07.2023 | Sherlock | Lead Judge | Link |
| Bond Options Judging | 08.07.2023 | Sherlock | Lead Judge | Link |
Glossary
Security contests
Cybersecurity contests are conducted on live code or code that is about to be released.
These competitions are mostly open to the public, where anyone can submit potential vulnerabilities to the development team behind the codebase.
Contests are a great form of audit because more people are looking at the code.
Judge
A judge on a bug bounty platform is someone who reviews security reports submitted by participants, verifies whether the issues are valid, and decides their severity and relevance. They ensure only accurate, impactful findings are included in the final results for the client.