Case Studies
Client names are anonymized by default — NDAs come first. Each summary below is a real engagement. Named references, detailed reports, and retest artifacts are available to qualified prospects on request.
Grey-box assessment against a high-traffic sportsbook. Critical IDOR chain on wallet endpoint allowed balance manipulation across tenants.
Prevented cross-tenant balance manipulation at scale. All critical and high findings patched within 30 days; retest closed with zero outstanding issues.
Read full case studySolidity audit of a lending market. Identified a rounding-direction flaw that let attackers drain dust from liquidation rewards across positions.
Protocol launched to mainnet with zero post-launch incidents. Fix verified via Foundry invariant suite, saving an estimated six-figure exploit loss.
Read full case studyOngoing private engagement on consumer banking stack. Discovered KYC bypass via predictable document ID, plus card-tokenization scope confusion.
Client cleared SOC 2 Type II observation on vulnerability management using our reports as audit evidence. Estimated 6-week remediation saved vs. comparable incidents.
Read full case studyREST + WebSocket assessment of a retail investment platform. BOLA on portfolio endpoint exposed other users’ holdings; rate-limit bypass on OTP.
Critical issues triaged within 48 hours. Public disclosure coordinated 90 days post-fix with zero regulator escalation.
Read full case studyCantina / Sherlock-style contest contribution on a Move-based protocol. Found capability model misuse that allowed unauthorized object mutation.
Static review of a Node.js + Postgres compliance product. Surfaced authn primitive misuse, SSRF in import tooling, and dependency confusion risk.
Remediation roadmap delivered; client shipped v2 of auth layer within a quarter.
Read full case studyProcurement or board sign-off usually needs named references. We can connect you to past clients who have given written consent for reference calls.