Skip to main content
MemCyber
Web3 / Infrastructure Contest Audit 1 week

Case study

Move-based L1 Protocol

Cantina / Sherlock-style contest contribution on a Move-based protocol. Found capability model misuse that allowed unauthorized object mutation.

Contest rank
Top tier
Critical findings
2
Timeline
1 week
Mainnet impact
Fixed pre-launch

Findings summary

2 Critical 2 High 4 Medium 8 total findings

Problem

The brief.

A Move-based L1 protocol ran a public audit contest before mainnet launch. Competitive format: one week, dozens of researchers.

Approach

How we ran it.

Targeted the capability and object model specifically — areas less familiar to Solidity-native auditors. Reviewed every `has store` capability and every shared-object entry point.

Result

What changed.

Two Critical findings in capability-model misuse: AdminCap transferability lock-out and unauthorized shared-object mutation path. Both rewarded at top tier; fixed before mainnet.

Methodology

What we did.

  • Move capability + object audit
  • Shared vs owned object modeling
  • Invariant testing in Move CLI
  • Contest-format severity mapping

Outcome

Top-tier finding awarded; issue fixed pre-deployment.

← Previous
Southeast Asian Investment App
Next →
SaaS Compliance Platform

Similar stack?

We run targeted assessments against exactly these classes of problem. Named reference available on request.

Request Assessment