About
Smart Contract Reviews, Blockchain/DLT Security, Fuzzing, Formal Verification
Kenzo
I’m a Web3 security researcher with 2+ years of experience in Smart contract auditing, Blockchain/DLT security, Stateful Fuzzing, Formal Verification and more. I have found bugs in major protocols like Injective, Zetachain, Beanstalk, Alchemix, Starknet etc.
I also run Shred Security as the co-founder where I work on auditing on complex defi protocols and blockchain DLT systems. I have also published open-source tools and resources for the community, including the Protocol Deployment Checklist, Incident Response Checklist, and HackViz.
Bug bounty
Selected vulnerability disclosures (some private).
| Date | Program | Language | Category | Severity | Platform | Write-up |
|---|---|---|---|---|---|---|
| 09/2025 | Injective | Rust | Blockchain/DLT | Critical | Immunefi | Private |
| 05/2026 | Openzeppelin | Rust | Blockchain/DLT | Low | Immunefi | Private |
Private audits
Selected private engagements and reports.
Contests
Selected Public audit contests which earned decent earning
| Contest | Language | Platform | Findings |
|---|---|---|---|
| Superposition | Rust | C4 | 2 High, 3 Medium |
| Alchemix | Rust | Immunefi | 3 High, 1 Medium |
| Starknet | Cairo | CodeHawks | 4 Medium |
| Goat.Tech | Solidity | Cantina | 1 High, 2 Medium |
| Belong | Solidity | Immunefi | 2 Medium, 1 Low |
| BlackHole | Solidity | C4 | 1 High, 1 Medium |
| Zetachain | Rust, Solana | Cantina | 1 High, 1 Medium |
| Puffer Finance | Rust | Immunefi | 1 Medium, 1 Low |
| BeanStalk | Solidity | CodeHawks | 1 High |
| Space and Time | Rust | Cantina | 1 Medium |
| Ramses Exchange | Solidity | C4 | 1 Medium |
Public works
Tools and resources published publicly (hosted on a website).