Engagements
Practice on intentionally vulnerable Solana targets
Practice on intentionally vulnerable Solana targets
A multi-component lending system with oracle feeds and liquidation. No single bug is enough — you'll need to chain them.
A yield vault with share-based accounting. The math is clean — until you look at what happens with very small numbers.
A cross-program router that proxies CPI calls to whitelisted programs. The whitelist enforcement might not be airtight.
A token escrow for trustless swaps between two parties. Both sides deposit, then release. Clean and simple — mostly.
A token staking protocol where users lock tokens into derived accounts. The derivation logic is... interesting.
A protocol settings manager with a global config PDA. Simple program — but who's actually allowed to change things?
A straightforward Anchor vault that stores SOL. Deposits work fine — but something feels off about withdrawals.