Public engagements delivered as Zealynx (founded 2023) and as contractor for partner firms. Click into any report for the full write-up; click into a finding for the citable artifact.
41 audits total · 31 by Zealynx · 10 by Carlos (Bloqarl) as contractor (Cyfrin · Pashov Audit Group · Sherlock · Codespect · Composable Security)
Backend pentest of the Dripster NestJS API, covering auth, business logic, rate limiting, and Polymarket integration. 21 issues identified (1 High, 4 Medium); 13 fixed during the engagement.
Custodial USDC vault opening leveraged Polymarket positions on Polygon. 17 issues identified (2 Medium, no Critical/High); 9 fixed, 8 acknowledged.
BNB ↔ YadaCoin cross-chain bridge with KERI key registry and ERC-2612 permits. 28 issues identified (3 Critical, 2 High); all fixed before mainnet.
TypeScript backend and provably-fair pentest for Fair Casino. 13 issues identified (4 High, 6 Medium, 3 Low), all fixed and verified.
Follow-on pentest of the Fair Casino SOL→FAIR swap flow. 2 High issues identified in the WebSocket confirmation layer, both fixed and verified.
Solana vault program with PDA token custody and Ed25519 instruction introspection. 5 issues identified (1 High, 1 Medium, 3 Low), all fixed and verified.
Blackbox pentest of the Novaswap frontend and Mynth API endpoints. 9 issues identified (1 Medium, 4 Low, 4 Informational), all fixed and verified.
TypeScript audit via Pashov Audit Group. Report not public.
Autonomous on-chain raffle protocol with Chainlink VRF, multi-level referrals, vesting, and BTC treasury. 22 issues identified (3 Critical, 5 High); 14 fixed and 8 acknowledged.
Solidity audit of a decentralized pixel-lottery protocol with Chainlink VRF and shareholder rewards. 10 issues identified (1 Critical, 3 High); all C/H/M/L addressed.
Cross-chain intent protocol audit via Sherlock. Engagement details under NDA.
TypeScript audit and pentest for Hyperlines (IPAL Network). 11 issues identified (3 High, 7 Medium, 1 Informational), 10 fixed and 1 acknowledged.
