This repository highlights 0kSecurity, also known as zeroK, showcasing my expertise and achievements over 1 year as bug hunter in the Web3 security field.
- About zeroK
- Expertise
- top 5 reports
- Attackathon
- Invite-only-program
- contests
- Bug bounties
- private audit
I'm security researcher with two years of experience in the Web3 security field. Specializing in Solidity, Sway, EVMs, and DeFi protocols, I also brings expertise in the Fuel blockchain ecosystem(fuelVM). Starting as a warden on CodeArena then i transitioned to bug hunting on Immunefi, achieved Elite Rank (ranked 40th for 2024) in just 8 months from zero programming background. You can explore my Immunefi portfolio here, I've been actively involved in contests and bug bounties on Immunefi, and found over 20 valid reports, and participated in the Fuel Attackathon, mastering the Fuel ecosystem within just 15 days.
Lately, I have started providing private security reviews in the Web3 space. If you’re interested in getting a quick and professional private quote, feel free to reach out via:
- Telegram @zero0K.
- X account @0K_Security
- Discord @0k_sec.
| Expertise | Proficiency |
|---|---|
| Solidity | ⚡⚡⚡⚡⚡ |
| EVM | ⚡⚡⚡⚡⚡ |
| sway | ⚡⚡⚡⚡⚡ |
| fuel VM | ⚡⚡⚡⚡⚡ |
| DEFI | ⚡⚡⚡⚡⚡ |
This list includes the top reports from my participation in contests and attackathons. Please note that the details for BBP reports are not shared publicly yet, as permission required for the BBP reports. This list is subject to change as I discover new creative and worthy bugs.
| Contest/BBP/Attackathon | Status | Work Duration | Severity | State | Report | Platform |
|---|---|---|---|---|---|---|
| Fuel Attackathon | PAID | 17-20 days | HIGH | Chief Finder | Link | Immunefi |
| Fuel Attackathon | PAID | 17-20 days | HIGH | Chief Finder | Link | Immunefi |
| ThunderNFT | PAID | 17 days | HIGH | Chief Finder | Link | Immunefi |
| ThunderNFT | PAID | 17 days | Medium | Chief Finder | Link | Immunefi |
| ALCHEMIX veALCX | PAID | 7-10 days | Medium | Chief Finder | Link | Immunefi |
| attackathon | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
|---|---|---|---|---|---|---|
| fuel attackathon | PAIDs | 5th | 17-20 days | 3 high, 5 low/insights | Link | Immunefi |
| IOP | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
|---|---|---|---|---|---|---|
| ThunderNFT | PAIDs | 2th | 17 days | 3 high, 2 medium, 3 low/insights | Link | Immunefi |
| Contest/boost | Status | Rank | Work Duration | vulnerability discovered | Report | Platform |
|---|---|---|---|---|---|---|
| ALCHEMIX veALCX | PAIDs | 15th | 7-10 days | 2 critical, 1 medium, 1low | Link | Immunefi |
| Contest | status | work Duration | Severity | Report | Platform |
|---|---|---|---|---|---|
| APE coin | PAID | 12 days | Medium | soon | Immunefi |
| waiting for permission | NOT PAID (non-mentioned known issue) | 6 days | Critical | waiting for permission | Immunefi |
| waiting for permission | PAID | 6 days | Low | waiting for approval | Immunefi |
| waiting for permission | PAID | 15 days | Medium | waiting for approval | Immunefi |
| waiting for permission | PAID | 4 days | Low | waiting for approval | Immunefi |
I started performing private audits in January 2025 and have since completed two audits with the Shieldify team. During these engagements, I worked diligently to identify and address potential vulnerabilities, ensuring the clients codebases were as secure and reliable as possible.
| Private Audit | Required Duration | Client Platform/Website | Vulnerability Discovered | Report |
|---|---|---|---|---|
| guanciale veGuan | 2 days | link | soon | soon |
| guanciale wheel contract | 3 days | link | soon | soon |