Skip to content
View M3dython's full-sized avatar
↗️
Constantly striving for growth and impact
↗️
Constantly striving for growth and impact
14 followers · 14 following

Achievements

Achievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Pull Shark

Achievements

Achievement: QuickdrawAchievement: Pair ExtraordinaireAchievement: Pull Shark

Block or report M3dython

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
M3dython/README.md

Hi there, I'm M3dython 👋

Blockchain Security Researcher | Smart Contract Auditor | Full Stack Developer

🌐 m3dython.com

Identifying and mitigating vulnerabilities in decentralized protocols before they hit mainnet.

👨‍💻 About Me

I’m M3dython, a specialized Blockchain Security Researcher focused on DeFi protocol architecture. I actively compete in top-tier audit contests like Sherlock, where I’ve earned recognition for identifying High/Critical vulnerabilities in complex financial logic.

My mission is to help projects scale securely. I bridge the gap between raw code and business logic to prevent treasury-draining exploits.

  • 🔭 Focus: Advanced smart contract security patterns & auditing.
  • 🌱 Learning: Solidity Fuzzing (Foundry/Echidna) and Formal Verification.
  • 🛡️ Services: Available for private audits and consultation.
  • Fun fact: I find uncovering subtle logical flaws in Web3 protocols incredibly rewarding.

📬 Connect & Socials

Website Twitter LinkedIn Email

🛠️ Languages & Tools

🏆 Audit Track Record

Primary Platform: Sherlock Profile

Contest High Medium Report Rank
LEND (May '25) 4 1 Read Report 52nd
Burve (Apr '25) 3 - Read Report 8th
PinLink RWA (Mar '25) - - Read Report 39th
Yieldoor (Feb '25) 1 1 Read Report 15th

🔍 Detailed Findings Breakdown

📂 Click to expand specific vulnerability details

LEND Protocol (May '25)

  • Finding 1: CrossChainRouter uses incorrect collateral/token data during cross-chain liquidations, disrupting repayment logic.
  • Finding 2: _checkLiquidationValid logic flaw allows unfair liquidations or prevents valid ones.
  • Finding 3: Interest logic in borrowWithInterest understates cross-chain debt, risking insolvency.
  • Finding 4: CoreRouter prone to fund depletion due to miscalculated redemption payouts.
  • Finding 5: Liquidators may under-liquidate positions due to maxClose using incomplete accrued balances.

Burve Protocol (Apr '25)

  • Finding 1: Zero Tax Exploitation mechanism found in Withdrawal Function.
  • Finding 2: Internal vs External vault share mismatch potentially traps user funds.
  • Finding 3: Critical: ERC4626 inflation attack vector identified on underlying vault.

PinLink DePIN (Mar '25)

  • Finding: Centralized Oracle updates vulnerable to front-running, causing user payout loss.

Yieldoor (Feb '25)

  • Finding 1: Uninitialized feeRecipient diverts protocol fees to zero address (revenue loss).
  • Finding 2: Calculation error impacts leveraged position holders.

🎓 Educational & Open Source

  • Damn Vulnerable DeFi Solutions: My personal write-ups and solutions for the DVD wargame. View Repository

© 2025 M3dython. Open for audits and collaboration.

Pinned Loading

  1. DAMN-DEFI DAMN-DEFI Public

    Solidity 3

  2. ethereum/ethereum-org-website ethereum/ethereum-org-website Public

    Ethereum.org is a primary online resource for the Ethereum community.

    Markdown 5.8k 5.4k