This repository is a long-term, public research log focused on Web3 security.
It documents real-world vulnerability research, bug bounty and audit work, and rule-level security analysis derived from both historical exploits and live protocols. The goal is not only to identify individual bugs, but to extract reusable security patterns and fundamental rules that govern adversarial systems.
My workflow combines continuous real-world practice with structured abstraction:
- Daily participation in live bug bounty and audit platforms (e.g. Immunefi, Code4rena)
- Root-cause analysis of vulnerabilities beyond surface-level symptoms
- Pattern extraction from historical and contemporary exploits
- Rule-level security reasoning (assumptions, incentives, evaluation mechanisms)
- AI-assisted analysis with human verification and final judgment
All conclusions documented here are validated through independent reasoning and cross-referenced with real-world cases.
Current research and practice areas include:
- Smart contract logic and protocol-level vulnerabilities
- Economic and incentive-based attack surfaces
- Governance, evaluation, and rule-design failures
- Security implications of AI-assisted and algorithmic systems
- Long-horizon security invariants across different chains and architectures
This repository serves as a continuously evolving archive of security understanding, rather than a collection of isolated reports.