Every Zealynx engagement we’ve been cleared to publish. This is a curated public catalogue (not an exhaustive list) of the smart contract code we’ve reviewed. Click into any report to see the full write-up; click into a finding to see the citable artifact.
Backend pentest of the Dripster NestJS API, covering auth, business logic, rate limiting, and Polymarket integration. 21 issues identified (1 High, 4 Medium); 13 fixed during the engagement.
Custodial USDC vault opening leveraged Polymarket positions on Polygon. 17 issues identified (2 Medium, no Critical/High); 9 fixed, 8 acknowledged.
BNB ↔ YadaCoin cross-chain bridge with KERI key registry and ERC-2612 permits. 28 issues identified (3 Critical, 2 High); all fixed before mainnet.
Solana vault program with PDA token custody and Ed25519 instruction introspection. 5 issues identified (1 High, 1 Medium, 3 Low), all fixed and verified.
Autonomous on-chain raffle protocol with Chainlink VRF, multi-level referrals, vesting, and BTC treasury. 22 issues identified (3 Critical, 5 High); 14 fixed and 8 acknowledged.
Solidity audit of a decentralized pixel-lottery protocol with Chainlink VRF and shareholder rewards. 10 issues identified (1 Critical, 3 High); all C/H/M/L addressed.
Mira Binned Liquidity AMM on Fuel, co-audit with Codespect and Braniac via Immunefi. 10 issues identified (2 High, 4 Medium); 9 fixed and 1 acknowledged.
NFT-gated knowledge marketplace with subscriptions, co-ownership splits, and upgradeable proxies. 18 issues identified (1 Critical, 3 High); 15 fixed and 3 acknowledged.
Matchain MAT token liquid staking pools, halving rewards, and fee distribution vault. 23 issues identified (6 High); 18 fixed and 5 acknowledged.
Genesis License NFT and staking contracts on Matchain. 14 issues identified (1 Critical, 1 High, 1 Medium); 4 fixed and 10 acknowledged.
Staking contract with NFT-boosted rewards for an IP tokenization protocol. 21 issues identified (1 High, 4 Medium); all 10 non-informational findings fixed and verified.
Trust-minimized ERC-20 escrow protocol with delayed settlement. 6 issues identified (2 Medium, 2 Low, 2 Informational); ERC-20 edge cases and docs gaps.
EVM Merkle distributor for airdrops and vesting (ERC-20, ERC-721, NFT-gated). 4 issues identified (1 Medium, 1 Low, 2 Info). Co-audit with CODESPECT.
Co-audit with CODESPECT of RedStone's Consumer and Price Feed oracle components. 5 issues identified across 1,236 SLOC; 2 fixed, 3 acknowledged.
BTC-collateralized yield vault issuing stEBTC. 6 issues identified (1 Medium precision loss, 3 Low, 2 Informational); all acknowledged.
Two-week audit of Monadex V1, a Uniswap V2-style DEX with a Pyth-oracle raffle on Monad. 16 issues identified across 1,021 nSLOC (2 Critical, 2 High).
Co-audit of Lido's Community Staking Module with Shieldify. 2 Low findings on bond-lock arithmetic and fee-on-transfer accounting.
Co-audit (with AuditOne) of the Rainbow Bridge NEAR connector for trustless ERC-20 transfers between Ethereum and NEAR. 13 issues identified; 4 fixed, 9 acknowledged.
HealthFi vault and points contracts using NFTs as collateral. 7 issues identified (3 Medium, 4 Low) covering ERC20 safety, decimals handling, and signature verification.
Decentralized index fund where community-ranked traders dictate the asset allocation. 17 issues identified (3 High, 8 Low, 6 Informational), all acknowledged.
ERC-4337 Account Abstraction SDK with subscription-based recurring payments. 10 issues identified (2 High, 3 Medium); all fixed.
OpenSea ERC-1155 NFT contract on Polygon with native meta-transaction support. 12 findings (4 High, 2 Medium) covering gas griefing, reentrancy, and unbounded loop risks. Co-audit with Soken.
