01About Zealynx

A firm. A research team. A peer review before mainnet.
The second mind for the protocols that ship money.

A hand resting on a closed laptop next to an open notebook of handwritten audit notes on a dark wooden desk
Poland  ·  Spain  ·  Brasil  ·  Est. 2024Request an audit
02From the founder

I'm from Valencia, I work from Wrocław, and I started Zealynx because the audit I wanted to receive didn't exist.

Most security firms claim full-stack and deliver narrow. We split this firm in two so it's literally true: smart contracts is my desk, Web2 and AI is Fernando's. The senior who signs your report is the senior who read your code.

Forty-one published reports later, the discipline still comes down to one rule for me: refuse the jobs you can't kill. Take the ones you can finish. Publish what you're allowed to.

Carlos, Founder.
03Practices

Two practices, one firm.

01Smart Contract Audits

Fuzzing, formal verification, manual review. The discipline Zealynx was built on. Led by Carlos.

Carlos Vendrell (Bloqarl), Founder and Senior Auditor at Zealynx Security
Carlos
Founder and Senior Auditor · Poland
XLinkedInGitHubMedium
Recognition
ETH Security Researcher Badge
Recognised by The DAO Fund
Read the badge story →
Uniswap v4 Documentation
Contributor · docs.uniswap.org
Open →
Interviewed by Immunefi
YouTube · 2023
Open →
Interviewed by Hacken Proof
YouTube · long-form
Open →
Featured by Cyfrin
From QA Engineer to Web3 Security Expert · Blog
Open →
02Web2, Pentest, AI Security

Application pentesting, AI / LLM / MCP security assessments, red team operations. The other half of full-stack. Led by Fernando.

Fernando (Maverick), Senior Auditor at Zealynx Security, Principal Red Team Specialist at Red Hat
Fernando
Senior Auditor · Spain
XLinkedInGitHubSherlock
Recognition
Principal Red Team Specialist
Red Hat
10+ years

Leading offensive security operations and red team engagements for enterprise clients. Advanced penetration testing, vulnerability assessments, and security architecture reviews.

CWEECertified Web Exploitation Expert
Hack The Box · Nov 2025. One of ~200 holders worldwide.
Verify credential →
OSCPOffSec Certified Professional
Offensive Security. Industry gold standard for penetration testing.
Verify credential →
CRTPCertified Red Team Professional
Pentester Academy / INE. Active Directory attack expertise.
Verify credential →
IBMQiskit Advocate
One of 32+ certifications spanning Web2, Cloud, Network, and Quantum.
Verify credential →

Every engagement is delivered by the practice lead. No juniors. No subcontractors.

04Convictions
01

We do not stretch to fit

Engagements we cannot finish on our own bar, we do not take. Capacity is the wrong lens. Fit is the right one.

02

What we found, not how many

We report exploitable bugs and dangerous patterns. We do not pad mediums to make a histogram look diligent.

03

The auditor who signs ran the work

Smart contracts, Carlos. Web2 and AI, Fernando. The signature is a promise about who read the code, not a corporate stamp.

04

Everything we are allowed to publish, we publish

Forty-one reports live, including the ones we did not love. We would rather be fact-checkable than flattering.

05

A workspace, not an attachment

Findings, fixes, retests, evidence. One URL. Hand it to whoever audits you next. portal.zealynx.io →

05Library

Reports.

Lido
Smart contract audit · staking
Q2 2026
Redstone
Smart contract audit · oracle
Q1 2026
BadgerDAO
Smart contract audit · vault strategy
Q4 2024
Aurora
Smart contract audit · L2 bridge
Q2 2024
Initia
Smart contract audit · core protocol
Q2 2025
Sodax
Smart contract audit · DeFi primitives
Q3 2025
Matchain
Smart contract audit · L1 modules
Q2 2025
RAAC
Smart contract audit · lending
Q2 2025
Rayls
Audit grant · permissioned subnet
Q4 2024
33 more
Across 37 clients · 2024 – now
Library
View all 41 reports →
41 published · 37 clients · 2024 – now
06Give-first

What we return to the ecosystem.

01

Zealynx Audit Grants

Free and grant-funded audits for protocols we believe in, before they can pay for the room.
New program
First round opening soon
grants.zealynx.io
02

Zealynx Academy

Build-first security education. Real protocols, real bugs, no curriculum theatre.
200+ learners
2 live protocol modules
More shipping monthly
academy.zealynx.io
03

Krait, open source

Our AI security tool. MIT-licensed. We use it on every Zealynx audit, and so can you.
90% precision across 40 blind Code4rena contests
Zero API cost
MIT licensed
krait.zealynx.io
07Growth

Growth.

Sam (M3dython), Growth at Zealynx Security
Sam (M3dython)
Growth · Brasil
m3dython.comXLinkedInGitHub

Helps drive growth at Zealynx. Security researcher in his own time, so the first conversation is technical, not transactional.

Business development

AlessandroTelegram →
FrancescoTelegram →
© Zealynx Security · Founded 2024 · Poland · Spain · Brasil · We do not subcontract.
XLinkedInGitHubTelegram· zealynx.io