Portfolio of Audits & Responsible Disclosures

About Me

I am a cybersecurity professional with over five years of experience, specializing in Web3 and blockchain security for the past two years. My expertise lies in auditing smart contracts and assessing the security of blockchain-related products.

I have extensive experience auditing Solidity and Rust-based contracts across both EVM and non-EVM blockchains, with a particular focus on Ethereum and Solana. In addition to smart contract audits, I am proficient in identifying Web2 threats affecting blockchain systems, auditing wallet extensions, backend infrastructures, and Web2/Web3 hybrid solutions.

Currently Working at Smart Contract Auditor at Blockapex

For private audits or security consulting, please reach out to me on:

Twitter - @0xabdullahx0
LinkedIn - Muhammad Abdullah
Calendly - Book a Call

Team Audit Reports

Protocol	Type	Audit Report
Amet Finance - Zero Coupon Bonds Issuance Protocol	Solidity , EVM	Audit Report
Adot Finance - Bridge and NFT Marketplace on Lightlink	Solidity , EVM	Audit Report
Axone Blockchain - AI orchestration	GO	Audit Report
Ensofi - DeFi Lending/Borrowing	Rust , Solana	Audit Report
Lightlink Bridge	Backend	Audit Report
Popfi - DeFi Pepetual Dex	Rust , Solana	Audit Report
ScriptTv - L1 Blockchain	Geth (Golang)	Audit Report
Stakera - Lottery Protocol	Rust , Solana	Audit Report
Stashed Wallet Extension - Chrome Wallet Extension		Audit Report
Pumpkin.fun	Rust , Solana	Audit Report
Dorafactory (Dora Bridge)	Solidity	Private
Alethai.ai - pump.fun clone for AI agents	Rust , Solana	Private
Livaat Metaverse	Solidity	Private
Enjoyoors	Rust , Solana	Private
Toucan LightLink - Cross-Chain Governance & LayerZero OFTs	Solidity
Sonex	Solidity	Private
Metapool	Rust , Near	Audit Report
TokenMetrics (TMAI)	Solidity, Ethereum	Private Audit
Zynk Labs	Rust, Solana	Private Audit
Polymesh	Substrate, L1	Private Audit
American.fun	Rust, Solana	Private Audit
Private	Hybrid Derivate Exchange	Private Pentest Report

Public Contest

Date	Platform	Protocol	Position	Findings
Mar 2025	Cantina	ColorPool	13	1H,3M

Hackathons

Name	Submission	Position
REDACTED(2025)	Overlooked web2 vulnerabilities in web3 Realm	Winner 🏆 Announcement

Blogposts

Title	Link
How a 100 USDT Position Generated $3.9M in Volume and Left Bad Debt on the Protocol	Medium
Lessons from Auditing a Pump.fun Clone	Medium
From Opportunity to Threat: My Encounter with a Blockchain Job Scam	Medium
How I stopped a Wallet Hack and Got Almost Nothing	Medium

Responsible Disclosures

Issue	Company	Writeup/HOF
s3 Bucket takeover leading to KYC information	Moneytoken	Writeup
Accessing to KYC information of a Crypto Exchange	Bilaxy	Writeup
SQL Injection in a Plutus.io	Plutus	Writeup
Nacos Instance leading to Backend Keys	H&M	Writeup
Access to Air Conditioning Panels	H&M	Writeup
SSRF leading to Backend	Cargo.build	Writeup
Free Wallet TopUp	CJDropshipping	Writeup
XSS In Apple's Acquisition	BeatsByDre	Writeup
XSS In Steam	Steam	Writeup
XSS In Apptentive	Apptentive	Writeup
XSS In Hackpad	DropBox	Writeup
XSS In Ebay	Ebay	HOF
Access to Redis Instance	Silvergoldbull
Subdomain Takeover	Silvergoldbull
Blind XSS In Crypto Exchange	Bilaxy
Access to KYC File of CryptoExchange	rekeningku
Stealing user funds via leveraging CSRF	Bilaxy
Blind XSS in admin panel	Dflow
CSRFs in Skypixel.com	DJI
XXE in Solaredge.com	Solaredge	HOF
RCE in Cybozu.co.jp	Cybozu.co.jp
Access to Admin Dashboard	Plutus.it
Blind XSS in Oneplus	Oneplus
Directory Traversal in Oneplus	Oneplus
Misconfigured s3 Bucket	Sphero
Account takeover using CSRF	Sphero
Subdomain Takeover	Sphero
XSS in Opera.com	Opera	HOF
XSS in Unity3d.com	Unity
XSS in Vmware.com	Vmware
Log4j in tcl	TCL
Nacos panel Misconfiguration leading to Credentials	TCL
SQL Injection in Terravirtua	Virtua
Access to multiple instance of 204 netman	H&M