Skip to content
View cryptanu's full-sized avatar
🏠
Working from home
🏠
Working from home
2 followers · 6 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Block or report cryptanu

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
cryptanu/README.md

Cryptanu - Smart Contract Security Researcher

Profile

  • Security Researcher, QuillAudits
  • Block 7 Fellow, YAudit (formerly YAcadamy, Electisec)
  • Audited 40+ blockchain protocols spanning across RWA, DeFi, AMM, NFT, Gaming, DAO, Launchpad, L1, Crosschain

Open-Source Contributions, Disclosures and Articles

My Audit Profiles & Links

Recent Audits & Notable Projects

Top 5 Popular Protocols Audited

Protocol Category Date Findings (H/M/L) Report Status
ContinuumDAO RWA, Governance, Multichain 2025 21/13/24 πŸ”“ Report βœ… Complete
NexLabs RWA 2025 1/6/5 πŸ”“ Report βœ… Complete
Taiko Bridge 2024 4/0/6 πŸ”“ Report βœ… Complete
IntoTheVerse NFT Marketplace 2024 6/2/4 πŸ”“ Report βœ… Complete
Aconomy Lending 2024 0/7/13 πŸ”“ Report βœ… Complete

Summary Statistics

Category High Medium Low Total
QuillAudits 74 113 132 319
Public Contests 1 2 6 9
Total 75 115 138 328

Interesting Findings & Impact

  • Structural week-ratcheting suppresses intended decay - Updating the split and merge functionality in Curve's veCTM introduced this critical issue allowing users not lose voting power over the 4 year period at no significant cost. ContinuumDAO C-5
  • AMM Fee Bypass - Discovered a flaw in fee calculation allowing users to bypass trading fees, potentially costing the protocol significant revenue. NexLabs Defi Indices H-1
  • Cross-chain Bridge Validation Bypass - Signature replay flaw that could allow unauthorized funds claims. WChain Bridge H-1
  • Collateralization Ratio Flaw - Poor collateral calculation leading to potential under-collateralization. Aconomy M-5
  • Infinite Mint Vulnerability - A vulnerability allowing unlimited minting of tokens under specific conditions. NexLabs Stock Indices M-1

Reach out here

🐦 Twitter: @cryptanu

Testimonials & Recognition

"Huge thanks to Anu and Victor for their incredible audit! Their sharp eyes caught 4 critical high-severity issues(hard to find bugs), and their detailed proofs of concept were eye-opening. This is top-notch work on par with industry leaders like Trail of Bits and ConsenSys. Everyone please join me in a round of applause for our amazing auditors!"

--Akshay, Technical Project Manager

Screenshot 2025-12-10 at 07 55 19

--Selqui, CTO - ContinuumDAO

Last updated: December 2025

Pinned Loading

  1. skills skills Public

    Forked from trailofbits/skills

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python

  2. Najnomics/StealthAuction Najnomics/StealthAuction Public

    StealthAuction revolutionizes Dutch auctions on Uniswap v4 through Fully Homomorphic Encryption (FHE). This hook enables completely confidential price discovery while preventing bid sniping, front-…

    Solidity

  3. gmx-synthetics gmx-synthetics Public

    Forked from gmx-io/gmx-synthetics

    TypeScript

  4. Cryptanu - dinari_responsible_disclo... Cryptanu - dinari_responsible_disclosure.md
    1 
    # Dinari Responsible Disclosure Write-Up
    2 
    
              
    
              
    
                3
                
    ## Summary
    
              
    
              
    
                4
                
    
              
    
              
    
                5
                
    This write-up documents the discovery of an access control vulnerability in Dinari’s smart contracts, the subsequent attempts at responsible disclosure, and the challenges encountered due to the absence of a responsive or clearly defined vulnerability reporting channel.
    
              
    
          
    
    
    
  
    

    5.