Job Description
Responsible for conducting security audits of blockchain smart contracts. Through code review, vulnerability discovery, fuzz testing, and other methods, identify potential security risks in smart contracts. Provide professional security assessments for various blockchain projects such as DeFi, NFTs, lending protocols, etc., ensuring contracts are protected from hacker attacks, asset losses, and other security incidents post-launch.
Key Responsibilities
- Smart Contract Security Audits: Conduct end-to-end security audits for smart contracts (primarily Solidity-based) on public chains like Ethereum, Solana, Aptos, etc. Cover critical modules such as code logic, permission management, mathematical operations, and external interactions to identify vulnerabilities (e.g., reentrancy attacks, integer overflows, logic flaws).
- Fuzz Testing: Utilize Solidity fuzz testing tools (e.g., Foundry, Echidna, Harvey) to automate testing of core contract functionalities and validate security under edge-case conditions.
- DeFi Protocol Deep Dive: Conduct in-depth audits of mainstream DeFi protocols like DEXs, Liquid Staking, lending protocols (e.g., Compound, Aave), and stablecoins. Analyze business logic and economic models while ensuring security in core modules (e.g., trading matching, staking rewards, liquidation mechanisms).
- Cross-Chain Security: Review interaction risks between smart contracts and blockchain infrastructure (e.g., node clients, cross-chain bridges) developed in Rust/Go, ensuring end-to-end security.
- Security Incident Analysis: Track global DeFi security incidents (e.g., flash loan attacks, private key leaks, protocol logic vulnerabilities). Analyze attack vectors and provide defense strategies applicable to audit practices.
- Audit Reporting: Deliver detailed audit reports containing vulnerability descriptions, risk levels, remediation suggestions, and reproduction steps. Assist development teams in fixing vulnerabilities and conducting secondary verification.
- Toolchain Optimization: Participate in building internal audit toolchains, optimizing Solidity static analysis (e.g., Slither, Mythril) and dynamic testing workflows to improve efficiency and accuracy.
- Knowledge Sharing: Develop audit methodologies, write smart contract security guidelines, and provide technical training for new team members.
Job Requirements
- Experience: 1+ years in information security, preferably with smart contract auditing, blockchain security, or Web3 vulnerability research.
- Portfolio: Must have independently audited at least 3 public blockchain projects (provide anonymized project links or report summaries).
- Technical Skills:
- Proficiency in Solidity programming, understanding smart contract compilation, deployment, and interaction principles.
- Ability to analyze complex contract codebases (5,000+ lines).
- Experience with Solidity fuzz testing tools (Foundry, Echidna) to design test cases.
- Familiarity with Rust/Go to assess blockchain protocol interactions (consensus mechanisms, P2P networks).
- Protocol Knowledge: Deep understanding of:
- DEXs: AMM mechanisms (Uniswap V2/V3, SushiSwap), order-book models.
- Liquid Staking: Tokenized staking assets (Lido, Rocket Pool), yield distribution logic.
- Lending Protocols: Collateral ratios, liquidation mechanisms, interest models (Compound, Aave).
- Security Expertise:
- Knowledge of DeFi risks: reentrancy, integer overflows/underflows, permission flaws, flash loans, MEV.
- Experience with tools like Slither, Mythril (static analysis), Certora (formal verification), Nansen/Dune (on-chain monitoring).
- Soft Skills:
- Strong analytical and problem-solving abilities.
- Excellent documentation skills for clear audit reports.
- Zero-tolerance for security flaws, teamwork-oriented.
Benefits
- MacBook provided for work.
- Remote-friendly environment.
- Bi-monthly performance bonuses.