Skip to content
View cryptanu's full-sized avatar
๐Ÿ 
Working from home
๐Ÿ 
Working from home
3 followers · 6 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: YOLOAchievement: Quickdraw

Block or report cryptanu

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
cryptanu/README.md

Cryptanu - Smart Contract Security Researcher

Profile

  • Senior Security Researcher, QuillAudits
  • Block 7 Fellow, YAudit (formerly YAcadamy, electisec)
  • Caught critical bugs in RWA, DeFi, AMM, NFT, Gaming, DAO, Launchpad, L1, Crosschain systems.

Open-Source Contributions, Disclosures and Articles

2025

2026

Recent Audits & Notable Projects

Recent Popular Protocols Audited

Protocol Category Date Findings (C/H/M) Report Status
HeyElsa Staking 2026 0/1/4 ๐Ÿ”“ Report โœ… Complete
Bean Exchange GMX Fork 2025 1/1/2 REDACTED โœ… Complete
ContinuumDAO RWA, Governance, Multichain 2025 0/21/13 ๐Ÿ”“ Report โœ… Complete
NexLabs RWA 2025 0/1/6 ๐Ÿ”“ Report โœ… Complete
Taiko Bridge 2024 0/4/0 ๐Ÿ”“ Report โœ… Complete
IntoTheVerse NFT Marketplace 2024 0/6/2 ๐Ÿ”“ Report โœ… Complete

Summary Statistics

Category High Medium Low
Private Reviews 74 113 132
Public Contests 1 2 6
Total 75 115 138

Interesting Findings & Impact

  • Structural week-ratcheting suppresses intended decay - Updating the split and merge functionality in Curve's veCTM introduced this critical issue allowing users not lose voting power over the 4 year period at no significant cost. ContinuumDAO C-5
  • AMM Fee Bypass - Discovered a flaw in fee calculation allowing users to bypass trading fees, potentially costing the protocol significant revenue. NexLabs Defi Indices H-1
  • Cross-chain Bridge Validation Bypass - Signature replay flaw that could allow unauthorized funds claims. WChain Bridge H-1
  • Collateralization Ratio Flaw - Poor collateral calculation leading to potential under-collateralization. Aconomy M-5
  • Infinite Mint Vulnerability - A vulnerability allowing unlimited minting of tokens under specific conditions. NexLabs Stock Indices M-1

Reach out here

๐Ÿฆ Twitter: @cryptanu

Testimonials & Recognition

"Huge thanks to Anu and Victor for their incredible audit! Their sharp eyes caught 4 critical high-severity issues(hard to find bugs), and their detailed proofs of concept were eye-opening. This is top-notch work on par with industry leaders like Trail of Bits and ConsenSys. Everyone please join me in a round of applause for our amazing auditors!"

--Akshay, Technical Project Manager

Screenshot 2025-12-10 at 07 55 19

--Selqui, CTO - ContinuumDAO

Last updated: December 2025

Pinned Loading

  1. skills skills Public

    Forked from trailofbits/skills

    Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

    Python

  2. Najnomics/StealthAuction Najnomics/StealthAuction Public

    StealthAuction revolutionizes Dutch auctions on Uniswap v4 through Fully Homomorphic Encryption (FHE). This hook enables completely confidential price discovery while preventing bid sniping, front-โ€ฆ

    TypeScript

  3. gmx-synthetics gmx-synthetics Public

    Forked from gmx-io/gmx-synthetics

    TypeScript

  4. Cryptanu - dinari_responsible_disclo... Cryptanu - dinari_responsible_disclosure.md
    1 
    # Dinari Responsible Disclosure Write-Up
    2 
    
              
    
              
    
                3
                
    ## Summary
    
              
    
              
    
                4
                
    
              
    
              
    
                5
                
    This write-up documents the discovery of an access control vulnerability in Dinariโ€™s smart contracts, the subsequent attempts at responsible disclosure, and the challenges encountered due to the absence of a responsive or clearly defined vulnerability reporting channel.
    
              
    
          
    
    
    
  
    

    5. 

      
  5. 
  
    
    
    
      
    
        
    
            
          quillshield_skills  quillshield_skills          Public
        
    
      
    

        
    
          Forked from quillai-network/quillshield_skills
        
    

      
    
        Structured skills for smart contract security audits. Infers state invariants, detects semantic guard gaps, models flash loan + oracle attack chains, simulates adversarial exploits, and scores findโ€ฆ
      
    

      
    
          
  
  Shell


      
    
    
    
  
    

    6.