MostafaYassin

Hi I'm Mostafa!

A security researcher at Spearbit/Cantina. I have been in security since 2021, starting as web2 penetration tester, then i made the switch into web3 in 2022!

Over the last 4 years, I've conducted more than 110+ security audits across EVM, Solana, and CosmWasm. I have dozens of audits as well, ensuring that for the client, the process is streamlined and smooth from the start of the audit, all the way to submitting the initial report, and then doing the fix review.

What I Work On

In addition to have auditing different ecosystems, I am currently expanding into Interactive Proofs and Zero Knowledge systems. I am also getting into AI red teaming, since it is an emerging (and very fun) new attack surface!

How I Think

My take is security is simple, its all about deeply understanding how something works, and then breaking it. Anything can be hacked if you understand it well enough. That is why I put the majority of my effort into understanding the system, reading the white paper/documentation, understanding the mathematical foundation it uses, and then finally attempting to break it.

Projects I worked On

One of the memorable project was a big Solana audit for a restaking protocol, it is called Fragmetric. The codebase was really robust and complex, and the audit lasted for a couple of months. What i really liked is that it had a very unique design for handling on-chain asset updates and price aggregation. It was nothing that i have seen before! So it was great experience to try understanding deeply how it works and then finding bugs!

Recently, I have also been hunting for ZK/IOP bugs that are related to insecure oracle randomness that can allow the prover to prove malicious claims. This involves understanding the mathematical notions behind the proof system and then trying to see how the prover can cheat.