Jonatas Martins

Jonatas Martins

Security Researcher @ Cantina | DeFi, Solidity, EVM, Rust | Lending, Vaults, Bridges, Cross-chain

@jonatascm

100

Spearbit

sr

fellow

Public earnings

$19,517.17

148th


Public findings

59


Achievements


Skillset

Self-reported

Admin verified

Account Abstraction & Wallets

Intents / SolversMultisig (Safe)Social Recovery

Blockchain Platforms (L1 + VM)

BitcoinEthereumEVMSolana

Consensus & Node Infra

Consensus (PoS / BFT)

Cross-Chain & Interoperability

Cross-Chain Bridges

Worked with

Solo Labs
Clove
Morpho
Velodrome
AFI
infiniFi
cccz
m4rio
Christoph Michel
Gerard Persoon
cergyk
StErMi

Biography

I’m Jonatas Martins, a Security Researcher at Spearbit since 2022 and Cantina Fellow focused on DeFi protocol security. I came from Web2 web/mobile engineering, which helps me audit systems from a builder’s perspective: understanding intended behavior, modeling how integrations fail, and identifying practical issues that matter in production.

My strongest areas are Solidity/EVM DeFi, lending markets, ERC4626/vault systems, AMMs/DEXs, cross-chain and token bridge flows, governance upgrades, protocol accounting, and integrations. Recently, I have also been expanding into Rust and AI security. My security work includes reviews for Uniswap, MakerDAO/Sky, Coinbase, Maple, Centrifuge, Morpho, Velodrome, and other DeFi protocols.

In 2024, I worked as a judge and triaged bug bounty programs in Cantina. Outside direct audits, I contributed to the 2023 Rewind, spoke at TrustX 2023 and DSS 2024, and worked on Certora Prover tooling through the Aave Grant Program.

I enjoy reviews where I can dig into how a protocol is supposed to work, think through how it can break, and focus on issues that would actually matter in production.


Core Expertise

  • Solidity/EVM protocol security
  • DeFi protocol design and implementation review
  • Lending markets and collateralized debt systems
  • ERC4626 vaults, yield vaults, and accounting edge cases
  • AMMs, DEXs, swap logic, and routing/integration risk
  • Cross-chain bridges, token bridge flows, and cross-chain oracles
  • Governance, upgrade scripts, and deployment/configuration review
  • Protocol accounting, rounding, precision loss, and invariant breaks
  • Rust/Solana security

Public Contributions

Top competitions

View all
Contest
Position
Date
Payout
velvet-v4

velvet-v4

4

/ 33

February 2025$5,202
genius-contracts

genius-contracts

3

/ 18

July 2025$2,131
grass

grass

3

/ 15

June 2024$1,882
Blast

Blast

43

/ 97

January 2024$1,098
inclusive-monorepo

inclusive-monorepo

4

/ 15

January 2025$1,096

Private reviews

View all
Engagement
Project title
Timeframe
Researchers
Solo Labs

Solo Labs

Aegis DFM: Fix Review

Mar 2026 - Mar 2026

Jonatas Martins
Clove

Clove

Clove

Feb 2026 - Feb 2026

Jonatas Martins
r0bert
Morpho

Morpho

Morpho Vault v2 & Blue IRM

Nov 2025 - Dec 2025

Saw-mon and Natalie
Jonatas Martins
Om Parikh
Steakhouse

Steakhouse

Steakhouse: Leveraged Lending ERC4626 Yield Vault

Nov 2025 - Nov 2025

Eric Wang
r0bert
Jonatas Martins
Solo Labs

Solo Labs

Solo Labs: AEGIS_DFM

Sep 2025 - Sep 2025

Jonatas Martins
Om Parikh

Security portfolio

Title
Description
2023 RewindContributed to the creation of 2023 Rewind and ranked #2 in incident writing contest
Certora Prover Tools - Aave Grant ProgramThe Aave Grant Program was a program to verify with Certora Prover the Aave Starknet Bridge and Aave Token V3. I was able to identify an issue during the Aave Starknet Bridge security review.