m4rio

m4rio

Solidity, Rust, Go! Catching bugs like Mario is catching coins!

@m4rio

100

Spearbit

lsr

fellow

Public earnings

$44,254.43

69th


Public findings

27


Achievements


Skillset

Economic AuditsOP stackMathMEVStakingEVMSolanaOracleLendingCross ChainAMMsPaymentsVCISOHooksStablecoinsRWAAWSPrivacyCryptographyMulti ChainsBridgesDeFiSolidityRust

Worked with

Layer N
Horizen Labs
Arkis
Mangrove
OP Labs
Shadow Exchange
Sujith S
Christoph Michel
MiloTruck
Jonatas Martins
StErMi
tnch

Biography

got it — here’s your bio in simple, plain language:

Web2 → Web3, security-first

I started in Web2, helping 20+ startups go from idea to working, scalable products. I did full-stack work and DevOps, then moved into architecture to design and scale production systems.

Web2 (high-risk products)

Later, I worked on high-risk, fiat-facing platforms. I teamed up with cybersecurity groups to build secure, compliant systems. From 2018–2020, besides leading fintech and healthtech projects, I helped with incident planning: reviewing runbooks and running tabletop drills with security and compliance teams.

Move to Web3

In 2019 I moved to Web3. I started with Bitcoin and the UTXO model, then shifted to EVM chains. I built smart contracts and systems with security and scale in mind from day one.

By 2020 I was active in DeFi, helping teams build “secure by design” systems. I joined the white-hat community and took part in confidential security ops.

From 2021–2022, as craziness, I helped several DeFi/NFT teams with white-hat work and recovery plans. My Web2 work with high-risk assets helped during critical incidents.

Mentorship

In 2021 I joined the EthernautDAO council to mentor developers entering Web3 and help them bridge Web2 and Web3 skills.

Security and protocol work

I’ve worked with multiple (often confidential) protocols to design and secure smart-contract systems.

After Devconnect Amsterdam in 2022, I joined Spearbit as a Security Researcher. I worked on:

  • Protocol security reviews
  • Threat modeling
  • Architecture reviews
  • Post-incident analysis and support
  • Multi-sig design and security reviews

I also help teams asses their security posture. This includes threat modeling for multi-sig control, off-chain/on-chain components, and day-to-day operations, even physical security. I’m currently deep in incident response and threat modeling for high-risk teams.

Rust

Over the last two years I’ve spent more time in the Rust world:

  • Private Rust code reviews (Solana programs, custom nodes, Reth)
  • vCISO work
  • Technical security talks at hackathons

Soldeer

I made Soldeer, the first Solidity-centric package manager written in Rust, now part of Foundry. It makes dependency management for smart-contract devs simpler and safer.

What I work on now

  • Security research
  • Rust client implementations
  • Smart-contract architecture on EVM and Solana
  • Incident response and threat modeling
  • Mentorship, secure system design, and open-source tools

I hacked an LLM to write this description for me as I'm too locked in to save billions

Top competitions

View all
Contest
Position
Date
Payout
tensor-monorepo

tensor-monorepo

4

/ 276

October 2024$12,961
Soon

Soon

5

/ 452

December 2024$5,412
farcasterattestation-monorepo

farcasterattestation-monorepo

19

/ 276

January 2025$866
Royco Protocol

Royco Protocol

14

/ 283

September 2024$664
Centrifuge

Centrifuge

10

/ 247

August 2024$514

Private reviews

View all
Engagement
Project title
Timeframe
Researchers
Sky

Sky

Lockstake

Jul 2025 - Aug 2025

m4rio
Christoph Michel
Sky

Sky

stUSDS

Jul 2025 - Aug 2025

m4rio
Christoph Michel
Sky

Sky

Spark ALM Controller

Jul 2025 - Aug 2025

Christoph Michel
m4rio
Sky

Sky

Grove ALM Controller

Jul 2025 - Aug 2025

Christoph Michel
m4rio
Layer N

Layer N

N1xyz Nord Proton

Jul 2025 - Aug 2025

m4rio
FrankCastle
0xluk3