Jay
Security Researcher w/ specialization in Formal Verification
@movejay
sr
Biography
Biography
Hey! J here! 👋🏾
I’m a security researcher with 5 years of experience in auditing and vulnerability research across EVM, SVM, and Move ecosystems.
I previously spent 3 years as a Solidity developer before transitioning fully into security, where I led the Security Department at Sixfoot as a Security Engineer.
I am also a founding contributor to the Sui Prover at Asymptotic, where I worked on formal verification tooling for Sui Move.
Today, I specialize in Move-based ecosystems, formal verification, and smart contract security. I’ve been actively triaging reports on Cantina for over a year, reviewing and validating real-world vulnerability submissions at scale.
Across my career, I’ve worked with protocols such as Aave, LayerZero, Coinbase, Flying Tulip, and Navi, among others. My audit experience spans cross-chain bridges, CLMMs, lending markets, staking systems, perpetuals, and DeFi infrastructure primitives, to name a few.
| Project Name | Type | Description | Reports |
|---|---|---|---|
| Coinbase Settlement |      | Smart contract system for a regulated private investment platform. Investors fund deals with USDC and, after a raise completes, claim allocated tokens via Merkle proof and EIP-712 signature verification. Also handles carry fee withdrawals, time-based vesting, and cross-chain withdrawals. | Coming Soon |
| Coinbase Multiproof |     | Multiproof dispute game system for Base (Optimism-based L2). AggregateVerifier.sol requires multiple independent proof types (TEE attestations and ZK proofs) to finalize L2 state proposals on L1, with bonded proposers, challenger disputes, a 7-day resolution delay, DEFENDER/CHALLENGER resolution, delayed WETH bond claims, and faulty-proof nullification. | Coming Soon |
| Sayfer |  | Decentralized lending platform enabling users to supply assets to earn yield or borrow against holdings, with smart-contract risk management and collateralization mechanisms. | View Report |
| Fortephy |   | Smart contract auditing tool that deploys and simulates Solidity contracts to test for vulnerabilities and bugs; the audit focused on flaws and the tool's effectiveness. | View Report |
| Sturdy |   | Lending protocol enabling interest-free borrowing using yield from deposited collateral, built around isolated lending pools with individual risk parameters. | View Report |
| Kelp |   | Liquid restaking protocol letting users stake assets while keeping liquidity through derivative tokens usable across DeFi, combining staking rewards with broader composability. | View Report |
| LayerZero |   | Omnichain interoperability protocol enabling blockchains to communicate and transfer data directly, supporting cross-chain token transfers, unified liquidity, and multi-chain DeFi. | View Report |
| Topaz | | DeFi protocol for lending, borrowing, and yield generation; users supply assets to earn interest or use holdings as collateral to access liquidity. | View Report |
| DragonSwap |    | AMM-based DEX enabling permissionless token swaps, liquidity provision, and yield generation, with staking, farming, and low-cost transactions. | View Report |
| HyperCycle |    | Decentralized network where AI agents interact, exchange services, and transact directly; infrastructure for an Internet of AI with machine-to-machine payments and scalable AI marketplaces. | View Report |
| Flying Tulip |   | Smart contract protocol on Sonic combining a cross-asset lending market with RFQ-style soft liquidations. Supports delta-neutral positions where idle assets deposit into external yield sources like Aave; pricing via Chainlink oracles and a kinked interest rate curve tuned per asset risk profile. | Coming Soon |
| Flying Tulip V2 | | Sonic-based protocol combining cross-asset lending with optimized RFQ-style soft liquidations and delta-neutral positions deployable into Aave. Introduces refined debt flow mechanics and more efficient liquidation routing, with Chainlink oracle pricing and a kinked rate curve. | Coming Soon |
| Flying Tulip V3 | | Sonic-based protocol combining cross-asset lending with a refined liquidation engine and integrated vesting system. Supports delta-neutral positions deployable into Aave, with more precise liquidation mechanics, structured vesting flows, Chainlink oracle pricing, and a kinked rate curve. | Coming Soon |
| Flying Tulip YieldClaimer |   | Cash-secured put option product by Flying Tulip. Users deposit collateral (e.g. USDC) during a public sale to buy put option NFTs; collateral is wrapped and deployed into yield strategies like Aave. Principal stays protected/redeemable while yield is harvested to the treasury. The YieldClaimer role deploys idle collateral, harvests, sweeps, and force-withdraws as needed. | Coming Soon |
| Project Name | Type | Description | Reports |
|---|---|---|---|
| Aave Core |   | Foundational lending layer of the Aave protocol handling supply, borrow, liquidations, flash loans, and interest rate logic, maintaining the protocol's liquidity pools and collateralization requirements. | View Report |
| Aave Core v2 | | Iteration of the Aave core lending layer (V3.1–V3.3) covering supply, borrow, liquidations, flash loans, and interest rate calculations. | View Report |
| Aave Peripheral |   | Supplementary modules extending Aave beyond core lending: reward distribution, UI data providers, debt swap adapters, and helper contracts that simplify user interactions and external integrations. | View Report |
| AlphaLend Market Lending |   | Decentralized lending and borrowing protocol on Sui where users supply assets into pooled liquidity markets to earn interest or borrow against collateral. Each market uses an interest-bearing xToken model with variable utilization-based rates, plus borrow limits, flow limiters, oracle price feeds, and spread/protocol fees ensuring safety and sustainability. | Coming Soon |
| AlphaLend Position / Partner |  | Account layer tracking each user's cross-market portfolio of collateral, loans, and health status in USD, with continuous solvency evaluation and liquidation below threshold. The Partner system lets approved integrators create specialized positions with custom fee discounts and expanded collateral (e.g. Bluefin LP tokens) to build tailored DeFi products. | Coming Soon |
| AlphaLend Rewards / Staking | | Incentive layer distributing liquidity-mining rewards to depositors and borrowers by proportional share over scheduled windows, claimable directly or auto-compounded as collateral. Staking enables protocol-managed native SUI staking within the SUI market to earn validator yield for the pool. | Coming Soon |
| Echo |  | DeFi platform enabling users to lend, borrow, and earn yield on crypto assets. The audit focused specifically on the governance module, evaluating its smart contracts for vulnerabilities and proper functionality, with recommendations to strengthen governance processes and ensure secure, transparent decision-making. | Coming Soon |
| Kofi | | Decentralized lending and borrowing platform letting users supply assets to earn interest or borrow against holdings, optimizing capital efficiency via flexible collateralization and automated interest accrual. | View Report |
| Poel | | DeFi lending and borrowing platform allowing users to deposit assets to earn yield or access liquidity using holdings as collateral, with smart-contract risk management and automated interest mechanisms. | View Report |
| Matrixport |   | Crypto financial platform for trading, lending, and asset management with support for real-world assets (RWA) such as digital gold. Users buy, sell, and earn yield on tokenized assets, access structured products, and participate in lending markets, bridging traditional and digital assets. | Coming Soon |
| Zetachain |  | Blockchain interoperability protocol enabling seamless cross-chain communication and asset transfers between networks, supporting unified liquidity, token swaps, and multi-chain DeFi through secure, scalable cross-chain operations. | Coming Soon |
| Studio Mirai | | NFT project creating and distributing unique digital collectibles, enabling buying, selling, and trading of tokens with on-chain provenance and ownership in a secure marketplace. | View Report |
| OL Network |  | Blockchain infrastructure platform supporting dApps and smart contracts with high scalability and low fees, focused on interoperability, performance, and developer-friendly tooling. | View Report |
| Dexlyn Bridge | | Cross-chain bridge protocol enabling secure transfer of tokens and data between blockchain networks, maintaining security through cryptographic verification for fast, reliable cross-chain transactions. | View Report |
| Project Z | | Security audit of a staking-focused protocol. | View Report |
| StakeSphere | | Security audit of a stealth staking protocol. | View Report |
| AquaSwap |  | AMM-based decentralized exchange enabling permissionless token swaps and liquidity provision. | View Report |
| Thala | | DeFi platform offering lending, borrowing, and yield optimization; users deposit assets to earn interest or use them as collateral, maximizing capital efficiency. | View Report |
| Navi | | DeFi platform for managing assets, optimizing yield, and participating in liquidity markets via staking, lending, and borrowing with automation to improve capital efficiency. | Coming Soon |
| LayerZero - Aptos | | Omnichain interoperability protocol enabling Aptos applications to interact and transfer assets across chains through a verified messaging architecture. | Coming Soon |
| LayerZero - Sui | | Omnichain interoperability protocol enabling Sui-based applications to communicate and transfer assets securely with other blockchains via messaging-based verification. | Coming Soon |
| Decibel |    | On-chain perpetual futures protocol built around a central limit order book (CLOB). Traders open leveraged long/short positions on perpetual swap markets with orders matched directly on-chain for transparent price discovery. Manages margin accounts, funding rate payments, liquidations on maintenance-margin breaches, and oracle-based mark pricing — delivering a CEX-like experience with DeFi self-custody. | Coming Soon |
| Project Name | Type | Description | Reports |
|---|---|---|---|
| Coinbase Settlement Sale |   | Coinbase Sonar Solana program running permit-verified token sales. Participants commit an SPL token (e.g. USDC) against off-chain signed permits, tracked per entity and per wallet through a PreOpen → Commitment → Cancellation → Settlement → Done lifecycle. Built on Anchor 0.32 with Ed25519 precompile verification, a program-owned vault, and a bitmask-based RBAC model under a single admin authority. | Coming Soon |
| Coinbase Sunrise |  | Coinbase SCaaS Solana smart contract (Anchor) implementing a protocol-managed liquidity pool for 1:1 stablecoin swapping. A single global pool supports up to 50 token types, each with a dedicated vault, with a configurable basis-point fee, dual-authority access control (operations vs pause), slippage protection, liquidity reservation limits, and PDA-derived account validation. | Coming Soon |
| Coinbase Sunrise V2 |  | Solana smart contract (Anchor, Rust) for Coinbase's SCaaS stablecoin liquidity protocol. Implements a global liquidity pool enabling 1:1 swaps between supported stablecoins with configurable fees, slippage protection, decimal normalization, a dual authority model, and an address whitelist system. | Coming Soon |
| Sanctum |    | SOLS is a Sanctum Solana program implementing fractional reserve wrapped SOL. Users deposit SOL and receive SOLS, with careful tracking of supply vs lamports owed. Written in Rust (Solana BPF), split into core math/invariants, the Jiminy parsing layer, the deployed program with hot/cold routing, and a Mollusk test harness. Supports rebalancing, protocol fees, admin/manager roles, and Kani formal verification of core logic. | Coming Soon |
| Wonderland Security Audit |    | Solana GameFi protocol (Anchor) where users buy keys, earn rewards from later purchases, and compete for mini and grand jackpots powered by verifiable randomness, with vaults, a game timer, and a merkle-backed referral system. | View Report |
| Dreadnought Video Game Security Audit | | Security audit of the Dreadnought video game, evaluating vulnerabilities and integrity of the game's systems. | View Report |
| Crossmint Audit Report |  | Security audit of Crossmint's NFT minting and payments infrastructure. | View Report |
| Report on Suspected NFT Scam and Fake Profiles |  | Investigative report on a suspected NFT scam and the identification of fake profiles used to facilitate it. | View Report |
| ElizaOS |   | Solana smart contract (Anchor) for ElizaLabs handling a controlled token migration, allowing whitelisted wallets to swap one SPL token for another at a fixed rate, gated by a Merkle tree whitelist with per-wallet limits. | View Report |
| Project Name | Type | Description | Reports |
|---|---|---|---|
| OL Network | | Formal verification of OL Network's blockchain infrastructure, proving correctness of core on-chain logic. | View Report |
| Thala | | Formal verification of Thala's lending and yield logic to prove invariants and ensure correctness. | View Report |
| Aave | | Formal verification overview for Aave Aptos V3, proving correctness of core lending and accounting logic. | View Report |
| FullSail | | Formal verification of FullSail's DEX/swap logic to validate core invariants. | View Report |
Private reviews
View allEngagement | Project title | Timeframe | Researchers |
|---|---|---|---|
Eco Foundation | Eco Routes SVM | Apr 2026 - Apr 2026 | |
Coinbase | Sunrisedotdev: Settlementsale | Apr 2026 - Apr 2026 | |
Coinbase | Coinbase: Multiproof | Mar 2026 - Mar 2026 | |
Sanctum | Sanctum: Sols | Feb 2026 - Mar 2026 |