Sujith S

Sujith S

Built and protected hundreds of millions in DeFi TVL. Now I’ll secure yours.

@sujithsomraaj

100

Spearbit

sr

resident

Public earnings

$37,572.50

80th


Public findings

40


Achievements


Worked with

Eco Foundation
LayerZero
Botanix
Horizen Labs
OP Labs
Puffer Finance
J4X
zigtur
deadrosesxyz
Gerard Persoon
m4rio
slowfi

Biography

I’m Sujith, a security researcher at Spearbit (Cantina) and trusted CISO/Security Advisor for protocols including Superform and LI.FI. With over a decade in Web3 engineering and 3 years specializing in security research, I’ve partnered with 60+ protocols spanning consensus clients, cross-chain bridges, and complex DeFi systems.

As part of Cantina’s incident response team, I bring real-time experience handling live Web3 exploits and crisis recovery — from pre-deployment threat modeling to post-incident forensics and remediation planning.

I’ve helped secure some of the most critical ecosystems in crypto: Sonic, Berachain, Optimism Interop, LayerZero, Monad, zkSync, Blast, Relay Protocol, LI.FI, and many others. Most of this work remains private, but my ability to find high-impact vulnerabilities consistently shows up in open competition:

  • 🩸 First Blood at Paradigm CTF 2023 (enterprise blockchains), 6th overall
  • 🥇 1st Place at Surge CTF 2023 – broke Socket protocol’s data layer, $27,000 prize
  • 🥈 2nd Place at Remedy CTF 2025 – solved four problems under pressure
  • 🏆 1st Place at the Cork Protocol audit contest (Cantina)

Before Spearbit, I was a founding engineer at Superform ($180M+ TVL) and Streams, giving me the rare perspective of both a builder shipping at scale and a security lead defending production code under attack surfaces measured in billions.

I also contribute to the future of secure infrastructure:

  • ✍️ Co-author of EIP-6170, defining the bridge interface standard
  • 🔧 Contributor to Uniswap MMA (multi-message aggregation) and Pigeon (cross-chain test suite)
  • 🛡️ Reported 6+ vulnerabilities to Hyperlane and multiple bridge protocols as a part of my bug bounty journey

Whether it’s Solidity, Rust, Go, or protocol architecture, I combine builder intuition with an adversarial mindset. My mission is simple: to ensure your protocol doesn’t just pass an audit, but is battle-tested to withstand nation-state-level adversaries and real-world exploits.

Explore my portfolio: sujithsomraaj.xyz/security-work

Top competitions

View all
Contest
Position
Date
Payout
incentive-contracts

incentive-contracts

5

/ 152

January 2024$5,468
curvance

curvance

24

/ 224

February 2024$2,724
opal-contracts

opal-contracts

14

/ 183

February 2024$1,018
zetachain-protocol

zetachain-protocol

30

/ 342

August 2024$492
Soon

Soon

11

/ 452

December 2024$438

Private reviews

View all
Engagement
Project title
Timeframe
Researchers
LayerZero

LayerZero

LayerZero Ovault

Jul 2025 - Jul 2025

Sujith S
Gerard Persoon
Eco Foundation

Eco Foundation

Eco Routes

May 2025 - May 2025

Sujith S
0xRajeev
Horizen Labs

Horizen Labs

Horizen Migration Smart Contract Audit

Apr 2025 - May 2025

Sujith S
m4rio
Botanix

Botanix

botanix-stBTC

Apr 2025 - Apr 2025

Sujith S
noah.eth
chris
Puffer Finance

Puffer Finance

puffer-contracts

Apr 2025 - Apr 2025

Sujith S
ladboy233

Security portfolio

Title
Description
Li.Fi ProtocolPrivate audit reports
Relay ProtocolInvalid message hash issue
HyperlanePermanent DoS
Hyperlane [Immunefi]Relayer overpaying gas
Hyperlane [Immunefi]Relayer ignoring acknowledgement cost
Hyperlane [Immunefi]32-length tree depth DoS issue
Socket.techPermanent DoS Of Data Layer
Socket.techRandom packet signing issue