Valerian Callens
Detail-oriented Web3 LSR with a systemic mindset and a background in TradFi IT audit
@ValerianC
Public earnings
$0
Public findings
0
Skillset
Self-reported
Admin verified
Cryptography & ZK
ECDSA / Signatures
Programming Languages
Solidity
Staking
Liquid Staking
Token Standards
ERC-20ERC-2612 (Permit)
Worked with
Biography
Web3 Experience
Over the past several years, I’ve performed 80+ security reviews and worked across the full security stack of Web3 systems, auditing and securing a wide range of projects including DeFi, cross-chain architectures, and L2 rollups across ecosystems such as EVM, Solana, Flow, and TON.
Beyond audits, I’ve delivered threat modeling, risk assessments, deployment reviews, governance proposal analysis, bug bounty triage, and incident response.
Prior to Web3
After graduating in Computer Science, I worked as an IT auditor in TradFi, where I performed:
- 19 assignments (IT risk assessments, controls, recommendations, reports)
- 3 yearly risk assessments at the regional level (9 countries, 22 legal entities)
Security Research, Industry Contributions & Certifications
- Contributed to the EEA DeFi Risk Assessment Guidelines - Version 1 and EEA EthTrust Security Levels Specification Version 3
- Co-authored four research papers about smart contracts and bridge hacks: 1, 2, 3, 4
- Speaker at two DeFi Security Summits about Bridge Security and EIP-1153 (Transient Storage)
- Top 1 on Node Guardians, a Web3 CTF platform
- Certified Information Systems Auditor (CISA) in 2018
Private reviews
View allEngagement | Project title | Timeframe | Researchers |
|---|---|---|---|
Definitive Finance | Definitive: EVM Flash Contracts | May 2026 - May 2026 |
Security portfolio
Title | Description |
|---|---|
| UniBot (Diamond Protocol) | Leveraged Liquidity Provision Platform for Uniswap V3 |
| BOBA Teleportation and Token as a Fee | This Boba audit focused on two contracts: Teleportation and Boba_GasPriceOracle. The Teleportation contract is designed to help users transfer tokens across different L2’s. The Boba_GasPriceOracle allows users to opt into using BOBA tokens for fee payments, as well as exchange a small amounts of their BOBA to ETH to help perform the meta-transactions without having to bridge their own ETH. Both of these processes rely on centralized off-chain components. |
| Neoswap | The audited contract allows performing swaps between several parties using an arbitrary combination of Sol and NFTs. |
| Nayms | Nayms is a decentralized insurance marketplace built using the Diamond pattern, a multi-facet proxy architecture. The project uses three layers: facets, libraries, and storage. |
| Portal | The audit is focused on the Portal token contract as well as associated token vesting features. In addition to a relatively straightforward token that is made for use in a cross-chain context, TokenVestingLinear and TokenVestingSigmoid are contracts designed to enable vesting the Portal token with a linear vesting schedule and a sigmoid vesting schedule respectively. Notably, the implementation of TokenVestingLinear aims to enable the participation of Solana users. |
| Secured Finance 2 | This audit report presents a diff audit. Key updates include the integration of ZCTokens, enabling users to tokenize their Zero Coupon Bonds (lending positions) and facilitate their transfer beyond the Secured Finance protocol. |
| Subscription Token Protocol | Subscription Token Protocol allows for creators or businesses to support subscribers to their platform through the minting of NFTs that represent the subscription. To create the Subscription Token Protocol NFT Contract, the creator or business will invoke deploySubscription() on the Factory, with all the configurations specified. Subscribers will then be able to purchase the subscription for a period of time. Subscription offerings can include several tiers where subscribers of different tiers are rewarded according to a Reward Curve defined for that tier, which supports offering bonus rewards for a given tier. |
| Elara Finance | Elara is a DeFI lending protocol intended to operate on the Zircuit network. The codebase is a fork of Compound V2, with some modifications. The primary modifications introduced include the addition of a new set of Oracle contracts that support Chainlink, Pyth, and API3. Furthermore, the project team has implemented support for both native and wrapped Ether within a single contract CEtherV2.sol, where WETH acts as the underlying asset. Finally, it is now possible to define specific supply caps for the supported assets. |
| Venus Protocol - PSM (Peg Stability Module) | The Peg Stability Module (PSM) is inspired by MakerDAO's PSM for DAI and aims to peg the VAI token to a value of $1. The team plans to deploy two separate PSMs, one whose peg will be maintained by USDC and another whose peg will be maintained by USDT. Users can swap USDC or USDT to VAI and vice versa through these contracts. Fees from each swap are directed to the Venus Treasury. |
| TokenOps | Token Vesting contract with ERC20 token vesting functionalities. With the contract, admins can create vesting grants and assign them to recipients, manage the vesting process, and revoke grants when necessary. |
| TON locker contract | TON's locker contracts, with logic for vesting rewards based on users' locked funds |
| Fragmetric Restaking Program | Fragmetric is a re-staking protocol, that allows users to stake SOL, or different liquid staking derivatives supported by Fragmetric, to mint fragSol. fragSol represents a user share in the total SOL equivalent amount held by the protocol. Currently, the protocol supports two LSTs, namely jitoSol and mSol (Marinade LST). The protocol relies on the spot price of SPL Stake Pools or Marinade Stake Pools to update prices. Price updates happen whenever the user interacts with the protocol, during deposits and withdrawals, and protocol operators can perform arbitrary price updates as well. As an incentive, the protocol offers different types of rewards, such as points or SPL tokens. The fund manager adds rewards that are stored in the system in the form of reward blocks, which can be claimed by users on demand, or when they deposit or request withdrawal. |
| Opera Sonic Bridge | The OperaBridge smart contract is designed to facilitate the bridging of native tokens between the Opera and Sonic blockchain networks. Its purpose is to allow current Opera users to transition to the new Sonic network with ease. Valid signatures of a set of validators are required to allow transfers. The contract includes provisions for deposit management, liquidity control, and configurable fees. |
| Ethena UStb Token | This project consists of 4 contracts to manage UStb tokens, a stablecoin backed by collateral. The system includes contracts for minting, redeeming, and managing UStb tokens with features such as whitelisting, blacklisting, and role-based access control. |
| Boba Bridge and LP | This Boba audit focused on LP contracts, ERC721 Bridges, and ERC1155 Bridges. Since this is a rollup solidity project, we reviewed several general concerns, including the potential overflow risk due to the contract version, the risk of reorgs, and the risk of the same contract address appearing in both L1 and L2, controlled by different owners. |
| Secured Finance | Secured Finance operates as a decentralized finance (DeFi) platform, addressing liquidity challenges within the industry. The platform's protocol facilitates peer-to-peer lending and derivatives trading, emphasizing fixed-income investments and hedging. This solution aims to offer a more efficient and cost-effective alternative to conventional financial institutions. The protocol integrates lending markets, drawing inspiration from bond markets. Users can place lending and borrowing orders, mirroring the process of buying or selling zero-coupon bonds with varying maturity periods. Notably, these orders are maintained within an on-chain order book, eliminating the necessity for additional systems or privileged roles for order matching. |
| API3 - OEV Auction House | This audit focused on the OEV (oracle extractable value) Auction House platform where OEV searchers can bid on data feed updates that satisfy specific conditions, and report that they have fulfilled these updates. OEV is a subset of MEV where oracles have exclusive priority of extraction. API3 holds OEV auctions for its data feed services and forwards the proceeds to the respective user dApps. |
| Flow Cross VM Token Bridge | This audit focused on the bridge aiming to transfer assets, specifically Non-Fungible Tokens (NFTs) and Fungible Tokens (FTs), between the Cadence side and the EVM side of the Flow blockchain. The project includes several smart contracts written in Cadence and Solidity. The main functionalities include onboarding assets, bridging NFTs and FTs, managing token metadata, and ensuring cross-chain interactions. The project leverages various interfaces and utility contracts. |
| XY Bridge | This audit focused on yBridge, an in-house bridge used by the XY Finance ecosystem to perform cross-chain swaps between supported periphery chains. A network of validators is in charge of securing communication of cross-chain requests via event monitoring and signatures, but also synchronizing on a dedicated settlement chain the accounting of funds in the system. Liquidity providers can earn fees by depositing liquidity on periphery chains to support the cross-chain swaps. Liquidity can only be provided for a limited list of tokens. Depending on the source and final token requested by users for cross-chain swaps, swaps may be required on both chains (source and destination) and executed via a call to whitelisted DEX aggregators. This audit covers the Version 3 of this service where V3 contracts are implementation contracts designed to replace the V2 contracts already deployed on-chain. |
| EVAA Lending Protocol | EVAA is a decentralized lending protocol designed for the TON ecosystem. It allows users to deposit and borrow assets and offers dynamic interest rates based on supply and demand. If collateral falls short, liquidations can protect the system from insolvency. There are two main contracts. The master contract is a pool of multiple assets and a central hub for all system interactions. It orchestrates and relays user requests to the user contract that handles deposits, withdrawals, borrowing, repayments, and liquidations. |
| Pheasant Network | Optimistic Bridge |
| Nayms - Diff audit 2 | Nayms is a decentralized insurance marketplace built using the Diamond pattern, a multi-facet proxy architecture. The project uses three layers: facets, libraries, and storage. The changes mainly involve a staking feature, the management of fees, the internal representation of objects and the behavior of the internal market. |
| Nayms - Diff audit 1 | Nayms is a decentralized insurance marketplace built using the Diamond pattern, a multi-facet proxy architecture. The project uses three layers: facets, libraries, and storage. |
| Hinkal | Hinkal Protocol is a privacy protocol that aims to allow users to perform deposits, withdrawals, transfers, and swaps, and otherwise interact with DeFi protocols through owner-configured integrations without on-chain traceability. |