Zenith assembles auditors with proven track records to secure your project. We find the critical bugs now—freeing you to launch this week—not next month.

Joined January 2025
145 Photos and videos
Pinned Post
As 2025 comes to a close, here's a look back at what our team accomplished this year at Zenith. 1.) Nearly half of our 243 audits found High's and Crit's. In total, we found 292 High and 96 Critical-severity vulnerabilities. 2.) Starting audits under 24 hours' notice. Clients raved about this. Thank you to every Zenith auditor who made this possible. Your dedication, expertise, and clear communication were the key. 3.) We worked with leading protocols including Bridge, Zama, and Jupiter. We spanned 21 ecosystems, including Ethereum, Monad, Base, Solana, Move, and Starknet. 2025 was Zenith’s inaugural year, and we’re excited for what’s ahead in 2026. A huge thanks goes to our clients, partners, and team for making this possible. Interested in a Zenith audit in 2026? Link in bio!
3
5
71
23,528
Stay tuned for more tips, tricks, and advice from Zenith Security Researchers dropping next week. Want an audit from the industry’s top security researchers selected for your specific codebase, security needs, and budget? Visit: zenith.security/
1
105
From @krikoeth: Do not assume you have found everything until you can't rewrite the codebase from memory. The code always has bugs, you just need to find them.
1
5
126
From @j4x_security: - Question every safeguard - Try yourself on new languages/frameworks all the time - Use AI to your benefit, but don‘t trust it
1
3
8
353
From @MarioPoneder: I've spent a whole year trying to find clients for my smart contract development services. Bottom line: You need to build your reputation in public to get the necessary visibility and therefore get clients. The auditing experience comes along the way.
1
1
9
300
These three researchers have: - 300,000 in total contest earnings - backgrounds in cybersecurity, technical physics, and informatics Now help Zenith clients stay secure every day. So we asked them: What do you wish you knew when you started auditing? Here’s what they said.
1
20
1,248
We are very lucky to have an esteemed researcher like @christianvari_ on the Zenith roster. If you want an audit from the industry's top security researchers, handpicked for your specific codebase and security needs, we'd love to talk: zenith.security/
1
121
Tellor Cosmos SDK Chain: 21 critical, 16 major, 24 minor, and 2 informational findings. FeefromReporterStake Function Incorrectly Calculates The feeTracker's TokenOriginInfo.Amount (critical severity). The FeefromReporterStake allows a reporter to use part of its stake to pay the fee for a dispute. However, in the else branch, this TokenOriginInfo is provided with incorrect data. In fact, the Amount is set to unbondAmt, but since this value has already been subtracted in line 125, this is not the actual amount paid with this delegation but the leftover. For example, consider the following scenario: unbondAmt = 100 and there are [10, 40, 50] delegations. The created feeTracker would be equal to [90, 50, 0], which will rebond 140 tokens instead of 100.
1
1
132
Filecoin FEVM: 3 critical, 15 major, 8 minor, and 8 informational findings. Opcode gas accounting deviating from the Ethereum EVM specification could lead to unexpected behavior (major severity). Due to the different gas accounting, contracts developed for the EVM might experience compatibility and portability issues when deployed to the FEVM. Commonly, code is optimized regarding gas cost, but since the FEVM’s gas accounting is different, the same contract executing on the EVM might run out of gas on FEVM or vice versa. Below is an example of how optimizations affect gas usage in FEVM:
1
2
79
But at the end of the day, what Christian does best is find bugs. And after meeting with the Zenith team, he knew it would be a great fit. A team that matched his technical talent and focus on high-quality security research. Here's some of the work that led to that conversation.
1
1
114
And he didn’t want to keep it to himself. In 2025, Christian launched Premio Codezen, a scholarship initiative awarding high school students pursuing degrees in technology. The first cohort had 83 students; one student walked away with a €3,000 scholarship.
1
1
149
But working on large-scale distributed infrastructure got him curious about blockchain technology. So he started his journey by getting his Master’s Degree in Blockchain & Cybersecurity from the University of Rome Tor Vergata. And then in 2022, he went all in on Web3 security research full-time. Four years later: 250 audits and 900 vulnerabilities found.
1
2
186
Christian’s background is vast: - IBM/HCL enterprise automation - Distributed microservice infrastructure across Python, React, Node.js, Kubernetes, and cloud-native architectures - And even a patent author on workload orchestration
1
3
437
250 audits, 900 vulnerabilities, €3,000 in scholarships given back into the community. Meet Zenith auditor: @christianvari_ A former software engineer turned full-time security researcher, Christian’s been at this since 2022. This is the @christianvari_ story.
1
1
21
1,339
Congrats to the @brownfiamm team on their V3 Rewards Vaults launch!
BrownFi V3 Reward Vaults are now live Earn from two sources: ⚡️ Gain from BrownFi's market making model 💰 BGT emission *If you still have funds in V2 Reward Vaults, please withdraw and migrate over. Note that all V2 pools will be shut down soon. ➡️ Deposit into V3 now: app.brownfi.io/pool ➡️ WETH/USDC.e Vault: hub.berachain.com/earn/0xa57… ➡️ BERA/HONEY Vault: hub.berachain.com/earn/0x3f0… ➡️ BERA/USDC.e Vault: hub.berachain.com/earn/0xd54…
7
373
Zenith reposted
Hard work pays off! Thanks for the highlight, @zenith256
41 top-3 contest finishes, top-5 leaderboard placements & wins in some of the biggest audit competitions ever run. These Zenith auditors are the industry's best, and they want to share advice to help you get there too. Here's what thousands of hours of experience taught them.
2
1
6
560
From @bernd_eth: Find sensitive areas on the codebase (e.g., token transfers) and work your way backwards, trying to break any assumptions and escalate privileges. Find a way to work or compete against smarter people; that's the best and quickest way to level up.
1
4
171
From @ast3ros: Understanding the codebase is fundamental. Aim to understand it as quickly and deeply as possible. And write a lot of PoCs. Seriously, write PoCs.
1
2
239
From @10xhash: Every small incorrectness is most likely exploitable in some path. Have the incorrectness as a pending future critical in your mind.
1
3
225
41 top-3 contest finishes, top-5 leaderboard placements & wins in some of the biggest audit competitions ever run. These Zenith auditors are the industry's best, and they want to share advice to help you get there too. Here's what thousands of hours of experience taught them.
1
26
1,991
Zenith reposted
Zenith has completed the 2nd audit of our V3: 18 issues found, zero critical or high-risk. All resolved. Two tier-1 audits done. Ready to LP with full confidence now 👉 app.brownfi.io/pool
Zenith Auditors completed an audit for BrownFi V3, an oracle-based AMM with asymmetric liquidity depth. All issues have been resolved or acknowledged. Massive shoutout to the @brownfiamm team for ensuring the highest security standards ahead of their launch!
1
1
12
800