Pre-Contest Audit Triage for Starknet Sequencer
From: FROMTHEHEAVENS (warden, Code4rena/Sherlock portfolio)
The Starknet sequencer is the transaction-ordering backbone of a multi-billion-dollar ZK-rollup. Before your next public audit contest, a pre-pass that flags the highest-impact vulnerability classes can save $10K–$100K in contest payouts.
Credibility
We recently analyzed the K2 Lend codebase ($135K C4 contest pool) and shipped verified PoCs for H-01 (storage collision via unverified delegatecall) and H-02 — both written in Rust, both with runnable cargo test verification. Our Kelp DAO $292M analysis identified the bridge infrastructure vulnerability class that is relevant to any cross-chain messaging system.
Public portfolio: https://github.com/FROMTHEHEAVENS/audit-triage-portfolio
Offer
| Tier |
Scope |
Price |
Turnaround |
| Standard |
1 critical-area pre-pass (e.g., consensus, mempool, or RPC surface) |
$500 USDC |
72 hours |
| Pro |
Full surface review + PoC for top findings |
$1,500 USDC |
5 days |
| Sponsor-backed |
Audit in exchange for warden allowlist on next contest |
$0 + handshake |
Negotiable |
Paid in USDC on Base to 0x37ff4a0A81C8bd801af97a25DE906240A3D59984.
Approach
We review the Rust codebase for the vulnerability classes most commonly missed by automated scanners: storage collision via delegatecall patterns, unsafe deserialization paths, access control bypasses in multi-phase transaction flows, and state-inconsistency chains under reorg. Every finding comes with a runnable Rust PoC.
Not a vulnerability disclosure
This is a commercial pre-contest triage offer. No vulnerability details are included. If you are interested in the Starknet Immunefi bounty program path instead, we are also available as bug bounty hunters.
Reply here or reach out via the portfolio repo. 72-hour response window.
— @FROMTHEHEAVENS
Pre-Contest Audit Triage for Starknet Sequencer
From: FROMTHEHEAVENS (warden, Code4rena/Sherlock portfolio)
The Starknet sequencer is the transaction-ordering backbone of a multi-billion-dollar ZK-rollup. Before your next public audit contest, a pre-pass that flags the highest-impact vulnerability classes can save $10K–$100K in contest payouts.
Credibility
We recently analyzed the K2 Lend codebase ($135K C4 contest pool) and shipped verified PoCs for H-01 (storage collision via unverified delegatecall) and H-02 — both written in Rust, both with runnable
cargo testverification. Our Kelp DAO $292M analysis identified the bridge infrastructure vulnerability class that is relevant to any cross-chain messaging system.Public portfolio: https://github.com/FROMTHEHEAVENS/audit-triage-portfolio
Offer
Paid in USDC on Base to
0x37ff4a0A81C8bd801af97a25DE906240A3D59984.Approach
We review the Rust codebase for the vulnerability classes most commonly missed by automated scanners: storage collision via delegatecall patterns, unsafe deserialization paths, access control bypasses in multi-phase transaction flows, and state-inconsistency chains under reorg. Every finding comes with a runnable Rust PoC.
Not a vulnerability disclosure
This is a commercial pre-contest triage offer. No vulnerability details are included. If you are interested in the Starknet Immunefi bounty program path instead, we are also available as bug bounty hunters.
Reply here or reach out via the portfolio repo. 72-hour response window.
— @FROMTHEHEAVENS