Skip to content
View ChargingFoxSec's full-sized avatar
0 followers · 1 following

Block or report ChargingFoxSec

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
ChargingFoxSec/README.md

ChargingFoxSec

Web3 security researcher with an EVM audit background, currently expanding into Solana security, developer tooling, and open-source security engineering.

I focus on practical vulnerability analysis: proving whether an issue is exploitable, writing runnable PoCs, and separating technically valid bugs from findings that are not submit-worthy because of scope, impact, privilege assumptions, or disclosure rules.

Current Focus

  • Smart contract security review for EVM protocols
  • Solana and Anchor program security
  • Static analysis and security tooling
  • PoC-backed vulnerability labs and audit methodology notes
  • Open-source contributions to Web3 security projects

Featured Work

Aster Payroll

Hackathon project: a privacy-preserving payroll settlement demo on Solana.

It combines an Anchor onchain program, Token-2022 confidential-transfer concepts, a Laravel operator UI, local verification flows, and payroll receipt import logic. The project is a demo and research prototype, not a production custody protocol.

Repository: aster-payroll

Audit Practice Reports

Public Web3 audit practice reports, including CodeHawks First Flight reviews and other disclosed security review writeups.

Many real platform findings cannot be published because of disclosure rules, private scopes, or contest/platform restrictions. I only publish reports and notes that are appropriate for public release.

Repository: my-audit-practice-reports

Web3 CTF Notes

Personal notes on Web3 CTF challenges, exploit patterns, common mistakes, and Remix-written Solidity solution contracts.

Repository: web3-ctf-notes

Web3 Vulnerability Labs

PoC-backed toy labs for Web3 vulnerability patterns, exploit reasoning, and audit triage notes.

Some labs are inspired by patterns encountered during audit practice, but all public cases are rewritten as standalone toy examples without private project details.

Repository: web3-vulnerability-labs

Skills

  • EVM: Solidity, Foundry, Slither, common DeFi vulnerability classes
  • Solana: Rust, Anchor, SPL Token, Token-2022, account validation patterns
  • Security: threat modeling, exploit reproduction, PoC writing, impact triage
  • Engineering: TypeScript, PHP/Laravel, Python, Git, test-driven debugging

Open Source Direction

I am currently looking for useful contributions in:

  • Slither and other smart contract analysis tools
  • Solana and Anchor developer tooling
  • Public vulnerability labs with runnable tests
  • Documentation and examples that improve security review workflows

Profiles

Pinned Loading

  1. aster-payroll aster-payroll Public

    Hackathon demo for privacy-preserving payroll settlement on Solana using Anchor, Token-2022 concepts, and a Laravel operator UI.

    PHP

  2. web3-vulnerability-labs web3-vulnerability-labs Public

    PoC-backed toy labs for Web3 vulnerability patterns, exploit reasoning, and audit triage notes.

    Solidity