In his early days, Minzhi never thought he’d become a Security Engineer for the largest crypto and blockchain security company in the world. With a background in software engineering, and a desire for DeFi, Minzhi has built upon his skillset to become a Security Engineer with CertiK!

Below, Minzhi shares a day in the life, alongside his background, interests, and more.

Who are you? How did you start your career?

I am Minzhi He. I joined Certik in March 2020. I majored in cybersecurity, and I first got exposed to blockchain technology in one of my Masters courses. …

Adrian is a self-confessed technology nerd and geek. From owning the Amiga 500 in his childhood, Adrian always loved computers and the potential of what you could do with them.

He developed his curiosity and hacker-mindset through playing video games and teaching himself how to hack or root devices he owned, from various game consoles through to iPods and smartphones (even before they were ‘smart’, too!).

Adrian’s journey into Blockchain started in 2016 where he worked on de-anonymizing Bitcoin transactions as part of the Innovation Exchange programme at BAE Systems. …

A Certified Version of the Uniswap V2 Contract: A Leap Forward in True Decentralization

With more than $500 million worth of tokens lost due to financial exploits in DeFi protocols during 2020, and $343m lost in the first 5 months of 2021 alone, security has been top of mind for all projects. A reputable audit report is the current standard, but that’s not always enough on its own. There are countless ways for hackers to exploit vulnerabilities, both technical and economic. This can be through manipulation of oracles (like in YFI), replay of transactions in mempools and front-running them, or implementation bugs in the pool contracts. But how can we reduce the damage? …

Security audits have cemented themselves as a necessary tool in the arsenal of every type of blockchain-based project when it comes to securing their protocol and, importantly, their user’s funds.

With the total value locked in DeFi alone exceeding $45 billion dollars in February of ’21 it’s no surprise that we’ve seen the demand for smart contract security audits and penetration tests rise in parallel.

To prepare for an efficient security audit there are a number of best practices the security team here at CertiK recommends.

Outlining the Scope of your Audit and your Goal(s)

First things first, let’s ask ourselves two questions:

What will be audited?

How will…

The CertiK Security Team has successfully completed an audit of XEND Finance’s smart contract’s delta related to the rewarding group creator. The code in the audit is comprised of code related to rewarding a group’s creator with a percentage of the commission fee as well as to track total $XEND token rewards. A summary of the audit and its findings follows up.

Use-Case Profile

As a decentralized Credit Union, Xend Finance (XF) serves to optimize, improve, and add value to the core operations of Credit Unions globally, while also allowing users to form their own cooperatives and pool their money, no matter…

CertiK has set out on a joint strategic venture alongside Convergence Finance to ensure the security of their protocol and wider ecosystem. With Converge Finance’s security-centric approach, something which is naturally shared by CertiK, we’re confident that the team have paved the way for a deep level of trust and reliability in their project.

Convergence — Secured by CertiK

As part of the strategic partnership, the Convergence protocol underwent a thorough audit by a team of security experts at CertiK HQ. The audit leveraged a combination of static analysis and manual review and was focused on ConvX, Convergence’s decentralized interchangeable asset protocol.

Our team of…

How to Make the Most of Remote Work

In March 2020, the working life for many of us changed drastically. Water cooler catch-ups turned into Slack powered instant messages, whilst the weekly meeting was powered by Zoom and the boss didn’t know you’re still wearing your slacks on your lower half.

Echoing the distributed nature of blockchain, the CertiK team have worked from a variety of locations around the world from day one.

Remote working can be, and has been, a huge change for a lot of us. …

NEW YORK, 31/03/2021— The codebase for CompliFi’s automated market maker (AMM) pool contract has undergone an audit by the CertiK Auditing Team. Through the utilization of this AMM, anyone is able to create a pool and finalize it, following that any user is able to join the pool and receive pool tokens. The summary of the audit and its findings follows up.

Use-Case Profile

CompliFi Protocol comprises a decentralized protocol for issuing a wide range of financial derivatives without the risk of default, liquidations, or collateral calls.

In early February, CompliFi expanded their product offering beyond the aforementioned derivatives issuance protocol to…

Zenfuse — Token Timelock Security Verification

NEW YORK, 25/03/2021- The Zenfuse Team has successfully undergone an audit of their ‘Token Timelock’, an ERC-20 timebased lock mechanism most often utilized to release developer funds at a certain point in the future. A summary of the audit and its findings follows up.

Use-Case Profile

With a mission to make trading effortless and more profitable for both beginners and professionals, Zenfuse enables trading on multiple cryptocurrency exchanges from one secure account on both desktop and mobile.

ZEFU, the native token and the unit of exchange in the Zenfuse ecosystem, serves a number of use cases; including, but not limited to, staking…

On March 14th, the CertiK Security Team discovered a novel type of attack which was leveraged against the DeFi stablecoin project; True Seigniorage Dollar. The attack resulted in a total loss of approximated $16,600. In order to conduct this, the attacker took advantage of the principle of the Decentralized Autonomous Organization (DAO) mechanism in order to conduct an attack without manipulating conventional ‘vulnerabilities’.

Technical Analysis

The Attack Process:

  1. The attacker (0x50f753c5932b18e9ca28362cf0df725142fa6376) acquired a large number of True Seigniorage Dollar tokens (TSD) at a low price. They then leveraged those tokens for voting power and forcibly passed proposal №


Official Website:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store