# Sujith Somraaj > Lead Security Researcher at Spearbit and Cantina. Smart contract auditor with 150+ audits completed, $50B+ total value secured, and 0 exploits post-audit. Specializing in blockchain security, DeFi protocols, cross-chain bridges, and web3 security. ## About Sujith Somraaj is a lead security researcher who dissects codebases and hunts zero-days and novel attack vectors across onchain protocols. He currently holds the following active roles: - Lead Security Researcher at Spearbit (Full-time) - Independent Security Consultant at LIFI (Consulting) - Information Security Advisor at Superform (Institutional Product) ## Services - Security Audits - Infrastructure Review - Frontend Review - vCISO Consulting ## Pages - [Home](https://sujithsomraaj.com): Overview, stats, services, and client portfolio - [Security Portfolio](https://sujithsomraaj.com/security-work): 90+ private audits, contest results, and CTF achievements - [OSS Contributions](https://sujithsomraaj.com/dev-work): Open source projects and developer tools - [Blog](https://sujithsomraaj.com/blog): Technical writings on security research, blockchain, and cross-chain development ## Blog Posts - [Permanent DoS of refunds through 1 wei donation](https://sujithsomraaj.com/blog/eco-refund-dos-vulnerability): DoS vulnerability in Eco's Vault contract that could prevent legitimate users from receiving refunds - [Access Control Flaw in Hyperlane's Rate-Limited ISM and Hook](https://sujithsomraaj.com/blog/hyperlane-rate-limited-hook-access-control): Public rate limit consumption vulnerability enabling DoS of cross-chain operations - [Discovering a Vulnerability in Relay Bridge's Solver Signature API](https://sujithsomraaj.com/blog/relay-bridge-solver-signature-vulnerability): Solver signs wrong message hash, preventing on-chain intent verification - [Discovering a Vulnerability in Hyperlane's RateLimited ISM](https://sujithsomraaj.com/blog/hyperlane-rate-limited-ism-vulnerability): HIGH severity DoS vulnerability in Hyperlane's rate-limited interchain security module - [Writing Cross-Chain PoC Using Pigeon](https://sujithsomraaj.com/blog/cross-chain-poc-pigeon): Guide to writing proof-of-concept exploits for cross-chain vulnerabilities using Pigeon framework - [Post-Mortem: Colluded Transmitters in Socket DL](https://sujithsomraaj.com/blog/socket-colluded-transmitters-postmortem): Critical vulnerability in Socket's data layer involving colluded transmitters - [Unearthing a $7k SocketSurge LootBox Exploit](https://sujithsomraaj.com/blog/socket-lootbox-7k-exploit): Exploiting Socket DL's defense mechanisms to claim a $7k bounty - [Cross-Chain Immutability: Security Considerations](https://sujithsomraaj.com/blog/cross-chain-immutability-security): Security implications of data immutability for bridging protocols - [Data Paths: Essential Guide for Cross-Chain Developers](https://sujithsomraaj.com/blog/cross-chain-data-paths-developers): Understanding data paths in cross-chain communication - [Dynamic Memory Arrays in Solidity](https://sujithsomraaj.com/blog/dynamic-memory-arrays-solidity): Implementing dynamic memory arrays in Solidity smart contracts - [Decoding Investing: The Brain Language](https://sujithsomraaj.com/blog/decoding-investing-brain-language): How the Ventromedial Prefrontal Cortex influences investment decisions ## Open Source Projects - [Superform Core](https://github.com/superform-xyz/superform-core): Cross-chain yield marketplace for ERC-4626 powered by Hyperlane, LayerZero, Wormhole, LIFI, and Socket - [ERC1155A](https://github.com/superform-xyz/erc1155A): ERC-1155 token standard extension - [Pigeon](https://github.com/exp-table/pigeon): Foundry development tool for cross-chain apps simulating 6+ message bridges - [Multi-Bridge](https://github.com/MultiMessageAggregation/multibridge): Multi-bridge product used by Uniswap's Governance - [Superform Beta Contracts](https://github.com/superform-xyz/superform-contracts-beta): Core smart contracts for superform.xyz - [Infinite Approval Checker](https://ethglobal.com/showcase/variable-finance-taat4): ETHGlobal 2021 project to check and revoke token approvals - [Execution Layer Aggregator](https://github.com/sujithsomraaj/ethglobal-nyc-monorepo): ETHGlobal NYC 2023 project using Hyperlane - [iContracts](https://github.com/sujithsomraaj/icontracts): Research project for intelligent smart contracts ## Contact - Work with me: https://cantina.xyz/u/sujithsomraaj - Twitter: https://twitter.com/sujithsomraaj - GitHub: https://github.com/sujithsomraaj - LinkedIn: https://linkedin.com/in/sujithsomraaj ## Optional - [Full content version](https://sujithsomraaj.com/llms-full.txt): Expanded version with complete blog post content for deeper AI consumption