Security research firm. Tailored security reviews, invariant systems, and advisory for a curated set of EVM protocols. Every engagement is principal-led
Optimal is not a style.
O(n) → O(log n); O(n) → O(1)
Architecture and gas optimisation work for @LotusFi_'s tranche-based lending protocol. Congrats to the team on their upcoming launch.
DeFi has lost over $900M to hacks in the first six months of 2026, +70% YoY.
Most of those protocols had audits. A growing share of these losses never touched the smart contracts at all: compromised keys, sophisticated social engineering attacks, operational gaps a smart contract audit can't prevent.
That’s why @LotusFi_ takes a holistic approach to security, with independent review from experts across three surfaces: economic design, smart contracts, and operational security. Our team has secured tens of billions of customer deposits, smart contracts, transactions and private keys since 2019.
On the contracts, that's meant engagements with top-tier experts early and often: @Iam0x52 for a pre-audit review, @EnigmaDarkLabs on gas and architecture, and early access to Zellic's @v12sec and @cantinasecurity's Apex, two of the newest AI-native scanning tools in the space. All before we even kicked off our smart contract audit with @Cyfrin, supported by their Cygent AI agent for security review and formal verification. AI tools extend what expert reviewers can cover; they don't replace their judgment.
As we move closer to deployment, we'll also be pursuing @_SEAL_Org certification for our op-sec practices because as we’ve seen with many recent exploits, security does not stop at the contracts.
On the design side, @BlockAnalitica ran an independent economic assessment of Lotus's markets, tranches, and risk parameters. @CredoraNetwork's risk ratings on each tranche give every vault transparent risk you can verify.
We want the protocol tested early, repeatedly, and from every angle. That's the standard we think serious onchain infrastructure should meet.
Congrats to @SiloFinance on the v3 launch and the new Collateral Debt Swap (CDS) mechanism.
Our security review of Silo v3 is now public:
https://t.co/dMxbDcfYSr
Silo v3 is LIVE.
Silo introduces the safest lending markets in DeFi.
We rebuilt the core assumption behind lending: collateral does not need to be sold to keep markets solvent.
That shift puts lender protection first — and makes yield more durable.
Here’s how 👇
Invariant testing defines what the code should *never* do then tries to break that.
We developed two invariant suites {Spoke,Hub} for Aave V4 as part of their rigorous layered security program.
Built on the foundations of our previous work on the invariant suite for Aave V3.
Securing the shadows.
Explore the invariant suites here: https://t.co/rFg1HKkGAW
Aave V4 was built security-first, with layered security controls from early architecture through post-audit fix validation.
We’ve published a full transparency report on the Aave V4 security program.
Read it below.
We are thrilled to share that @vnmrtz, co-founder of Enigma Dark (leading blockchain security firm), is officially joining @flower_defi as co-founder. Victor adds deep expertise in DeFi security and protocol design, as we develop a new DeFi liquidity primitive.
gflower ��
This is no longer true. Medusa has improved a lot, no more tooling or major coverage issues. (after 6 months of using it in @EnigmadarkLabs engagements)
try short Medusa runs for coverage checks while building your suite, the feedback loop is faster than Echidna's, anon
Works best with Runes, our CLI tool that converts Echidna reproducer files into executable Foundry test files.
https://t.co/jGBINNit5T
- Run a job: osiris-lite run
- Check status: osiris-lite status & osiris-lite logs
- Retrive results: osiris-lite pull
- Generate tests: runes convert
7/7
In smart contract development, testing and security: speed and clarity matter.
Remote fuzzing is powerful. But messy.
Enter Osiris Lite: a plug-and-play, CLI-first tool for managing remote fuzzing jobs. Open source.
1/
We’re in great shape - launch is right around the corner!
We’re building more and more trust in our codebase.
This week we finalized the @EnigmadarkLabs report, and as a reminder, our audit with @electisec also found no major issues ✅
Manual audits are not silver bullets. They’re good, but they can’t always be perfect.
For greater security assurance, Twyne completed a thorough Invariant Testing Engagement with @EnigmadarkLabs to verify our invariants.
Our code passed with flying colors ��
This engagement applied Enigma’s Actor-Based Invariant Testing framework, which uses Echidna and Medusa fuzzers to simulate realistic multi-actor interactions, randomizing actions and parameters for broad coverage.
It validates global invariants, function-specific properties, and transitions in complex systems, efficient for monolithic as well as modular architectures such as Twyne’s.
Report available: https://t.co/XvJnyxCkP0
7/
In April, we partnered with @twynexyz to construct the invariant testing suite for the first version of their protocol.
Twyne is a credit delegation protocol built on Euler v2 vaults, powered by the Euler Vault Kit (EVK). It enables users to utilize unused borrowing power across lending markets, achieving higher capital efficiency.
1/