Safety Engineer

Job Responsibilities: 1️⃣ Smart Contract Security Audit: - Conduct full-process security audits of smart contracts based on public chains such as Ethereum, Solana, and Aptos (primarily using Solidity), covering key modules such as code logic, permission management, mathematical operations, and external interactions, to identify potential vulnerabilities (e.g., reentrancy attacks, integer overflow, logical flaws, etc.). - Utilize Solidity fuzz testing techniques (e.g., using tools like Foundry, Echidna, Harvey) to perform automated testing on core contract functionalities and verify security under boundary conditions. 2️⃣ In-depth Review of DeFi Protocols: - Gain a deep understanding of the business logic and economic models of mainstream DeFi protocols such as DEX (decentralized exchanges), Liquid Staking, lending protocols (e.g., Compound, Aave), and stablecoins, auditing the security of core contracts (e.g., trading matching, staking mining, liquidation mechanisms). - Review the interaction risks between contracts and underlying systems in blockchain infrastructure developed with Rust/Go (e.g., node clients, cross-chain bridges) to ensure end-to-end security. 3️⃣ Security Incident Analysis and Defense Strategy Output: - Track global DeFi security incidents (e.g., flash loan attacks, private key leaks, protocol logic vulnerabilities), analyze the principles and attack paths of incidents, summarize defense strategies, and apply them in audit practices. - Provide clients with detailed audit reports that include vulnerability descriptions, risk levels, remediation suggestions, and reproduction steps, assisting development teams in completing vulnerability fixes and secondary verification. 4️⃣ Security Tools and Process Optimization: - Participate in building internal audit toolchains, optimizing Solidity static analysis (e.g., Slither, Mythril) and dynamic testing processes to enhance audit efficiency and accuracy. - Solidify auditing methodologies, write smart contract security development guidelines, and provide technical training for new team members. Job Requirements: 1️⃣ Over 1 year of relevant work experience in information security, with preference given to those with experience in smart contract auditing, blockchain security, and Web3 vulnerability discovery. 2️⃣ Ability to independently complete audits for at least 3 public blockchain projects (anonymous project links or report summaries can be provided). 3️⃣ Proficient in the #Solidity programming language, familiar with smart contract compilation, deployment, and interaction principles, able to independently read and analyze complex contract code (over 5000 lines). 4️⃣ Mastery of Solidity fuzz testing techniques, proficient in using tools like Foundry and Echidna to design test cases and verify contract security. 5️⃣ Familiarity with #Rust or #Go languages, able to understand the interaction logic between blockchain underlying protocols (e.g., consensus mechanisms, P2P networks) and smart contracts. 6️⃣ In-depth understanding of the implementation principles of mainstream smart contract protocols, including but not limited to: DEX: AMM mechanisms (Uniswap V2/V3, SushiSwap), order book models; Liquid Staking: Tokenization of staked assets (Lido, Rocket Pool), yield distribution logic; Lending Protocols: Collateral ratio calculations, liquidation mechanisms, interest rate models (Compound, Aave). 7️⃣ Familiarity with common security risks and attack methods in DeFi, such as reentrancy attacks, integer overflow/underflow, permission control vulnerabilities, flash loan attacks, MEV-related risks, etc., able to analyze the root causes of vulnerabilities in conjunction with historical events. 8️⃣ Understanding of the use of blockchain security tools, such as static analysis tools (Slither, Mythril), formal verification tools (Certora), and on-chain monitoring tools (Nansen, Dune). 9️⃣ Strong logical analysis and problem decomposition skills, able to extract core security risk points from complex business scenarios. 🔟 Excellent documentation writing skills, able to produce clear, professional, and understandable audit reports. 1️⃣1️⃣ Responsible, with zero tolerance for security vulnerabilities, and possesses a spirit of teamwork.