Skip to main content
RESILIENCE
All capabilities
Smart contracts · DeFi · SecurityProposal brief

Blockchain & Smart Contracts

On-chain engineering built by someone who has lived both sides of it. Smart contracts and automated strategies, decentralized-finance integrations, and — above everything — the security discipline that decides whether on-chain code survives contact with an adversary. We develop, audit, and advise across centralized and decentralized finance; we do not sell tokens, manage your money, or promise returns. The deliverable is engineering and judgment, not a position.

Scope an on-chain buildOther capabilities
Scope

What's in scope.

The boundary of the engagement is set in writing before work begins.

On-chain engineering built by someone who has lived both sides of it. Smart contracts and automated strategies, decentralized-finance integrations, and — above everything — the security discipline that decides whether on-chain code survives contact with an adversary. We develop, audit, and advise across centralized and decentralized finance; we do not sell tokens, manage your money, or promise returns. The deliverable is engineering and judgment, not a position.

Scope is written collaboratively during discovery and signed off before any build work starts. Changes are handled as written amendments, not surprise invoices.

Method

How we build.

The discipline below is constant across engagements. On a public, adversarial network, it is the difference between code that holds and code that becomes someone else's payday.

  • Security is the whole job, not the last step.

    Smart contracts are adversarial software running on a public network where every line is readable and every bug is a bounty for someone else. We design under a written threat model, reason through reentrancy, oracle manipulation, MEV exposure, access-control and upgrade paths before code ships, and treat key management as a first-class part of the architecture. The founder rebuilt this practice on the other side of a DeFi exploit — the security posture here is lived, not borrowed.

  • Multi-chain fluency, chosen per engagement.

    EVM chains and L2s, the major non-EVM networks, and the bridges between them — we pick the chain for the operation in front of us rather than the one with the loudest token. The same goes for the protocols a build composes on: established, audited venues like Aave and Balancer over whatever launched last week.

  • Risk made explicit, on both sides of the aisle.

    Centralized and decentralized finance each carry a different risk surface — custody, counterparty, smart-contract, regulatory, liquidity. We name them plainly, in writing, so a client understands what they are taking on before they take it on. No hype, no maximalism, no pretending the downside isn't real.

  • Built and audited, never gambled.

    Trading bots, flashloan-powered arbitrage, and MEV-aware execution are engineering problems with hard correctness and safety requirements — not a casino. We build them to specification, test them against adversarial and edge-case conditions, and hand back something a client can reason about. What a client chooses to do with capital is their decision; our job is that the system does exactly what it says.

Deliverables

What you'll receive.

  • Smart contract development & automated strategies

    Production smart contracts, trading bots, flashloan-powered arbitrage, and MEV-aware execution — designed against a written spec, tested against adversarial conditions, and shipped with the safety rails on-chain code demands.

    From $5,999 · typical builds $6K–$120K

  • DeFi engineering & protocol integration

    Integrations with established protocols — lending and borrowing on Aave, liquidity and pools on Balancer, staking, and node operation. Decentralized-finance plumbing wired into your product without the brittle glue.

    From $4,999 · scoped per integration

  • Blockchain security & smart-contract audits

    Spotlight

    Threat modeling, line-by-line contract review, and key-management hardening for teams shipping on-chain. The most important work we do here — and the reason the rest of it holds.

    From $3,999 · scoped per audit

  • Blockchain consulting & education

    Plain-language guidance on centralized and decentralized finance — the benefits, the real risks, and where the two meet. For founders, teams, and individuals who want to understand the space before they commit to it.

    From $1,999 / month · advisory retainer

Selected work

One we can describe.

Anonymized by sector and region only. The full archive lives at /work.

Blockchain & smart contracts2025

A DeFi lending protocol, scope redacted

A full-stack smart-contract security audit — findings by severity, refusal lanes enforced, operator sign-off on every mitigation.

Critical finding (mitigated pre-mainnet)
1
Contracts in scope
4
Operator sign-off on mitigations
100%

The protocol was preparing a mainnet upgrade across four core contracts and needed an audit that read like engineering, not a marketing PDF. The engagement was a structured security review — static analysis, symbolic paths, and manual review — bound by refusal lanes that forbid automated mainnet execution, fund movement, or performance claims. Every finding is severity-banded; every recommendation waits for the client's security lead to accept, defer, or reject.

Methodology
  1. 01
    Refusal lanes before tooling

    Documented the no-list first: no mainnet deploy without signed release, no live fund movement, no yield or return language in the audit surface. The tooling respects the same boundaries the final report does.

  2. 02
    Layered analysis surface

    Static analysis for known vulnerability classes, symbolic execution on critical paths, manual review on access control and oracle wiring. Findings keyed to contract, line range, and reproducible test case.

  3. 03
    Severity-banded reporting

    Critical and High findings block the release record until acknowledged or mitigated. Medium and Informational ship with explicit deferral options — nothing silently dropped.

  4. 04
    Operator owns every mitigation

    Recommendations are drafted; the client's security lead decides. Every decision is logged immutably. The integrity metric is 100% operator sign-off, not finding count.

The audit surfaces risk. The operator decides what ships.

Source notes redacted · Client identification withheld by agreement

Timeline

A predictable cadence.

Every engagement runs on the same four-stage rhythm, regardless of size.

  1. Discovery

    Week 0

    Working session, written scope, clear success criteria.

  2. Design & architecture

    Week 1

    System design, milestones, fixed or weekly pricing.

  3. Build

    Weeks 2+

    Weekly releases, live portal, direct access to engineers.

  4. Launch & handoff

    Final week

    Production hardening, observability, written handoff.

From the practice

Field notes adjacent to this work.

Pieces from the archive that share the discipline.

All field notes
FAQ

Common questions.

How do you price engagements?
Fixed-price for well-scoped work, weekly retainer for open-ended or exploratory engagements. Pricing is always in the proposal brief before any contract.
Do you work with existing teams?
Yes. We regularly embed with in-house engineers, or augment a small team with specific capabilities — AI integration, infrastructure, design — for a defined period.
What happens after launch?
Either a written handoff so your team owns everything, or an ongoing retainer for maintenance, features, and on-call support. Your choice, stated up-front.
Scope an on-chain buildOther capabilities