Hi there! I'm Dominik Muhs, and I spend my days helping teams build more secure systems. Over the past few years, I've had the opportunity to work with many different projects, from established protocols to early-stage teams just getting started. I enjoy the detective work that comes with security research, digging into code to understand how things work and where they might break. I work independently and as a founding member of Creed.
Services
Most of my time is spent doing manual code reviews of smart contracts written in Solidity. My background in backend development helps when I need to look at the Python, JavaScript, TypeScript, or Golang code that often sits alongside the contracts.
I also do penetration testing work, usually when teams want someone to look at both their smart contracts and the applications that interact with them. Sometimes, the interesting issues are in how these different pieces talk to each other.
I'm always happy to chat about security architecture or help think through threat models for teams that are still figuring things out. I've also worked with individuals and organizations on operational security - things like securing key management, improving security practices, and reducing risks for high-value targets. Whether you're building something new or have a security question you're mulling over, feel free to reach out.
Contact
If you'd like to discuss a project or just have a security question, drop me a line at hello@kauz.gmbh. I'm always happy to chat.
-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZWd0JRYJKwYBBAHaRw8BAQdAFgKHo5g2+W+9F4LvGJTqF0sJPTE0EljD HMMp8SJpiNDNIWhlbGxvQGthdXouZ21iaCA8aGVsbG9Aa2F1ei5nbWJoPsKM BBAWCgA+BYJlZ3QlBAsJBwgJkMl06xkuDPvzAxUICgQWAAIBAhkBApsDAh4B FiEEAC8frkSMoJYV8YfjyXTrGS4M+/MAAMWXAP927LMkpfiumuYNgjn1c7d3 toSrNu3lUEJypTNTCoszZgEAx3pMz1Oj5baDlpNvrnty17PfmrG4copB8dJF +waAYgnOOARlZ3QlEgorBgEEAZdVAQUBAQdAk3/TBhf0DWYl7a/MIdaYAaby ZnZaZRI2s8Z26OX4SicDAQgHwngEGBYIACoFgmVndCUJkMl06xkuDPvzApsM FiEEAC8frkSMoJYV8YfjyXTrGS4M+/MAAGMUAQCYGpLud63r8R3ZIdlL3WMm uMVOiZh90FcH8JsL+j0U3QD/R7muek+4F6pZiaYiuMafTUOkOScFqy2W3RrB it2q5AA= =UnIA -----END PGP PUBLIC KEY BLOCK-----
Work
I have performed numerous code reviews, penetration tests, and general work to ensure operational security guidelines and incident response playbooks are followed. In this section, I list my most recent engagements. Publicly available reports are linked. Clients for which an NDA is in effect are omitted.
2025
-
Web3Auth Code Review
-
Web3Auth Code Review
-
undisclosed ? Penetration TestState government office meeting and employee scheduling system
-
Everclear Arbitrum Tokenomics Code Review
-
Everclear v1.1 (Diablo) Code Review
2024
-
LucidLabs Spot Check
-
Everclear Tokenomics ↗ Code Review
-
Across Protocol Code Review
-
Puffer UniFi ↗ Code Review
-
RAA Sachsen e.V. ? Threat ModelingThe RAA is an NGO aid center for educational integration.
-
Everclear v1.0 (Chimera) ↗ Code Review
-
Request Finance Code Review
-
undisclosed ? Code ReviewA liquid staking derivative product on Filecoin.
-
TAFEL Dresden e.V. Threat Modeling, Penetration Test
-
undisclosed ? Code ReviewAn on-chain personal reputation protocol for verifiable talent sourcing.
-
Hyperlane xERC20 Code Review
-
Puffer xERC20/VT Pricer ↗ Code Review
-
BakerFi ↗ Code Review
-
Puffer ↗ Code Review
-
Connext Vesting Wallet ↗ Code Review
-
Bitsi ? Feasibility AnalysisA permissionless L2 aiming to connect Ethereum and Bitcoin.
-
BakerFi ↗ Code Review
-
Moonwell MIP-M23 ↗ Code Review
-
xERC20 Standard ↗ Code Review
-
Stadt.Land.Netz MyVIA Penetration Test
2023
-
Rocket Pool (Houston) ↗ Code Review
-
undisclosed ? Code ReviewBackend API and contract factory for an L1 specialized on NFTs.
-
Protocol Labs FilSnap ↗ Code Review
-
undisclosed ? Code ReviewA WASM module to filter malicious transactions in a large browser wallet.
-
undisclosed ? Code ReviewEthereum L2 rollup using multi-party computation. Exhaustive review of all contracts, nodes, and infrastructure.
-
EigenLayer ↗ Code Review
-
undisclosed ? Code ReviewNFT ticketing and presale platform.
-
Rocket Pool (Atlas) ↗ Code Review
2022
-
undisclosed ? Code ReviewA large UTXO-based proof-of-stake blockchain.
-
undisclosed ? Code ReviewSmart contracts of a global investment firm and a cooperative consisting of several national banks.
-
undisclosed ? Code ReviewContracts and libraries of one of the leading Ethereum SSO providers.
-
undisclosed ? Code ReviewMeta-transactions framework by a large game studio, based on ERC-7221.
-
Rocket Pool v1.1 Code Review
-
Arbitrum Nitro ↗ Code Review
-
Fuji Finance ↗ Code Review
-
undisclosed ? Code ReviewDeFi project to provide humanitarian aid and UBI to emerging nations.
-
undisclosed ? Code ReviewNFT Coldie auction marketplace and royalty reward distribution platform.
2021
-
undisclosed ? Code ReviewGovernance and vesting contracts on an L1 specialized on NFTs.
-
undisclosed ? Code ReviewOne of the largest custodial wallet providers and staking services (again).
-
Arbitrum ↗ Code Review
-
Gluwacoin ↗ Code Review
-
1inch Protocol v2 ↗ Code Review
-
undisclosed ? Code ReviewOne of the largest custodial wallet providers and staking services.
-
undisclosed ? Code ReviewA Gnosis Safe module for distributed, dynamic DAO governance structures.
-
undisclosed ? Code ReviewDecentralized insurance market for DeFi liquidity crises.
-
undisclosed ? Code ReviewCross-chain token standard reference implementation.
-
GrowthDeFi WHEAT ↗ Code Review
-
undisclosed ? Code ReviewOptions marketplace based on Kelly criterion bonding curves.
-
undisclosed ? Code ReviewA collateral distribution module in a large algorithmic stablecoin.
-
undisclosed ? Penetration TestAn traditional finance investment fund distribution platform.
-
Rocket Pool ↗ Code Review
-
undisclosed ? Penetration TestChain abstraction layer for a cross-chain atomic swap platform.
-
undisclosed ? Penetration TestOracle integration and marketplace of a large algorithmic stablecoin.
-
undisclosed ? Penetration TestGlobal logistics provider management systems and website.
2020
-
undisclosed ? Code ReviewApplication to generate hierarchical deterministic validator BLS keys.
-
undisclosed ? Penetration TestCustodial staking provider key generation ceremony systems.
-
undisclosed ? Penetration TestGlobal logistics provider management systems and website.