Kauz Security Services

Deutsch

Hi there! I'm Dominik Muhs, an independent security consultant based in Germany. Since 2020, I've reviewed smart contracts and applications for teams of all sizes, from early-stage startups to established protocols like EigenLayer, Arbitrum, and Rocket Pool. I enjoy the detective work that comes with security research: digging into code, understanding how systems behave, and finding where they might break.

Services

Most of my work involves manual code reviews of smart contracts written in Solidity. My background in backend development helps when the scope extends to Python, JavaScript, TypeScript, or Golang code sitting alongside the contracts.

I also do penetration testing, usually when teams want a holistic look at both their on-chain contracts and the off-chain systems around them. Often, the most interesting vulnerabilities live in the seams between these layers.

Beyond reviews and pentests, I help teams think through security architecture and threat models, particularly useful during the design phase, before code is written. I've also advised individuals and organizations on operational security: key management, security practices, and risk reduction for high-value targets.

Contact

Whether you have a concrete project in mind or just a security question you're mulling over, I'm always happy to talk. Reach me at hello@kauz.gmbh. 

-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZWd0JRYJKwYBBAHaRw8BAQdAFgKHo5g2+W+9F4LvGJTqF0sJPTE0EljD
HMMp8SJpiNDNIWhlbGxvQGthdXouZ21iaCA8aGVsbG9Aa2F1ei5nbWJoPsKM
BBAWCgA+BYJlZ3QlBAsJBwgJkMl06xkuDPvzAxUICgQWAAIBAhkBApsDAh4B
FiEEAC8frkSMoJYV8YfjyXTrGS4M+/MAAMWXAP927LMkpfiumuYNgjn1c7d3
toSrNu3lUEJypTNTCoszZgEAx3pMz1Oj5baDlpNvrnty17PfmrG4copB8dJF
+waAYgnOOARlZ3QlEgorBgEEAZdVAQUBAQdAk3/TBhf0DWYl7a/MIdaYAaby
ZnZaZRI2s8Z26OX4SicDAQgHwngEGBYIACoFgmVndCUJkMl06xkuDPvzApsM
FiEEAC8frkSMoJYV8YfjyXTrGS4M+/MAAGMUAQCYGpLud63r8R3ZIdlL3WMm
uMVOiZh90FcH8JsL+j0U3QD/R7muek+4F6pZiaYiuMafTUOkOScFqy2W3RrB
it2q5AA=
=UnIA
-----END PGP PUBLIC KEY BLOCK-----

Work

Below is a selection of recent engagements. Public reports are linked where available; NDA-covered clients are listed as undisclosed.

undisclosed

Penetration Test

Mid-sized German deathcare facility

undisclosed

Incident Response

Blockchain data propagation protocol

zkLighter

Penetration Test

World Capital Markets

Code Review

Ern Mitigations

Code Review

Ern

Code Review

Everclear Swaps

Code Review

Everclear Hub Upgrade

Code Review

Ern f.k.a. BitYield

Code Review

Lagoon

Risk Assessment

Quake Cash

Code Review

Web3Auth

Code Review

Web3Auth

Code Review

undisclosed

Penetration Test

State government office meeting and employee scheduling system

Everclear Arbitrum Tokenomics

Code Review

Everclear v1.1 (Diablo)

Code Review

LucidLabs

Spot Check

Across Protocol

Code Review

RAA Sachsen e.V.

Threat Modeling

The RAA is an NGO aid center for educational integration.

Request Finance

Code Review

undisclosed

Code Review

A liquid staking derivative product on Filecoin.

TAFEL Dresden e.V.

Penetration Test

undisclosed

Code Review

An on-chain personal reputation protocol for verifiable talent sourcing.

Hyperlane xERC20

Code Review

Bitsi

Feasibility Analysis

A permissionless L2 aiming to connect Ethereum and Bitcoin.

Stadt.Land.Netz MyVIA

Penetration Test

undisclosed

Code Review

Backend API and contract factory for an L1 specialized on NFTs.

undisclosed

Code Review

A WASM module to filter malicious transactions in a large browser wallet.

undisclosed

Code Review

Ethereum L2 rollup using multi-party computation. Exhaustive review of all contracts, nodes, and infrastructure.

undisclosed

Code Review

NFT ticketing and presale platform.

undisclosed

Code Review

A large UTXO-based proof-of-stake blockchain.

undisclosed

Code Review

Smart contracts of a global investment firm and a cooperative consisting of several national banks.

undisclosed

Code Review

Contracts and libraries of one of the leading Ethereum SSO providers.

undisclosed

Code Review

Meta-transactions framework by a large game studio, based on ERC-7221.

Rocket Pool v1.1

Code Review

undisclosed

Code Review

DeFi project to provide humanitarian aid and UBI to emerging nations.

undisclosed

Code Review

NFT Coldie auction marketplace and royalty reward distribution platform.

undisclosed

Code Review

Governance and vesting contracts on an L1 specialized on NFTs.

undisclosed

Code Review

One of the largest custodial wallet providers and staking services (again).

undisclosed

Code Review

One of the largest custodial wallet providers and staking services.

undisclosed

Code Review

A Gnosis Safe module for distributed, dynamic DAO governance structures.

undisclosed

Code Review

Decentralized insurance market for DeFi liquidity crises.

undisclosed

Code Review

Cross-chain token standard reference implementation.

undisclosed

Code Review

Options marketplace based on Kelly criterion bonding curves.

undisclosed

Code Review

A collateral distribution module in a large algorithmic stablecoin.

undisclosed

Penetration Test

A traditional finance investment fund distribution platform.

undisclosed

Penetration Test

Chain abstraction layer for a cross-chain atomic swap platform.

undisclosed

Penetration Test

Oracle integration and marketplace of a large algorithmic stablecoin.

undisclosed

Penetration Test

Global logistics provider management systems and website.

undisclosed

Code Review

Application to generate hierarchical deterministic validator BLS keys.

undisclosed

Penetration Test

Custodial staking provider key generation ceremony systems.

undisclosed

Penetration Test

Global logistics provider management systems and website.