From DevOps Engineer to CodeHawks Eagle

Introduction

In just over two years, 0xStalin went from being a full-time DevOps engineer to a respected smart contract auditor. His transition from managing infrastructure to uncovering critical vulnerabilities shows the power of focused learning, relentless practice, and a deep commitment to mastering the craft.

Today, 0xStalin helps secure billions in total value locked (TVL) across decentralized finance (DeFi) protocols, specializing in lending platforms, perpetuals, and complex multi-chain systems. As a CodeHawks Eagle, he works alongside some of the industry’s top security researchers, sharpening his skills through hands-on audits and public contests.

His journey proves that with the right mindset and consistent effort, anyone can pivot into blockchain security and protect user funds across the decentralized ecosystem.

The real secret of life is to be completely engaged with what you are doing in the here and now. And instead of calling it work, realize it is play.

— Alan Watts

My path to smart contract security

My transition into blockchain security began while I was working as a DevOps engineer. With a computer science degree and a comfortable role, I felt technically competent but uninspired. In my free time, I began learning Solidity and building simple dApps, dedicating a few months to focused smart contract development. While I wasn’t pursuing it as a long-term path, that hands-on experience laid the foundation for what would eventually become my deeper interest in security research.

The real turning point came when I stumbled upon Andy Li’s interviews about public security competitions. This discovery revealed possibilities that shifted my perspective and showed me a path forward.

Rather than continue along the development track, I decided to dive headfirst into security research. It wasn’t easy. I had to redirect all my learning, embrace unfamiliar territory, and build mental models from scratch.
‍
Educational resources were scarce back then. One of the few high-quality platforms was Secureum's race series, which helped orient my learning. After months of intense study, I joined my first Code4rena contest. That moment marked the real beginning of my journey.
‍
What drove me forward was the realization that blockchain security isn't just interesting but critical. My work directly affects users' financial safety. Protecting protocols from preventable attacks became more than just a challenge. It became a mission.
‍

The grind: building expertise while working full-time

During my first year of competitions, I continued working full-time as a DevOps engineer. But I had already committed to becoming a security researcher. Every spare hour, weekend, holiday, early morning, late night, went into competitions.

‍Each contest taught me something new: how to spot vulnerabilities, simulate exploits, and understand protocol mechanics. The learning curve was steep, but the progress was real. I could feel myself evolving with every submission.

Over time, I naturally gravitated toward the protocol mechanics I encountered most: lending markets, perpetuals, staking strategies, vaults, bridges, and multi-chain integrations. These systems pose unique challenges, and I was drawn to their complexity.

More than anything, I had to learn to think differently. Not just how code works, but how it might fail, how edge cases emerge, how attackers might exploit unintended logic. That mindset shift was foundational to my growth as a researcher.

Going full-time and earning recognition

In my second year, I made the leap to full-time security work. I kept competing in public contests while taking on audit engagements as a contractor. A key opportunity came through Cyfrin, who brought me in on four engagements. Those projects exposed me to high-stakes audits and helped refine my approach.

The results followed. I won two public competitions and placed in the top five more than ten times. Each success reinforced the last, building both momentum and confidence. The mix of public contest experience and structured audit work gave me a well-rounded skill set.

Becoming a CodeHawks Eagle

In my third year, I was invited to join the CodeHawks Eagles. That recognition affirmed both my technical skill and commitment to the space. As an Eagle, I get matched with protocols where my expertise is most valuable, and I’m paid fairly without the overhead of chasing clients. That lets me focus purely on the work.

‍Working alongside other Eagles has been one of the most rewarding parts of my career. The collaborative environment raises everyone’s standards, and the knowledge-sharing culture is invaluable. We’re assigned to projects based on domain knowledge, which ensures thorough and effective audits.

But more than that, the Eagle program is a community. It’s a group of researchers who’ve proven themselves through consistent, high-quality work. We’re united by a shared mission to protect the ecosystem.

My approach and advice for newcomers

My progress comes down to three things: persistence, consistency, and adaptability. I showed up every day, put in the time, and refined my process with every lesson learned. Belief in the space kept me going, even during tough stretches.

For anyone starting out in web3 security, my advice is simple: show up daily, and don’t get discouraged. Find a reason to care. Money can be a motivator, but if that’s your only reason, it won’t sustain you through the early grind.

Practice is everything. This career is about lifelong learning. Embrace that truth. Connect with others, learn from those ahead of you, and share your own insights along the way.

Take advantage of resources like Cyfrin’s Updraft. These materials didn’t exist when I started, but they would’ve accelerated my growth dramatically. Today’s newcomers have a real advantage if they lean into quality education.‍
‍
And above all: love the game, not just the odds. If the work itself doesn’t excite you, the rewards won’t be enough to motivate you.

What I wish I had known starting out

People often ask how I discovered CodeHawks. The answer is Cyfrin. I was following the work of Hans and Patrick. Their approach to education and security aligned with how I learn and how I want to work.

One of the most memorable experiences has been auditing the protocols I personally use. There’s something uniquely powerful about securing systems where I’ve entrusted my own funds. That kind of connection between technical work and real-world impact is hard to describe and deeply motivating.
‍
The security challenges in blockchain are real. Each year, hackers steal more than $2 billion from on-chain protocols. This isn't theoretical. It’s about protecting real people, real value, and the future of decentralized trust.

A critical vulnerability that could have bricked a protocol

The most impactful finding I made came during an audit of Wise Lending, when I discovered a flaw in their bad debt accounting system that could have permanently disrupted the fee distribution.
‍
The issue stemmed from inconsistent state updates during partial liquidations. Each time a bad-debt position was partially liquidated, the global totalBadDebtETH increased, but the position-specific badDebtPosition only reflected the most recent value. Over time, this led to inflation of the global counter.
‍
The consequence? The claimFeesBeneficial function, which required totalBadDebtETH == 0, could be locked permanently, even after all legitimate debt was repaid. This would:

Freeze protocol fee distribution
Prevent new incentive mechanisms from functioning
Cause collected fees to become unclaimable (effectively burned)
Create an unrecoverable state without contract redeployment
‍

The fix was straightforward but elegant: update the global counter based on the difference between the old and new bad debt, mirroring how other state transitions were handled. This kept the accounting accurate and consistent.

‍This bug underscored a key truth: the most dangerous vulnerabilities often lie not in obvious flaws, but in how different system components interact in edge cases.

Looking forward

With the growth of blockchain and recent high-profile hacks, the need for security is increasingly critical. Through my work as a CodeHawks Eagle and ongoing public contests, I aim to help secure the foundation of decentralized finance.

What keeps this career so compelling is the constant learning. Every protocol is different, and with them come new mechanisms, risks, and ideas. Staying up to date with real-world hacks and understanding how they could’ve been prevented keeps the work grounded, relevant, and exciting.

Plus, there are serious perks: remote work, substantial compensation, and collaboration with brilliant people worldwide. Best of all, there’s a deep satisfaction in helping safeguard users’ assets.
‍
‍My portfolio demonstrates what a dedicated researcher can achieve: each vulnerability fixed, each protocol secured, adds resilience to the broader ecosystem.

If you’re considering a career in smart contract security, know this: it demands effort, but the intellectual challenge, real-world impact, and rewards are unmatched. This is one of the most exciting, meaningful careers in tech today.

Feel free to reach out and follow me if you’re getting started. The community is welcoming to anyone who shows genuine dedication to learning and protecting the space.