Chris Wu

Performed static analysis and runtime investigations of Alpaca’s smart contracts and public scripts, surfacing concrete issues such as permission misconfigurations, edge-case arithmetic underflows and unsafe external call patterns. Responsible disclosures to the protocol team and coordinated timelines with auditors enabled prioritized remediation and emergency patch deployments. Those vulnerability reports directly changed contract parameters, access control checks and upgrade procedures. Published technical write-ups and proof-of-concept demonstrations that allowed the engineering team and third-party auditors to reproduce and prioritize fixes. The resulting corrective actions reduced the attack surface, informed subsequent auditing scopes, and influenced decisions about which components required timelocks, multi-sig guardianship or more conservative liquidation parameters. Ongoing public reporting and collaboration with the community improved the protocol’s transparency on risk and shaped the engineering roadmap for hardening contracts. By converting abstract security concerns into concrete patches and audit recommendations, the researcher’s interventions materially affected user fund safety and the resilience of ALPACA-linked liquidity during periods of heightened exploitation risk.