Statemind Blockchain Security Fellowship. Fast Forward 

We're opening applications for our 9th Security Fellowship - a free, new intensive format of 2-week program where we share our expertise with those who want to learn more about DeFi and test their strength in blockchain research & security. As a result, you will have the opportunity to get a paid internship on real-world tasks.

Statemind is a team of security researchers specializing in smart contract audit and blockchain security. We've secured $24B in TVL across top protocols including Lido, Curve, Fluid, Symbiotic, Yieldbasis and more.

Our team includes top performers from Paradigm CTF competitions, ICPC finalists, mathematicians, and above all - puzzle solvers at heart. We conduct research on cutting-edge security topics including ZK technology, compiler tooling, formal verification, and fuzzing techniques - work that both brings value to the industry and sharpens our technical skills. Each fellowship, we create custom CTF challenges based on real vulnerabilities we've encountered in production code.

What You'll Gain with fellowship:

  • Rare expertise: master skills and knowledge that few possess but everyone needs.
  • Real impact: Learn to find vulnerabilities that protect millions of users and billions in assets.
  • Career acceleration: Compress time of self-learning into an intensive 2-week program.
  • Direct path to employment: Top performers receive paid internship offers where you will start to work with our team on audits from day one.
_____________

Is This Fellowship For You? Use the checklist below to self-check.

Obligatory:

Engineering

  • Confidently read and review complex codebases.
  • Write production-quality code in any: Rust / Solidity/Vyper / Go / C/C++ / Python / Java.
  • Understand how to debug non-trivial issues and find root causes.
  • Higher education in STEM (completed or in progress).
  • A background in mathematical olympiads.
  • Ability to work with AI, use it for tasks, and clearly explain the results.

Experience - at least one “yes” is must

  • Have hands-on experience with CTF, pentesting, audits, or bug bounties.
  • Experience with smart-contract or fellowship/camp in the past.
  • Experience in cryptography or in blockchain development.

Basic Theory

  • EVM basics: storage, calls, gas.
  • Understanding of major protocols (Aave, Uniswap, Curve, Lido, etc.).
  • Common attack vectors and vulnerabilities in DeFi (reentrancy, access control, price manipulation, upgrade issues & etc.)

Nice to have:

Experience & Theory

  • Exposure to ZK.
  • Experience reviewing DeFi protocols.
  • Web3 protocols, pentesting, Web2 security.
  • Solana, Starknet (Cairo).

_____________

Career Path

We start by reviewing applications and selecting candidates who match the profile and pass our entry test. They join a 2-week program focused on mastering the core theory and solving our custom CTF challenges. Those who successfully complete the program are invited to interviews, and the top performers receive internship offers, with the opportunity to continue with the team.

2-week Intensive Remote Program Structure:

  • Berkeley University materials and research papers curated by our team.
  • Custom CTF challenges reflecting real-world vulnerabilities.
  • Direct mentorship from auditors who've secured billions in assets.
  • Weekly progress assessments with actionable feedback.

All successful graduates receive a Statemind Fellowship certificate - whether you join our team or pursue other opportunities, you'll have proof of your security research capabilities.

_____________

How to Apply 

  • Submit application with general questions and technical assignment before March 6.
  • For the Technical Assignment - block out several hours when you can concentrate fully. We're evaluating your problem-solving approach and thought process, not just the final answer.
  • Receive feedback within 1-3 business days. Dive into 2-week intensive training starting March 9. Note: If you don't hear back within two weeks of applying, we unfortunately couldn't include you in this cohort.

This Fellowship is your chance to turn that curiosity into expertise. The blockchain space needs more security researchers who blend technical skill with relentless problem-solving. If that sounds like you, we're ready to invest in your growth.

Dive into our work on the Website, GitHub & X.
If you have any questions, feel free to reach out directly to Natasha via Telegram.

Sign in to Google to save your progress. Learn more
Email *
General Questions
Please write your full name *
Please write your Telegram account *
Please write your Gmail  *
Please indicate your timezone *
Year of Graduation *
Current employment *
Experience in development incl. blockchain development *
Do you have experience in CTF or competitive programming? If so, describe your experience *
CV link (a link to any file-sharing service or Linkedin, not HH, please) *
GitHub link *
Your english level (if you don't know pass the test: https://www.cambridgeenglish.org/test-your-english/general-english/) *
The purpose and motivation of the Fellowship? *
Where did you hear about the Fellowship? If it was from a chat or a referral, please provide the name of the person or a link to the chat.  *
Technical Questions
A Note on the Technical Assignment: Take your time. Don't rush. We're looking for beautiful minds that think deeply about problems.
 
Yes, we know some of you will use LLMs - you can, and we'll know. But here's the thing: use them as a tool, not as a crutch. If you let an LLM solve the test for you, you might pass this stage, but you'll inevitably stumble during the CTF challenges or interview when you need to think on your feet. Don't waste your time trying to game the system - invest in actually understanding the problems. We're selecting for how YOU think, not how well you can prompt.
 
The best fellows we've had used LLMs to clarify concepts but solved problems themselves. That's the difference between using a calculator and understanding mathematics.

Function to encode an unsigned integer into a “significant and exponent” representation for the specified lengths. How many errors that cause a failure are in the function? 

Count each error as a separate line that requires a fix.

 *
Captionless Image

SHA-3 is the latest member of Secure Hash Algorithm family.

Given is a 1 MiB (2^20 bytes) file that you want to hash with SHA-3. Assume (unrealistically) that for each of the 5 steps of the f-function you need exactly 1 ms of computation time. You do not need to consider other steps computation time for hash algorithm (e.g., for XOR operations). How long does it take to hash this file with SHA-3-512? 

Tip: Ignore the padding and instead round up to the next integer when dividing.

 *

A new AMM has been launched with the invariant X * Y = K and no fees.

Initial reserves: 1000 tokenX, 1000 tokenY; the initial price is p0 = Y/X. Victim wants to buy tokenY by swapping dx = 100 tokenX. Victim sets slippage s = 3%, where q = 1 − s, i.e., victim agrees to a price no lower than p0 * q. An attacker executes a sandwich, buying tokenY before victim's transaction and then selling after.

What is the attacker’s maximum profit?

 *
Assume you are a user interested in investing in the DeFi lending protocol, Compound V3. 

Your task is to calculate the potential profit you could earn over a period of 3 months (92 days). You have decided to invest 5 ETH. The current base interest rate per Ethereum block is 0.00003% (consider a block every 12 seconds), the slope low multiplier applied by Compound is 0.001%, total borrows in the protocol are 100,000 ETH and total supply is 200,000 ETH. Consider all parameters are constant throughout the period.

Round to 2 decimal places.
 *

You have decided to delegate 10 ETH to a liquid staking provider. 

Assume that daily interest rate is 0.015%. After each day you will stake 0.03 more stETH. Is it possible to write this as a purely mathematical, non-recursive function for the problem above? 

If so, provide the formula.

 *
Anyone else come to mind who’d enjoy being part of this? 
Please drop their contact below
 *
Test Review
Please list the languages you speak and indicate your proficiency level  *
Submit
Clear form
Never submit passwords through Google Forms.
GoogleForms
This form was created inside of Statemind.