About Accretion

An audit firm built for one runtime.

Three full-time researchers. One ecosystem. We audit Solana programs and publish what we learn.

Accretion
Story

Why we started, and why we stay small.

Accretion was founded in January 2025 by Robert Reith (r0bre), who had spent the previous two and a half years auditing Solana programs, including as a lead auditor. He started Accretion to go all-in on Solana auditing, at a moment when most audit firms were doing the opposite: generalizing across ecosystems and drifting toward traditional security work.

The thesis is narrow on purpose: we audit Solana programs, and nothing else. Not because we don’t respect EVM work, but because the runtime is different enough that we don’t believe a firm can be top-of-class on both. Solana programs share almost nothing with the Ethereum mental model, no implicit sender, no automatic storage, no per-contract state. Every protection is one you wrote, every check is one we have to verify. That posture takes years to learn well, and we’d rather be the firm that’s spent those years.

We hire researchers, not consultants. Everyone on the team has either ranked on a bug-bounty leaderboard, played CTF seriously, or shipped non-trivial security tooling. Most clients reach us by referral or by reading our research. The engagement experience is engineers talking to engineers.

We’re small and intend to stay that way. The thing we’re selling is the attention of senior researchers, once that attention is rationed across too many concurrent engagements, the value collapses. So we cap our calendar, ship what we promised, and turn down work when the queue is full.

The team

The people behind the work.
Robert Reith
CEO · Lead Security Researcher

Robert Reith

@r0bre
Focus
  • Runtime internals
  • Research

Two and a half years auditing Solana before Accretion, on top of an earlier half-year auditing Polkadot. Plays the occasional CTF with ALLES!, publishes Solana security research, and has a habit of catching the quietly-critical bugs that survive everyone else’s review. His roots are in offensive web and application security, which is where the instinct for thinking like an attacker was trained.

Selected work
  • Speaker at multiple Solana conferences; guest lecturer at Rektoff.
  • Multiple high- and critical-severity findings in previously audited protocols.
Niklas Brymko
Security Researcher

Niklas Brymko

@brymko
Focus
  • DeFi protocols
  • Binary exploitation
  • Reverse engineering

Came to Solana from binary exploitation, reverse engineering, and financial-application security, and pointed all of it at DeFi. More than a year auditing Solana protocols, after years in web2 and cloud security. Most at home in the accounting and integration logic of a protocol, the places where value quietly leaks rather than dramatically breaks.

Selected work
  • Earned a bug bounty for a finding in SPL Token-2022.
  • Author of internal tooling for tracing program execution.
Mahdi Rostami
Senior Security Researcher

Mahdi Rostami

@0xmahdirostami
Focus
  • DeFi audits
  • Solana internals
  • Cross-chain security

Reached #1 on the Hats Finance leaderboard before turning his focus to Solana. A DeFi specialist with sharp economic intuition and the kind of attention to detail that turns a shrug into a finding. Two years deep on Solana and longer across other chains, so EVM and cross-chain designs read as easily to him as the SVM.

Selected work
  • Top leaderboard finishes across multiple audit contests.
Hiring

We hire people we’d trust to build Accretion.

We grow the team only when there is more demand than we can responsibly handle, across both security research and the people who keep the firm running. If you’ve shipped serious Solana security work, or want to help us scale, we want to talk.

View all roles ↗

Solana Security Auditor

Remote

Hunt bugs in Solana programs. Strong Rust, deep SVM knowledge, Anchor and native.

Business Development Lead

Remote

Own pipeline generation and sales. 2+ years BD in crypto/Web3 with Solana relationships.

Marketing & Content Lead

Remote

Build the content engine: technical write-ups, threads, and brand for Solana security.

Operations Manager

Remote

Run business operations like invoicing, contracts, and systems, so the team can focus on audits.

Ready to audit your protocol?

Submit your protocol for review and we'll respond within 24 hours. Our researchers have prevented 50+ critical exploits across the Solana ecosystem.

Lead time2–4 weeksPost-audit support6 monthsCoverage100% Solana
Submit Audit InquirySpeak to an Auditor

Accretion Labs Pte. Ltd.

65 Chulia Street, #46-00 OCBC Centre

Singapore 049513

Singapore

UEN 202502288W

Resources

Audit ReportsResearch BlogSolana Data ReverserMedia Kit

Contact

contact@accretion.xyzTelegramX / Twitter

GitHub

github.com/accretion-xyzAudit reports repo
© 2026 Accretion Labs Pte. Ltd.