Josef Gattermayer - Security Council candidate Mar 2026

GM Arbitrum community,

new election, so here I go again!

I’m Josef Gattermayer, CEO of Ackee Blockchain Security. I’m applying for the Arbitrum Security Council.

About me:

• Founded Ackee Blockchain Security in 2021
• Currently serve on Lido’s Dual Governance Emergency Committee
• Professor at CTU Prague (Ph.D. in Distributed Systems)
• Fully doxxed, based in Prague, Czech Republic

Security work:

I lead Ackee Blockchain Security where I’ve personally supervised 100+ audits. Our team has audited 200+ protocols and found 102 critical vulnerabilities, securing over $180B in TVL including Lido ($39B), AAVE ($42B), and Safe ($100B+). We’re whitelisted in the Arbitrum Audit Programme and as OP Superchain providers.

Selected audit reports I supervised:

• Lido CSM
• Safe Smart Account
• Aave Umbrella

Emergency governance experience:

I serve on Lido’s Dual Governance Emergency Committee during the protected deployment phase (first year post-launch), with the Community Staking Module in scope - a component we audited at Ackee. The committee can trigger emergency mode to block governance execution or perform emergency resets when critical vulnerabilities threaten the protocol. I understand how emergency governance works when billions are on the line.

Open source contributions:

Good auditors audit, the best auditors create tools for others (that’s my quote). Wake Framework started as a master’s thesis at CTU under my supervision, evolving into the industry-leading Python framework for Solidity security researchers.

• Wake Framework - Python-based Solidity development/testing/fuzzing (Coinbase grant)
• Solidity (Wake) VS Code extension - 40k+ downloads (Optimism grant)
• Trident - Rust-based fuzzer for Solana (Solana Foundation grant)

Selected talks:

• Fuzzing vs Formal Verification panel @ Web3 Security Summit Belgrade 2024
• Wake Framework @ SecureFi Brussels 2024
• Advanced Fuzz Testing using the Wake Framework @ TUM Blockchain Conference 2024

Educational leadership:

• Blockchain course at CTU: Training next-gen security researchers
• IEEE research: Enhancing Smart Contract Security through Static Code Analysis
• School of Solana: Trained 2500+ developers (Solana Foundation grant as Educational Partner)

Why I’m applying:

I’ve been securing protocols since 2021. Now I want to help protect Arbitrum itself - not just the projects building on it.

We’re already securing your ecosystem through our whitelisted audit work. Time to double down and protect the core infrastructure.

Ready to bring my experience to Arbitrum.

Links:

• Website: https://ackee.xyz
• X/Twitter: https://x.com/josefgattermayer
• LinkedIn: Josef Gattermayer - Ackee Blockchain | LinkedIn
• GitHub: Ackee Blockchain · GitHub

LFG. Happy to answer any questions.

Josef

Subject: Question regarding Economic Logic & Liquidity Deadlocks

​GM Josef,

​Impressive track record with Ackee and your work on the Lido Emergency Committee. As the Arbitrum ecosystem expands, we are seeing more complex ‘Logic Collisions’ between nested protocols.

​I have a specific question regarding the Security Council’s role in Economic Risk Mitigation:

​Many audits focus on smart contract vulnerabilities (code bugs), but we are seeing a rise in ‘Economic Deadlocks’ or ‘Whale Choke’ scenarios—where highly leveraged entities can cause a mathematical deadlock in liquidation engines during extreme volatility, freezing vault states and threatening the peg of associated assets.

​As a member of the Security Council, how would you approach an emergency reset or intervention if the threat isn’t a ‘hack’ in the code, but a systemic logic failure in a major protocol’s liquidation mechanics that puts Arbitrum’s systemic liquidity at risk?

​Specifically, do you believe the Council should have pre-defined ‘Circuit Breaker’ parameters for such economic logic failures?

​Looking forward to your perspective.

​Eklavya (Independent Risk Researcher)

This is nothing new; economic attacks emerged in 2021/2022, and since then, protection should be a part of every auditor’s strategy. Your question is more philosophical; we need to balance between “code-is-law” and users’ security. In the case of Arbitrum, I would incline more towards user security.

Hi Josef, I agree that the best auditors build tools. Following the Council’s feedback on the constitutional limits of intervention, I’ve built Project Sentinel as an Economic IR Playbook to protect the ecosystem where the Council cannot—at the application layer. Michael and Pablo (SEAL) have already shown interest in this ‘Operational Security’ approach. I’d love to see how Ackee’s Wake Framework can integrate with my incident response logic

Josef, strong track record no doubt. But Ackee is a whitelisted Arbitrum Audit Programme vendor. If elected, how would you handle recusal or conflict-of-interest situations where your firm has financial exposure to protocols you’d be voting to protect or pause? @MconnectDAO

I see it as a joint interest, not a conflict of interest.

Josef appreciate the response.

‘Joint interest’ is a perspective I understand. But it doesn’t answer the operational question.

If Ackee has audited a protocol that comes before the Security Council for an emergency decision do you recuse? Do you notify the community? Who decides if the situation qualifies…..?

Philosophy is useful. Process is what the community can actually ver

— MconnectDAO @josef_ackee @Arbitrum @MconnectDAO

Hi Josef, I agree that the best auditors build tools. Following the Council’s feedback on the constitutional limits of intervention, I’ve built Project Sentinel as an Economic IR Playbook to protect the ecosystem where the Council cannot—at the application layer. Michael and Pablo (SEAL) have already shown interest in this ‘Operational Security’ approach. I’d love to see how Ackee’s Wake Framework can integrate with my incident response logic