William Bowling - March 2026 Security Council

Hey everybody, vakzz, Head of Assurance at Zellic, sharing our application for the Arbitrum Security Council.

As a team of competitive hackers turned auditors, we’re obsessed with security. We’ve dedicated ourselves to securing the work of people building at the frontier. Arbitrum continues to be a home for innovation and liquidity, and we’re committed to helping build a weirder and safer future here.

About me

I’ve been with Zellic since 2022, and originally competed in CTFs alongside Zellic founders Jazzy and Luna on our team perfect blue. I’ve audited Zellic clients like LayerZero and StarkWare, wrote a security primer on Cairo, and now lead our team of security researchers as Head of Assurance. I spend the majority of my time in UTC+11.

About Zellic

We have demonstrated expertise in auditing every production smart contract language, core L1/L2 software and offchain systems in Golang, Rust, Typescript, etc., cryptography implementations, zk circuits, and also perform traditional penetration testing and cloud infrastructure security reviews.

Our clients include Arbitrum builders like Ostium, GMX, and Variational.

Why Zellic

As a globally distributed team of security professionals with demonstrated experience in auditing mission-critical software in a variety of languages, responding as a team to urgent issues, and leading war rooms during ungodly hours, Zellic is well positioned to be an exemplary contributor to the Arbitrum Security Council.

We enforce robust security practices for all our devices, domains, and signing keys. We have 24/7 availability, pre-established PagerDuty rotas and incident response plans, and will respond as a team to any Security Council related incidents.

Additional information

• We were previous Arbitrum Security Council members, and aim to renew our commitment
• We were founding members of SEAL
• We acquired competitive audit platform Code4rena in 2024, and removed C4 platform fees in 2025 effectively operating C4 as a public good
• Select vulnerability disclosures:
  • Web3 Ping of Death: Finding and Fixing a Chain-Halting Vulnerability in NEAR
  • Issues in Certain Forks of Gains Network
  • The Billion Dollar Bug: Finding and Fixing a Critical Issue in the Move Bytecode Verifier

Disclosure

We are currently members of Scroll’s Security Council, and while we have clients across the entire blockchain landscape we are not engaged or encumbered in a way that would present a conflict of interest.

Links

• Website
• Twitter
• Public audit reports
• Our autonomous Solidity auditor V12, now in open beta!

vakzz’s candidacy is live on Tally now too!

vakzz, strongest application so far previous council experience and PagerDuty infrastructure are hard to argue with……

A few questions:

You mention spending majority of time in UTC+11 during a simultaneous emergency affecting both Scroll and Arbitrum, how does your team manage priority and availability across both councils? And who is the designated backup representative if you’re unavailable…….?

On conflict of interest you’ve disclosed Scroll council membership, which I appreciate. But when an actual conflict arises, what is the exact process? Do you recuse and notify the community formally? Who decides if a situation qualifies as a conflict? “Not encumbered” is your own assessment what’s the community’s verification mechanism……?

And one question I’ve asked all four candidates none have answered yet: What is your actual vision for Arbitrum’s future? Not your credentials, not your past work but what do you want to change, improve, or protect specifically within Arbitrum? What does a better Arbitrum look like to you?

@MconnectDAO Freelance Researcher | Based in India | Still learning but paying attention.