I'm a Computer Engineer specialized in Web2 Security, Pentesting, OpSec, OSINT, and Systems / Networks management.
I work in BlockSec with focus on Blockchain Security across EVM, Solana, infra, Golang, ZK, and C++.
- Fuzzing and building at Recon.
- Security audits for Recon, Spearbit, Cantina, and freelance clients.
- Judge and triager at Cantina.
Main areas: DeFi, vaults, tokens, SPL, hooks, lending, NFTs, cross-chain, ZK, math, fuzzing, and invariant testing.
I'm also a Senior Full-Stack Engineer with 8+ years building full-stack and cross-platform applications.
Experience includes:
- CI/CD, Docker, AWS, Kubernetes, GitHub Actions.
- PWA, mobile, Telegram bots, UX engineering, UX patterns, VSCode extensions.
- AI, AI agents, prompt engineering, and prompt injection research.
- Secureum alumni and top racer.
- Atrium Uniswap V4 Hooks alumni.
- ZKDao Circom alumni.
Blockchain / Security:
- Solidity, EVM, Foundry, Yul, Medusa, Echidna, Halmos, Slither, Manticore.
- Solana / SPL, Rust, Go, C++, Python.
Web / Product:
- React, Next.js, TypeScript, JavaScript, Node.js, Express, GraphQL, REST.
- Angular, Svelte, Ionic, Capacitor, PWA.
Infra / Systems:
- AWS, Docker, Kubernetes, Nginx, PostgreSQL, MongoDB, Firebase, GitHub Actions.
- The CPIMP Backdoor, the USPD Incident and how the UI/UX is tricking us: HackMD, Medium
- Co-editor of The Secureum Book
- The Auditor Toolbox: HackMD, Medium
- How to play as a JSR at Spearbit: HackMD, Medium
- TrustX Istanbul: Auditor Docker
- Paris Logos: Guardians of the Blockchain
- OpenSense: Auditor Toolbox
- Activate Miami x Wormhole: Randomness on chain
Computer Engineer and Smart Contract Auditor specializing in DeFi and L2 ecosystems.
$14B+ TVL helped secure at ReconFuzz. 18+ security reviews at Spearbit and Cantina ($2B+ TVL helped secure), plus 25+ contests across C4, Sherlock, Codehawks, and Cantina. Broad skill set from manual review and invariant fuzzing to gas optimization. EVM + Solana.
- ReconFuzz team page
- AAVE Labs: soon published
- Sudoswap V2
- OpenSea Pro
- Redacted Cartel
- DELV (prev. Element Finance)
- Axiom V2
- Sphinx
- Axiom V2 PR review + Gas
- Axiom V2 pt.2
- DELV pt.2
- Euler Finance EVC
- Euler Finance EVK
- Euler Finance Oracle
- Uniswap V4 Core
- Uniswap V4 Universal Router
- Uniswap V4 Periphery
- Glow Labs
Data grouping as of 2024-04-18
| Critical Risk | High Risk | Medium Risk | Low Risk | Gas Optimization | Info Risk |
|---|---|---|---|---|---|
| 7 | 19 | 30 | 89 | 57 | 182 |
- Superform
- Blast
- Uniswap V4
- Axie Infinity
- Berachain
| Platform | Contests | High | Medium | Notes | Last contest |
|---|---|---|---|---|---|
| Cantina | 1 | 2 | 1 | Feb 2024 | |
| Code4rena | 14 | 2 | 15 | +21 Gas and QA audits | Feb 2023 |
| Sherlock | 7 | 1 | 8 | Mar 2023 | |
| Codehawks | 1 | 2 | 1 | Aug 2023 | |
| C4 Team-SleepingBugs | 1 | 1 | +7 Gas and QA audits | Jan 2023 | |
| C4 Team-0xPanas | 1 | 2 | Sep 2022 | ||
| Total | 25 | 9 | 26 | +28 QA/Gas audits, around 150 L | Feb 2024 |
- SmartCow for ETHBogotá: GitHub
- Bridges & Widgets for Arbitrum Hackathon: GitHub
- GetSponsoreth for Activate x Wormhole Miami: GitHub
- TopMantle for ETHPorto: 3rd place, GitHub
- ZkKloone for ZK Lisbon: GitHub
- ETHLisbon: GitHub
- NATIVO for SozuHaus Hackathon
- GaslessPOAPs for ETHIstanbul: GitHub
- Wormhole Activate Miami + Secureum workshop.
- a-MAZE-X CTF by Secureum.
- TrustX by Secureum.
- Devcon VI and Devcon VII.
- ETHBogota and ETHLatam.
- ETHBarcelona 2023.
- DeFi Security Summit Thailand.
DM to request an audit.
Visit my portfolio.
GitHub · Twitter