Security research

Since 2026 I've worked as an independent smart contract security researcher on Immunefi and Cantina bug bounty programs, focusing on EVM protocols - perpetuals, lending, restaking and real-world assets.

The pipeline

I built my research tooling end-to-end in Python: an Immunefi scraper backed by a 216-programme database, static analysis via Slither, Mythril and Semgrep, exploit-pattern matching against historical incidents (Euler, Nomad, Wormhole) and CTF corpora, LLM-generated analysis briefs, and automated Markdown and Telegram reporting. Separate analyser runners cover Solana, CosmWasm and Move alongside EVM.

Methodology

Confirmed findings

Track record, honestly

Around 90 protocol assessments so far - Ostium, Polymarket, Morpho, Pendle, Renzo, Maple, Enzyme, Usual, GammaSwap and others. Several targets I cleared as genuinely hardened after full review rather than filing low-confidence reports - I'd rather have a short list of real findings than a long list of noise.

The Ostium work is representative of how I approach a target: a candidate liquidation-check bypass where the liquidation flag is latched at mid price while trade value is recomputed at post-impact price - unlike the sibling automation path - supported by a Foundry fork proof-of-concept against the live deployment.

Agent security tooling

Hackathon builds from 2026, all at the intersection of AI agents and on-chain risk: