- Solidity smart contract researcher and auditor
- Currently learning, conducting research, and bug hunting
- Completed the Secureum Bootcamp
- Completed my MSc in Blockchain and Digital Currency at the University of Nicosia as a Coinbase Scholar
- Previously a Vice President at Goldman Sachs, leading business development and strategic partnerships
Here's a bit more about my story.
This is a public profile of my adventure as an auditor and researcher.
Some of my early projects and contributions are shared below.
Here are various smart contracts I've developed, including:
- NFT Marketplace: OpenWave
- Custom NFT ERC721 Token
- Custom ERC20 Token
- Token Depository and Receipt Token
Here is a compilation of projects that underline common vulnerabilities and exhibit how they can be exploited. For some, improved contracts are included, showcasing best practices to fortify the contract's security. Highlights include:
- CryptoBank Reentrancy
- TX Origin Phishing
- Token Minting Underflow
- ICO Overflow
- Beyond The Limit Overflow
- Timed Vault Overflow
- Insecure Blockhash
- Guessing Random Numbers
Here are my solutions to blockchain security wargames, challenges, and capture the flag (CTF) competitions.
- Mythril: I appreciate its extensibility, enabling me to script custom modules to detect specific vulnerabilities. For example, it can help in identifying a flawed external call that leads to a reentrancy attack.
- Slither: I find it invaluable during preliminary code assessments, when I can run a static analysis to identify vulnerabilities without executing the code. For instance, it can highlight an uninitialized state variable.
- Echidna: I value its property-based testing approach which expands my toolkit beyond traditional unit testing to testing properties. One practical example is verifying that a transfer function consistently maintains integrity of the total token supply.
- Foundry: Ultimately, I believe manual testing is the most powerful tool and Foundry enables me to generate POCs with simulated real-world contract interactions.
- Linux Distribution: ZIION. I enjoy using ZIION because it is tailored for smart contract security and minimizes the usual environment setup woes. It has dozens of pre-installed tools (ranging from decompilers to vulnerability scanners) that I enjoy using and it supports Solidity/EVM + Rust-based blockchains.
- IDE: VS Code. I appreciate the suites of great blockchain extensions. A few of my favorites include the Solidity extension to enable syntax highlighting and the Solidity Visual Auditor to visualize control flow graphs. For quick code review and testing I enjoy using Remix as well.