About

I bridge the gap between building high-assurance software and breaking it. With a background as a developer, a hackathon organizer, and a 4 year tenure at Trail of Bits, I specialize in invariant-driven security.

• Authored: solc-select (Standard industry tool for Solidity version management)
• Proven: Led 100+ security reviews for industry leaders like Coinbase, Optimism, Scroll, Frax
• Specialty: Record-breaking invariant engagements (216 custom invariants for Curvance)

Invariant Development & Open Source

My development background allows me to translate complex protocol logic into formal invariants, creating automated testing suites that uncover edge cases missed by traditional manual reviews.

Featured Project: Curvance I led a 10-week solo high-assurance engagement, resulting in 216 invariants. This remains one of the most comprehensive fuzzing suites ever developed for a smart contract protocol.

Blog post | Report

Open Source Projects

• Author of solc-select – Lead author and maintainer. A CLI tool that allows users to switch between Solidity compiler versions instantly.
• Primitive Finance Invariant Development – fuzzing different versions of the Primitive ecosystem during an engagement where manual review and fuzzing was conducted

Security Reviews

Infrastructure and L2s

• Coinbase Aggregate Verifier - Follow-up review focusing on data addition and CWIA offsets
• Coinbase Multiproof - Review of dispute game checks supporting multiple proof types
• Coinbase Verified Pools - Arithmetic focused review of a specialized liquidity pool architecture
• Optimism Enclave - Security review of the Op Enclave system
• Scroll L2 Geth Diff Review - A depp dive diff review on a fork of go-ethereum

DeFi and Yield

• Drips Token Streaming - Review of fund-splitting logic for open-source grants
• Defi Wonderland - Bridged USDC standard for the OP stack, focusing on L2-specific risks
• Tradeable On Chain V2 - Protocol allowing lending asset managers to tokenize their strategies for institutional assets
• Bera Bex - Review of Berachain’s DEX, a Balancer Fork
• EasyCrypto - An implementation of a USDC-like stablecoin with controlled minting, burning, and pausing operations
• Myso Finance - Peer to peer and peer to pool lending protocol
• Atlendis Loans - Review of complex lending structures (bullet, installment, and revolving credit)
• Primitive Portfolio, previously “Hyper”- An automated market maker for custom liquidity distribution strategies
• Primitive RMM - Replicating market maker contracts
• Advanced Blockchain - A series of Solidity lending projects, Substrate lending, oracle, and call adapter pallets
• Frax - Permissionless and non-custodial stablecoin
• wAlgo - A vault implementation of a lending protocol written in Teal

NFT Marketplace

• LooksRare - An NFT marketplace with buying, selling, and order matching logic

Miscellaneous

• Hermez - Zero knowledge proof in circom and related Solidity implementation to support these proofs
• ETH2 Deposit CLI - Review of the python CLI implementation to deposit 32 ETH as a staker

Thought Leadership and Education

I am a frequent speaker and educator, dedicated to making advanced security concepts accessible to developers and researchers alike.

Select Presentations:

• Invariant Driven Codebases (2024) @ Defi Security Summit - A concise guide on creating invariant-driven codebases. This helps with not only streamlining your audits, but helps developers with writing nicer code
• Finding Bugs: 42 Tips from 4 Security Researchers (2024) @ Defi Security Summit - Advanced techniques for security researchers, focusing on complex testing, fuzzing methodologies, and how to make most of your time on a security review
• Professor at George Brown College- Developed and delivered curriculum for smart contract development and security to classes of 45+ students

Technical Deep Dives

I am a co-founder of the “Fuzzing Workshop” streaming series. At its launch, this was the industry’s first advanced course on DeFi invariants and remains a primary resource for security engineers.

• Advanced DeFi Invariants Part 1 (2022) - A simplified version of a client codebase, where I walk through how to find invariants, and how to implement these invariants in this smaller example.
• Advanced DeFi Invariants Part 2 (2022) - Demonstrates a different style of writing invariants, and touching on the difficulty of non-determinism in fuzzing
• Fuzzing 101 (2022) - Comprehensive guide on implementing fuzzing in development workflows