BhargavaShastry

Security Engineer at the Ethereum Foundation & Independent Security Researcher

Specializing in smart contract security, fuzzing, and blockchain technology. Contributing to the security and reliability of decentralized systems.

Security Research

Conducting security research for Ethereum protocol and smart contracts

Core Contributor

300+ commits to Solidity compiler and other critical projects

Fuzzing Expert

Developing advanced fuzzing tools and vulnerability discovery methods

Get In Touch

About Me

Passionate about securing the future of decentralized systems through rigorous research and development

Security Engineer & Researcher

I'm a security engineer at the Ethereum Foundation and an independent security researcher with a deep passion for blockchain technology and smart contract security. My work focuses on identifying vulnerabilities, developing security tools, and contributing to the overall security posture of decentralized systems.

With over 300 commits to the Solidity compiler and contributions to numerous critical projects, I've been at the forefront of blockchain security research. My expertise spans fuzzing, static analysis, protocol security, and vulnerability discovery.

I believe in the power of open-source collaboration and have contributed to projects like Google's OSS-Fuzz, various Ethereum clients, and developed specialized security tools that are used by the broader blockchain community.

Core Expertise

Smart Contract Security
Fuzzing & Testing
Protocol Security
Static Analysis
Vulnerability Research
Open Source Development
8+
Years of Experience
20+
Open Source Projects
50+
Security Vulnerabilities Found
1000+
Community Contributions

Technologies & Tools

SolidityRustC++PythonGoJavaScriptLLVMAFLFoundryHardhatDockerGitEthereumEVMDeFiSmart Contracts

Security Research

Building tools and techniques to find vulnerabilities before attackers do

Ethereum Protocol Security

2019 - Present
19 private repos

Differential fuzzing and testing tools for validating EIP implementations and consensus-critical code across Ethereum execution layer clients.

  • Built differential fuzzers for EIP-7702 (account abstraction) across geth, Nethermind, and Besu
  • Developed PrecompileFuzzer for testing EVM precompile implementations targeting the Prague hard fork
  • Created EthFuzzNet, an Ethereum network resilience testing framework
  • 33 commits to goevmlab for EVM trace analysis and test generation
GoSolidityPython
goevmlab

Compiler Security

2018 - Present
2 private repos

Core contributor to the Solidity compiler's testing infrastructure, with 300+ commits focused on fuzzing and correctness testing.

  • 303 commits to the Solidity compiler, primarily in fuzzing and testing
  • Built ABI encoder v2 differential fuzzer
  • Discovered and reported numerous compiler correctness bugs through structure-aware fuzzing
C++Solidity
Solidity

P2P & Networking Security

2018 - 2022
8 private repos

Security testing of peer-to-peer networking stacks used in Ethereum consensus and execution clients.

  • Fuzzed libp2p (Rust implementation) for protocol-level vulnerabilities
  • Built mplex-dos stress testing tool for libp2p multiplexing
  • Contributed yamux stream multiplexer security patches
  • Security research on Prysm (Ethereum consensus client)
RustGoC++
rust-libp2p

Fuzzing Infrastructure

2017 - 2020
1 private repo

Tools and frameworks for automated vulnerability discovery, contributed to Google's OSS-Fuzz and built standalone fuzzing frameworks.

  • Built orthrus, a fuzzing framework for managing parallel fuzz campaigns (216 commits)
  • 69 commits to Google's OSS-Fuzz continuous fuzzing platform
  • Developed custom protocol-buffer based mutation strategies for structure-aware fuzzing
PythonC++
orthrusoss-fuzz

Application Security

2017 - 2021

Fuzzing open-source networking and language runtime software to find and fix memory safety and logic bugs.

  • Fuzzed Open vSwitch (16 commits) — found packet parsing vulnerabilities
  • Contributed to OVN (16 commits) — virtual network security testing
  • Built mruby proto fuzzer using structure-aware fuzzing techniques
  • Discovered and reported Boost Filesystem crash bugs
CC++Ruby
Open vSwitch

ERC-4337 / Account Abstraction

2023 - 2024

Testing and compliance infrastructure for Ethereum's account abstraction ecosystem.

  • Built bundler test executor for ERC-4337 compliance testing
  • Contributed to Holesky funding vault smart contract infrastructure
GoSolidity

Curriculum Vitae

Professional experience and qualifications in security engineering and research

Bhargava Shastry

Security Engineer & Researcher

Remote
bshastry@ethereum.org

Professional Summary

Security engineer at the Ethereum Foundation specializing in protocol security, differential fuzzing, and consensus client testing. Building tools that find vulnerabilities across Ethereum's execution and consensus layers.

Professional Experience

Security Engineer

2019 - Present

Ethereum Foundation

Conducting security research and development for Ethereum protocol, focusing on smart contract security, consensus mechanisms, and protocol-level vulnerabilities.

Independent Security Researcher

2017 - Present

Freelance

Independent security research, building fuzzing tools, and contributing to open-source security projects including Google's OSS-Fuzz and Open vSwitch.

Security Researcher

2011 - 2012

Fraunhofer Secure IT

Research on Android platform security, including privilege escalation defenses and lightweight domain isolation. Published at NDSS and ACM SPSM.

Software Engineer

2007 - 2008

Ittiam Systems

Wrote software and tests for Ittiam's Voice over IP phone software.

Education

Ph.D. in Computer Science

2013 - 2019

Technische Universität Berlin

Focus: Static analysis and fuzzing techniques for open source bug detection

M.Sc. in Computer Science

2008 - 2010

Ecole Polytechnique Fédérale de Lausanne (EPFL)

Focus: Specialized in security of microcontrollers and embedded systems

B.Tech. in Electrical Engineering

2003 - 2007

National Institute of Technology Karnataka (NITK)

Focus: Undergraduate thesis on digital signal processing and embedded systems

Technical Skills

Programming Languages

GoRustC++SolidityPythonJava

Security Expertise

Protocol SecurityDifferential FuzzingConsensus Client TestingSmart Contract AuditingStatic Analysis

Blockchain & DeFi

EthereumEVMExecution LayerConsensus Layer

Tools & Frameworks

Claude SwarmFoundrycargo-fuzzlibFuzzerAFLSlitherDocker

Talks

Conference presentations and invited talks on fuzzing, compiler security, and vulnerability research

Fuzzing the Solidity Compiler

Devcon 5, 2019
Osaka
SlidesVideo

Fuzzing the Solidity Compiler

EthCC 3, 2020
Paris
Slides

Fuzzing the Solidity Compiler

FuzzCon EU, 2020
Europe
Slides

Can A Fuzzer Match A Human: Solidity Case Study

Ethereum Foundation, 2020
Slides

Open Discussion on Solidity Fuzzing

Ethereum Meetup, 2019
Berlin
Slides

Vulnerability Search Problem and Methods

TU Berlin (Invited Talk), 2019
Berlin
Slides

Publications

Peer-reviewed research in security, fuzzing, and program analysis

Ph.D. — TU Berlin

Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina

V. Ulitzsch, D. Maier, B. Shastry

Black Hat 2018

Taking Control of SDN-based Cloud Systems via the Data Plane

K. Thimmaraju, B. Shastry, T. Fiebig, F. Hetzelt, J.P. Seifert, A. Feldmann, S. Schmid

Symposium on SDN Research 2018

Best Paper Award

The vAMP Attack: Taking Control of Cloud Systems via the Unified Packet Parser

K. Thimmaraju, B. Shastry, T. Fiebig, F. Hetzelt, J.P. Seifert, A. Feldmann, S. Schmid

Cloud Computing Security Workshop 2017

Static Program Analysis as a Fuzzing Aid

B. Shastry, M. Leutner, T. Fiebig, K. Thimmaraju, F. Yamaguchi, K. Rieck, S. Schmid, J.P. Seifert, A. Feldmann

RAID 2017

Static exploration of taint-style vulnerabilities found by fuzzing

B. Shastry, F. Maggi, F. Yamaguchi, K. Rieck, J.P. Seifert

USENIX WOOT 2017

Leveraging flawed tutorials for seeding large-scale web vulnerability discovery

T. Unruh, B. Shastry, M. Skoruppa, F. Maggi, K. Rieck, J.P. Seifert, F. Yamaguchi

USENIX WOOT 2017

Towards Vulnerability Discovery Using Staged Program Analysis

B. Shastry, F. Yamaguchi, K. Rieck, J.P. Seifert

DIMVA 2016

A First Look at Firefox OS Security

D. Defreez, B. Shastry, H. Chen, J.P. Seifert

MoST 2014

Fraunhofer Secure IT

Towards Taming Privilege-Escalation Attacks on Android

S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.R. Sadeghi, B. Shastry

NDSS 2012

Practical and lightweight domain isolation on android

S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.R. Sadeghi, B. Shastry

ACM SPSM 2011

Open Source Activity

Recent public contributions — auto-updated weekly

Recently Active Repos

bshastry.github.io

TypeScript1just now

rust_reachability_analysis

Rust reachability analysis as a fuzzing aid

Rust119mo ago

docubot

A chatbot for your documents

Python630mo ago

docubot-webapp

A web front-end for DocuBot, a question-answering system powered by LangChain.

Python130mo ago

skills-code-with-codespaces

My clone repository

HTML30mo ago

skills-copilot-codespaces-vscode

My clone repository

30mo ago

Recent Activity

Pushed 0 commits to bshastry.github.io

just now

Pushed 0 commits to bshastry.github.io

13m ago

Pushed 0 commits to bshastry.github.io

31m ago

Pushed 0 commits to bshastry.github.io

33m ago

Pushed 0 commits to bshastry.github.io

1h ago

Created branch in bshastry.github.io

1h ago

Pushed 0 commits to claude-swarm

3d ago

Pushed 0 commits to claude-swarm

3d ago

Data from GitHub API · Last updated Apr 13, 2026

Get In Touch

Interested in collaboration, security research, or just want to connect? I'd love to hear from you.

Let's Connect

I'm passionate about cybersecurity and welcome discussions on research collaborations, emerging security challenges, or my work in blockchain security. Feel free to connect if you'd like to explore these areas or have questions about my research.

Location

Remote

Follow Me

Send a Message

Note: This form will open your default email client. You can also reach me directly at bshastry@ethereum.org