Skip to content

Research

Research Archive

Every research area, past and present — from Solidity compiler fuzzing and OSS-Fuzz contributions to differential testing of Ethereum clients and post-quantum cryptography implementations.

01

Ethereum Protocol Security

2022 - Present

Differential fuzzing and hard-fork readiness testing across Ethereum execution clients — finding consensus divergences before they reach mainnet.

  • Coverage-guided differential fuzzing of state-test execution across geth, Besu, Nethermind, Erigon, and revm, built on goevmlab
  • Hard-fork readiness testing for upcoming upgrades: gas repricing, block-level access lists, and new EIP semantics validated against the executable specs
  • Upstream fixes merged in Erigon, Nethermind, revm, and ethereum/execution-specs
  • Earlier: EIP-7702 differential fuzzers across geth, Nethermind, and Besu; PrecompileFuzzer for the Prague hard fork; EthFuzzNet network-resilience testing
02

Bug Bounty Triage

2026 - Present

Technical evaluator for the Ethereum Foundation bug bounty program: reproducing, assessing, and routing reported vulnerabilities across execution- and consensus-layer clients.

  • Evaluate submissions for consensus, finality, and denial-of-service impact to assign severity
  • Reproduce reported issues and confirm cross-client blast radius with differential test harnesses
  • Built internal tooling that manages the submission-to-triage workflow end to end
03

Post-Quantum Cryptography

2026 - Present

Differential testing of post-quantum standards: cross-checking independent ML-KEM (FIPS 203) and ML-DSA (FIPS 204) implementations against each other.

  • Built a coverage-guided differential fuzzer co-linking mlkem-native, BoringSSL, and libcrux
  • Functional-equivalence and constant-time checks across implementations
  • Published a four-part blog series on the approach and results
04

Cryptographic Side-Channel Research

2026 - Present

Constant-time analysis of widely deployed cryptographic libraries: finding secret-dependent timing paths in Mbed TLS / TF-PSA-Crypto and reporting them through coordinated disclosure.

  • Reported a variable-time division in mbedtls_mpi_mod_int reachable from RSA prime generation on a secret-data path — fixed in Mbed TLS 3.6.7 and TF-PSA-Crypto
  • Flagged a timing side channel in the ECC optimized modular reduction (ecp_modp) that was later confirmed exploitable, leading to the July 2026 Mbed TLS security advisory
05

AI-Assisted Vulnerability Research

2026 - Present

Agentic systems that put LLMs to work on Ethereum client security: deterministic orchestration, auditable logs, and human review at the decision points.

  • Agent frameworks that decompose vulnerability research into context building, harness generation, PoC validation, and triage
  • Autonomous audit pipelines run against Ethereum client codebases in sandboxed environments
  • LLM-assisted severity assessment integrated into the bug bounty triage workflow
PythonGo
06

Compiler Security

2018 - 2022

Core contributor to the Solidity compiler's testing infrastructure, with 300+ commits focused on fuzzing and correctness testing.

  • 303 commits to the Solidity compiler, primarily in fuzzing and testing
  • Built ABI encoder v2 differential fuzzer
  • Discovered and reported numerous compiler correctness bugs through structure-aware fuzzing
C++Solidity
07

P2P & Networking Security

2022 - Present

Security testing of peer-to-peer networking stacks used in Ethereum consensus and execution clients.

  • Security testing of Ethereum wire protocols (eth/6x, snap/1), including upstream sync-protocol fixes merged in Nethermind
  • Fuzzed libp2p (Rust implementation) for protocol-level vulnerabilities
  • Built mplex-dos stress testing tool for libp2p multiplexing
  • Contributed yamux stream multiplexer security patches
  • Security research on Prysm (Ethereum consensus client)
RustGoC++
08

Fuzzing Infrastructure

2017 - 2020

Tools and frameworks for automated vulnerability discovery, contributed to Google's OSS-Fuzz and built standalone fuzzing frameworks.

  • Built orthrus, a fuzzing framework for managing parallel fuzz campaigns (216 commits)
  • 69 commits to Google's OSS-Fuzz continuous fuzzing platform
  • Developed custom protocol-buffer based mutation strategies for structure-aware fuzzing
09

Application Security

2017 - 2021

Fuzzing open-source networking and language runtime software to find and fix memory safety and logic bugs.

  • Fuzzed Open vSwitch (16 commits) — found packet parsing vulnerabilities
  • Contributed to OVN (16 commits) — virtual network security testing
  • Built mruby proto fuzzer using structure-aware fuzzing techniques
  • Discovered and reported Boost Filesystem crash bugs
CC++Ruby
10

ERC-4337 / Account Abstraction

2023 - 2024

Testing and compliance infrastructure for Ethereum's account abstraction ecosystem.

  • Built bundler test executor for ERC-4337 compliance testing
  • Contributed to Holesky funding vault smart contract infrastructure
GoSolidity