Research
Research Archive
Every research area, past and present — from Solidity compiler fuzzing and OSS-Fuzz contributions to differential testing of Ethereum clients and post-quantum cryptography implementations.
Ethereum Protocol Security
2022 - PresentDifferential fuzzing and hard-fork readiness testing across Ethereum execution clients — finding consensus divergences before they reach mainnet.
- Coverage-guided differential fuzzing of state-test execution across geth, Besu, Nethermind, Erigon, and revm, built on goevmlab
- Hard-fork readiness testing for upcoming upgrades: gas repricing, block-level access lists, and new EIP semantics validated against the executable specs
- Upstream fixes merged in Erigon, Nethermind, revm, and ethereum/execution-specs
- Earlier: EIP-7702 differential fuzzers across geth, Nethermind, and Besu; PrecompileFuzzer for the Prague hard fork; EthFuzzNet network-resilience testing
Bug Bounty Triage
2026 - PresentTechnical evaluator for the Ethereum Foundation bug bounty program: reproducing, assessing, and routing reported vulnerabilities across execution- and consensus-layer clients.
- Evaluate submissions for consensus, finality, and denial-of-service impact to assign severity
- Reproduce reported issues and confirm cross-client blast radius with differential test harnesses
- Built internal tooling that manages the submission-to-triage workflow end to end
Post-Quantum Cryptography
2026 - PresentDifferential testing of post-quantum standards: cross-checking independent ML-KEM (FIPS 203) and ML-DSA (FIPS 204) implementations against each other.
- Built a coverage-guided differential fuzzer co-linking mlkem-native, BoringSSL, and libcrux
- Functional-equivalence and constant-time checks across implementations
- Published a four-part blog series on the approach and results
Cryptographic Side-Channel Research
2026 - PresentConstant-time analysis of widely deployed cryptographic libraries: finding secret-dependent timing paths in Mbed TLS / TF-PSA-Crypto and reporting them through coordinated disclosure.
- Reported a variable-time division in mbedtls_mpi_mod_int reachable from RSA prime generation on a secret-data path — fixed in Mbed TLS 3.6.7 and TF-PSA-Crypto
- Flagged a timing side channel in the ECC optimized modular reduction (ecp_modp) that was later confirmed exploitable, leading to the July 2026 Mbed TLS security advisory
AI-Assisted Vulnerability Research
2026 - PresentAgentic systems that put LLMs to work on Ethereum client security: deterministic orchestration, auditable logs, and human review at the decision points.
- Agent frameworks that decompose vulnerability research into context building, harness generation, PoC validation, and triage
- Autonomous audit pipelines run against Ethereum client codebases in sandboxed environments
- LLM-assisted severity assessment integrated into the bug bounty triage workflow
Compiler Security
2018 - 2022Core contributor to the Solidity compiler's testing infrastructure, with 300+ commits focused on fuzzing and correctness testing.
- 303 commits to the Solidity compiler, primarily in fuzzing and testing
- Built ABI encoder v2 differential fuzzer
- Discovered and reported numerous compiler correctness bugs through structure-aware fuzzing
P2P & Networking Security
2022 - PresentSecurity testing of peer-to-peer networking stacks used in Ethereum consensus and execution clients.
- Security testing of Ethereum wire protocols (eth/6x, snap/1), including upstream sync-protocol fixes merged in Nethermind
- Fuzzed libp2p (Rust implementation) for protocol-level vulnerabilities
- Built mplex-dos stress testing tool for libp2p multiplexing
- Contributed yamux stream multiplexer security patches
- Security research on Prysm (Ethereum consensus client)
Fuzzing Infrastructure
2017 - 2020Tools and frameworks for automated vulnerability discovery, contributed to Google's OSS-Fuzz and built standalone fuzzing frameworks.
- Built orthrus, a fuzzing framework for managing parallel fuzz campaigns (216 commits)
- 69 commits to Google's OSS-Fuzz continuous fuzzing platform
- Developed custom protocol-buffer based mutation strategies for structure-aware fuzzing
Application Security
2017 - 2021Fuzzing open-source networking and language runtime software to find and fix memory safety and logic bugs.
- Fuzzed Open vSwitch (16 commits) — found packet parsing vulnerabilities
- Contributed to OVN (16 commits) — virtual network security testing
- Built mruby proto fuzzer using structure-aware fuzzing techniques
- Discovered and reported Boost Filesystem crash bugs
ERC-4337 / Account Abstraction
2023 - 2024Testing and compliance infrastructure for Ethereum's account abstraction ecosystem.
- Built bundler test executor for ERC-4337 compliance testing
- Contributed to Holesky funding vault smart contract infrastructure