I'm a Computer engineer with specialization in web2 security, opsec and system management. I do fullstack and cross platform applications in my free time for more than 8 years. CI/CD, docker. PWA, mobile, TG bots, AI, VSCode extensions. I also have skills regarding UX, client psychology and team management. Secureum alumni and top racer. Atrium alumni. ZKDao Circom alumni
Focused on blockchain (EVM + Solana) and its security, I do audits for Spearbit & Cantina. Judge and triager at Cantina. Fuzzing with Recon.
DeFi, Vaults, Hooks, Lending, NFTs, Cross chain, zk, Math & Fuzzing/Invariant testing. Hackathons enjoyer. I do gas optimizing. I do tool development.
- Co-editor of The Secureum Book
- The Auditor Toolbox: hackmd, medium
- How to play as a JSR at Spearbit: hackmd, medium
- The CPIMP Backdoor, the USPD Incident and how the UI/UX is tricking us: hackmd, medium
- TrustX Istambul: Auditor Docker
- Paris Logos: Guardians of the blockchain
- OpenSense: Auditor Toolbox
- Miami Activate x Wormhole: Randomness in the chain
Computer Engineer & Smart-contract Auditor specialising in DeFi, L2s ecosystems. 18+ security reviews at Spearbit & Cantina ($2B+ TVL helped secure), 25+ contests across C4, Sherlock, Codehawks, Cantina, etc. Broad skill set from manual review, invariant fuzzing to gas optimisation. EVM + Solana.
- Sudoswap V2
- OpenSea Pro
- Redacted Cartel
- DELV (prev. Element Finance)
- Axiom V2
- Sphinx
- Axiom V2 PR review + Gas
- Axiom V2 pt.2
- DELV pt.2
- Euler Finance EVC
- Euler Finance EVK
- Euler Finance Oracle
- Uniswap V4 Core
- Uniswap V4 Universal Router
- Uniswap V4 Periphery
- Glow Labs
Data grouping (as per 2024, 18th April) the different findings found at the previous audits
| Critical Risk | High Risk | Medium Risk | Low Risk | Gas Optimization | Info Risk |
|---|---|---|---|---|---|
| 7 | 19 | 30 | 89 | 57 | 182 |
- Superform
- Blast
- Uniswap V4
- Axie Infinity
- Berachain
Some contests are ongoing and the table will need to be updated.
| Platform | Contests Participated | High Risk | Medium Risk | Additional Notes | Last Contest Date |
|---|---|---|---|---|---|
| Cantina | 1 | 2 | 1 | February 2024 | |
| Code4rena | 14 | 2 | 15 | + 21 Gas and QA Audits | February 2023 |
| Sherlock | 7 | 1 | 8 | March 2023 | |
| Codehawks | 1 | 2 | 1 | August 2023 | |
| C4 Team-SleepingBugs | 1 | 1 | + 7 Gas and QA Audits | January 2023 | |
| C4 Team-0xPanas | 1 | 2 | September 2022 | ||
| Total | 25 | 9 | 26 | + 28 just QA and Gas audits, around 150 L | February 2024 |
- SmartCow for ETHBogotá: https://github.com/Deivitto/eth-bogota-hackhaton
- Bridges&Widgets for Arbitrum Hackhaton: https://github.com/nicobevilacqua/bridgets-and-widgets
- GetSponsoreth for Activate x Wormhole Miami: https://github.com/eugenioclrc/getsponsoreth
- TopMantle for ETHPorto: 3rd place https://github.com/luksgrin/topMantle_ETHPorto
- ZkKloone for ZKLisbon: https://github.com/luksgrin/ZKHack_project
- ETHLisbon: https://github.com/luksgrin/ETHLisbon_project
- NATIVO for SozuHaus Hackathon
- GaslessPOAPs for ETHIstambul: https://github.com/Deivitto/gassless-poaps
- PlayProtect for ETHTokyo: https://github.com/luksgrin/ETHTokyo_Project
- AdaptivePools for ETHLondon: https://github.com/carlitox477/adaptive-pools
Details
-
Wormhole Activate Miami + Secureum – Workshop
Role: Organized security-focused workshops for developers. -
a-MAZE-X CTF by Secureum
Role: CTF challenge creation and event organization. -
TrustX by Secureum
Role: Event organization, interviewer and community engagement around Web3 security. -
Devcon VI (Bogotá)
Role: Supported event organization and coordination of community activities. -
Devcon VII (Bangkok)
Role: Organization and coordinating. -
ETHBogota
Role: Organized builder-focused activities, hackathon and participant support. -
ETHLatam
Role: Organization and coordination for Spanish-speaking Web3 community. -
ETHBarcelona 2023
Role: Organization and coordination for the event and hackathon with the local community. -
DeFi Security Summit Thailand
Role: Organization and coordination for a DeFi security–focused event.
A list of things done at the space:
- UniV4 - Atrium Uniswap v4 hook incubator graduated alumni - Talks: - TrustX Istambul: [Auditor Docker](https://www.youtube.com/watch?v=QQCE4mOqGi0) - Paris Logos: Guardians of the blockchain - OpenSense: Auditor Docker - Activate Miami X Wormhole: Secureum Workshop - Randomness in blockchain - Book: - Editing [Secureum Gitbook](https://github.com/secureum/Secureum-Book) - Audits / Security related - Secureum Bootcamp from Epoch0 - EpochInfinite - Top 1, 2, 8, 16–32 at some Secureum Races -> CAREs - Top 150 at Code4rena 2022 (starting at July aprox) - Top 100 at Sherlock 2022 (starting october/november) - Joined Spearbit at December 2022 - Read more reports and medium posts that I can count - Wrote my own basic static analyzer + tons of scripts to work faster - Wrote slither detectors - Fuzzing testing - Formal verification - Build the [auditor-docker](https://github.com/Deivitto/auditor-docker) - CTF - DefiSummit CTF solved - CaptureTheEther CTF solved - Studied typical CTF writeups (Ethernaut, Paradigm...) - Hackathons - 8 Hackathons with awards - 1 Hackathon not awardedFeel free to DM to request an audit