-
Work
- Security Engineer @ VyperLang (2023–present)
- Solidity Auditor @ Ackee Blockchain (2021–2023)
- FPGA Developer (infrared cameras) @ Workswell (2020–2021)
-
Highlights
- Built Ivy — AST interpreter + differential fuzzer for the Vyper compiler; led compiler hardening & audit readiness
- Reported high-severity compiler issues:
- Vyper: concat builtin memory corruption — https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p
- Sway: access controls of function dispatch — FuelLabs/sway#6333
- MSc in Computer Science (Systems Programming)
-
Programming (compilers & tooling)
- Ivy — AST interpreter + differential fuzzer: https://github.com/cyberthirst/ivy
- microc — dataflow static analyses: https://github.com/cyberthirst/microc
- cfml — bytecode compiler + runtime: https://github.com/cyberthirst/cfml
- tiny-c — C-like compiler: https://github.com/cyberthirst/tiny-c
- coverage-c — coverage-guided fuzzer for C: https://github.com/cyberthirst/coverage-c
-
OSS
- Wake (Solidity testing framework): https://github.com/Ackee-Blockchain/wake
- Vyper (EVM compiler): https://github.com/vyperlang/vyper
-
Selected audits
- Vyper compiler (CodeHawks): https://codehawks.cyfrin.io/c/2023-09-vyper-compiler/results?lt=contest&page=1&sc=reward&sj=reward&t=report
- Sway compiler (Immunefi): https://drive.google.com/file/d/1L-8jHGhR8UqvRlHRhUXXreSRkGUVJsPU/view
- Everstake Staking (Ackee): https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2023/ackee-blockchain-everstake-staking-report.pdf
- Axelar ITS v3.0 (Ackee): https://github.com/Ackee-Blockchain/public-audit-reports/blob/master/2024/ackee-blockchain-axelar-interchain-token-service-report.pdf
- Safe Multisig 1.4 (Ackee): https://github.com/safe-global/safe-smart-account/blob/main/docs/Safe_Audit_Report_1_4_0.pdf
-
Writing & talks
- Chainlink Data Feeds: a security researcher’s perspective — https://medium.com/ackee-blockchain/chainlink-data-feeds-security-researchers-perspective-3d558399f626
- The Logic of Mutation Testing — https://medium.com/@cyberthirst/the-logic-of-mutation-testing-58f0aefe160b
- Subtle Vyper: Understanding Vyper’s Idiosyncrasies and Gotchas — https://hackmd.io/@cyberthirst/HJ_6IJPCJl
- Writing EVM state in static context — https://hackmd.io/@cyberthirst/B1J1xZTY0
- Access Controls in Compilers — https://hackmd.io/@cyberthirst/SJEaIuotA
- How the Vyper compiler allocates memory — https://blog.vyperlang.org/posts/memory-allocation/
- Safe{Con} 2023 — multisig security
-
Contact
- X: @cyberthirst
- GitHub: https://github.com/cyberthirst
Popular repositories Loading
-
-
-
-
audits
audits PublicForked from vyperlang/audits
publicly available audits/3rd party reviews of vyper
-
Something went wrong, please refresh the page to try again.
If the problem persists, check the GitHub status page or contact support.
If the problem persists, check the GitHub status page or contact support.