Skip to content
View tr-Kalyan's full-sized avatar
1 follower · 0 following

Block or report tr-Kalyan

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
tr-Kalyan/README.md

Hi, I'm Kalyan TR πŸ‘‹

Smart Contract Developer | Security-Focused Engineer

Former regulated-domain QA (Finance & Healthcare) β†’ Web3 Security.

I build protocols with security-first thinking, then test them with fuzzing and static analysis to find what breaks.

Focus Tools Active Status

πŸ” Current Focus

  • Bug Bounties: Actively hunting on Immunefi and HackenProof β€” submitted a critical finding with $21M potential impact (pending review)
  • Competitive Audits: Participating in audit contests on Sherlock and CodeHawks β€” submitted findings in Fluid DEX V2 (pending validation)
  • Building: Developing an onchain DAO governance simulator to research attack vectors like flash-loan vote manipulation and quorum attacks

πŸš€ Featured Projects

Policy-Governed Agent Payments (PGAP)

Trust-minimized payment infrastructure for autonomous AI agents.

  • Architecture: Three-layer trust model separating AI reasoning from on-chain enforcement
  • Integration: Google Gemini AI + Arc Network + Circle USDC
  • Security: Per-transaction limits, daily caps, cooldowns, allowlists, nonce-based replay protection
  • Testing: Stateless fuzz testing of policy invariants (caps, cooldowns, replay safety)
  • Threat Model: AI treated as an untrusted proposer; worst-case loss bounded by on-chain policy
  • Live: Treasury on Arc Sepolia
  • πŸ”— View Repository

Async Settlement RWA Vault

ERC-4626 vault with T+1/T+2 settlement delays for real-world asset tokenization.

  • Core Feature: Async redemptions (request β†’ delay β†’ claim) aligned with traditional finance settlement
  • Security: Stateless fuzz testing (1000+ runs), Slither static analysis, self-audit (5 issues found and fixed)
  • Testing: Fork tests with real USDC on Sepolia
  • Live: Verified on Sepolia
  • πŸ”— View Repository

Verifiable RNG Distribution Protocol (Lottery V2)

Gas-optimized lottery using Chainlink VRF v2.5 with binary search winner selection.

  • Optimization: O(log N) binary search replacing O(N) loops (~95% gas reduction)
  • Architecture: Factory pattern for permissionless deployment
  • Security: Checks-Effects-Interactions pattern, Slither clean, 100% test coverage
  • Live: Verified Factory on Sepolia
  • πŸ”— View Repository

Collateralized Debt Solvency Engine (DSCEngine)

Over-collateralized stablecoin system with liquidation mechanism.

  • Core Logic: 200% collateralization threshold, 10% liquidation incentive
  • Security: Oracle circuit breaker for stale price protection
  • Testing: Stateless fuzz testing to verify solvency invariants
  • Live: Verified on Sepolia
  • πŸ”— View Repository

πŸ›‘οΈ Security Research

Current Status

  • Submitted HIGH and MEDIUM severity findings in Fluid DEX V2 audit contest on Sherlock (pending validation)
  • Submitted a critical vulnerability finding with $21M potential impact on a major protocol via bug bounty (pending review)
  • 5 validated findings in CodeHawks First Flights (educational contests)
  • Actively participating in bug bounty programs on Immunefi and HackenProof

Testing Approach

  • Slither static analysis for common vulnerability classes
  • Foundry stateless fuzz testing for edge cases and invariant violations
  • Manual code review for logic errors and economic exploits
  • Fork testing against mainnet state when applicable

πŸŽ“ Background & Education

  • Master of Science in Computer Science (in progress)
  • Former QA Engineer in regulated industries (Finance & Healthcare)
  • Transitioned from traditional software testing to smart contract security

🧰 Tech Stack

Languages:
Solidity, TypeScript, JavaScript, HTML/CSS

Frameworks:
Foundry, Hardhat, ethers.js

Testing & Security:
Foundry Fuzz Testing (stateless), Slither Static Analysis, Fork Testing

Tools:
Git, GitHub, VSCode, Remix

Integrations:
Chainlink (VRF, Price Feeds), Circle USDC, Arc Network, OpenZeppelin

πŸ’Ό Open to Collaboration

Interested in

  • Smart contract security research and auditing (learning phase)
  • DeFi protocol development (especially RWA and agent-based systems)
  • Building security testing frameworks

Best Fit

  • Teams needing systematic testing and security-conscious development
  • Projects integrating Circle, Arc, or Chainlink
  • Early-stage protocols where I can contribute to architecture and testing

πŸ“« Connect

πŸ“§ Email: kalyansde1@gmail.com
🐦 X (Twitter): @kalyan__tr
πŸ’Ό GitHub: @tr-Kalyan

πŸ“Š GitHub Stats

Kalyan's GitHub stats

🎯 2026 Goals

  • Find first valid bug in a production protocol audit
  • Complete 10+ audit contests on Sherlock / CodeHawks
  • Deep dive into large production codebases (Aave, Uniswap, Compound, Lido)
  • Contribute to at least 3 protocol security improvements
  • Transition into a junior smart contract auditor role

Last Updated: January 2026

Pinned Loading

  1. verifiable-rng-protocol verifiable-rng-protocol Public

    Solidity

  2. collateralized_debt_solvency_engine collateralized_debt_solvency_engine Public

    Solidity

  3. async-rwa-vault async-rwa-vault Public

    Solidity

  4. openzeppelin-contracts openzeppelin-contracts Public

    Forked from OpenZeppelin/openzeppelin-contracts

    OpenZeppelin Contracts is a library for secure smart contract development.

    Solidity

  5. policy-governed-agent policy-governed-agent Public

    TypeScript

  6. dao-governance-simulator dao-governance-simulator Public

    Solidity