Smart Contract Developer | Security-Focused Engineer
Former regulated-domain QA (Finance & Healthcare) → Web3 Security.
I build protocols with security-first thinking, then test them with fuzzing and static analysis to find what breaks.
- Bug Bounties: Actively hunting on Immunefi and HackenProof — submitted a critical finding with $21M potential impact (pending review)
- Competitive Audits: Participating in audit contests on Sherlock and CodeHawks — submitted findings in Fluid DEX V2 (pending validation)
- Building: Developing an onchain DAO governance simulator to research attack vectors like flash-loan vote manipulation and quorum attacks
Trust-minimized payment infrastructure for autonomous AI agents.
- Architecture: Three-layer trust model separating AI reasoning from on-chain enforcement
- Integration: Google Gemini AI + Arc Network + Circle USDC
- Security: Per-transaction limits, daily caps, cooldowns, allowlists, nonce-based replay protection
- Testing: Stateless fuzz testing of policy invariants (caps, cooldowns, replay safety)
- Threat Model: AI treated as an untrusted proposer; worst-case loss bounded by on-chain policy
- Live: Treasury on Arc Sepolia
- 🔗 View Repository
ERC-4626 vault with T+1/T+2 settlement delays for real-world asset tokenization.
- Core Feature: Async redemptions (request → delay → claim) aligned with traditional finance settlement
- Security: Stateless fuzz testing (1000+ runs), Slither static analysis, self-audit (5 issues found and fixed)
- Testing: Fork tests with real USDC on Sepolia
- Live: Verified on Sepolia
- 🔗 View Repository
Gas-optimized lottery using Chainlink VRF v2.5 with binary search winner selection.
- Optimization: O(log N) binary search replacing O(N) loops (~95% gas reduction)
- Architecture: Factory pattern for permissionless deployment
- Security: Checks-Effects-Interactions pattern, Slither clean, 100% test coverage
- Live: Verified Factory on Sepolia
- 🔗 View Repository
Over-collateralized stablecoin system with liquidation mechanism.
- Core Logic: 200% collateralization threshold, 10% liquidation incentive
- Security: Oracle circuit breaker for stale price protection
- Testing: Stateless fuzz testing to verify solvency invariants
- Live: Verified on Sepolia
- 🔗 View Repository
Current Status
- Submitted HIGH and MEDIUM severity findings in Fluid DEX V2 audit contest on Sherlock (pending validation)
- Submitted a critical vulnerability finding with $21M potential impact on a major protocol via bug bounty (pending review)
- 5 validated findings in CodeHawks First Flights (educational contests)
- Actively participating in bug bounty programs on Immunefi and HackenProof
Testing Approach
- Slither static analysis for common vulnerability classes
- Foundry stateless fuzz testing for edge cases and invariant violations
- Manual code review for logic errors and economic exploits
- Fork testing against mainnet state when applicable
- Master of Science in Computer Science (in progress)
- Former QA Engineer in regulated industries (Finance & Healthcare)
- Transitioned from traditional software testing to smart contract security
Languages:
Solidity, TypeScript, JavaScript, HTML/CSS
Frameworks:
Foundry, Hardhat, ethers.js
Testing & Security:
Foundry Fuzz Testing (stateless), Slither Static Analysis, Fork Testing
Tools:
Git, GitHub, VSCode, Remix
Integrations:
Chainlink (VRF, Price Feeds), Circle USDC, Arc Network, OpenZeppelin
Interested in
- Smart contract security research and auditing (learning phase)
- DeFi protocol development (especially RWA and agent-based systems)
- Building security testing frameworks
Best Fit
- Teams needing systematic testing and security-conscious development
- Projects integrating Circle, Arc, or Chainlink
- Early-stage protocols where I can contribute to architecture and testing
📧 Email: kalyansde1@gmail.com
🐦 X (Twitter): @kalyan__tr
💼 GitHub: @tr-Kalyan
- Find first valid bug in a production protocol audit
- Complete 10+ audit contests on Sherlock / CodeHawks
- Deep dive into large production codebases (Aave, Uniswap, Compound, Lido)
- Contribute to at least 3 protocol security improvements
- Transition into a junior smart contract auditor role
Last Updated: January 2026