S3v3ru5

GitHub Blog Twitter/X vara10110@gmail.com

Experience

Independent Security Researcher

July 2024 - Present
  • Security Researcher at SpearBit, conducting security reviews of blockchain protocols
  • Perform independent audits of smart contracts across multiple blockchain platforms
  • Participate in security contests on Sherlock and CodeHawks platforms
  • Portfolio of audits and contest results: s3v3ru5.github.io/audits

Trail of Bits

Blockchain Security Engineer

June 2022 - June 2024
  • Conducted security reviews of smart contracts on Ethereum, Algorand, and Solana
  • Reviewed off-chain components including compilers, virtual machines, and blockchain nodes written in Rust
  • Contributed to Tealer, a static analyzer for Algorand smart contracts (June 2022 - Nov 2023)
  • Contributed to solana-lints, a Rust linting framework for Solana programs (Dec 2023 - June 2024)
  • Contributed vulnerability documentation to building-secure-contracts

Ottersec

Auditor

March 2022 - April 2022
  • Performed security audits of Solana protocols

Trail of Bits

Security Research Intern

December 2021 - January 2022
  • Contributed to development of Tealer, a static analyzer for Algorand smart contracts

Team Invaders & Team zer0pts

CTF Player - Cryptography

January 2019 - October 2021
  • Solved cryptography challenges in Capture The Flag competitions with team Invaders (Jan 2019 - Nov 2020) and team zer0pts (Dec 2020 - Oct 2021)
  • Studied and applied cryptanalytic techniques including attacks on RSA, elliptic curve cryptography, block ciphers, and hash functions
  • Published detailed writeups of cryptography challenges

Education

RGUKT Nuzvid

2018 - 2022

Bachelor of Technology in Computer Science & Engineering; CGPA: 9.32/10

Projects

Tealer - Static analyzer for Algorand smart contracts

2022 - 2023
  • Built control-flow graph construction and dataflow analysis infrastructure
  • Implemented detectors for identifying security vulnerabilities and code quality issues
  • Added support for analyzing Algorand group transactions involving multiple smart contracts
  • Developed printers for code visualization and analysis result reporting
  • Created comprehensive documentation and GitHub wiki for the tool

Solana-lints - Security lints for Solana programs

2023 - 2024
  • Contributed custom Rust lints using the rustc compiler API for detecting vulnerabilities in Solana programs
  • Implemented sysvar_get lint to detect improper system variable access patterns
  • Updated existing lints to support modern Solana program structure and Anchor framework
  • Reduced false positive rates through improved pattern matching and context analysis

Building Secure Contracts - Vulnerability documentation

2022 - 2024
  • Documented common vulnerability patterns in Algorand smart contracts in the not-so-smart-contracts repository
  • Added improper instruction introspection vulnerability pattern for Solana
  • Provided code examples and mitigation strategies for each vulnerability class

Skills

Languages: Python, Rust, Solidity, TEAL, PyTeal, SageMath
Cryptography: RSA, Elliptic Curve Cryptography, Block Ciphers, Hash Functions, Cryptanalysis
Security Tools: Slither, Echidna, Tealer, solana-lints, Clippy
Analysis Tools: z3 SMT Solver, Ghidra, GDB (pwndbg), Wireshark
Blockchain Platforms: Ethereum (Solidity), Algorand (TEAL/PyTeal), Solana (Anchor/Rust)

Achievements

  • Security contest placements: 2nd place in WooFi Swap Solana, 3rd place in Orderly Solana Vault and Winnable Raffles contests, 4th place in Zaros contest
  • Winner of InCTF Nationals, December 2019 (Individual category)
  • Winner of PBCTF 2020, December 2020 (as part of team zer0pts)
  • Ranked #368 globally and #14 in India on CryptoHack platform