I build smart contracts that survive the audit and the attackers after it.

Senior smart contract engineer focused on security. Shipping production software since 2009, the last 8 years building and hardening Web3 protocols. Contract systems I architected were taken through independent audits by STATEMIND, QuillAudits and storming0x. The reports, and everything else on this page, link to their sources.

CV · PDF Available for senior security engagements

Don't trust. Verify.

Contracts I architected and shipped, with the third-party reports that reviewed them. Open the PDFs.

Verification ledger 4 public reports
STATEMIND auditors of Lido, Curve, Yearn

DEGA ETH ISPO

The first Ethereum ISPO run through Lido: users stake stETH, accrue rewards, and withdraw at any time. Non-custodial by design.

In plain terms: a staking pool where users earn rewards without ever handing over custody of their funds.

Audit report source deployed
storming0x Yearn security researcher

DEGA TGE claim

Multi-chain token claims authorized by EIP-712 typed signatures, with replay protection across chains and contracts. OpenZeppelin v5, tested under Hardhat and Foundry.

In plain terms: users claim tokens on several chains with signed permissions that cannot be copied from one chain to another.

Audit report source deployed

What I do

Audit-ready contract development

Architecture and implementation of your Solidity system so the audit is a checkpoint, not a firefight: tokens, staking, vesting, EIP-712 claim flows, cross-chain replay protection. Foundry fuzz and invariant suites, deploy pipelines, and documentation written for the auditors.

Pre-audit hardening

I get your codebase to the state where the audit firm spends its hours on real issues instead of setup, scoping, and known-pattern noise. Fewer findings, faster audit, cheaper re-review.

Embedded security engineer

Part-time or full-time inside your team, owning contract security from spec to mainnet: threat modeling, manual review of existing Solidity, and remediation with fixes, not just findings.

AI engineering

Agents, MCP servers, and LLM-powered products, in Web3 and beyond: agent wallets and transaction flows, AI security tooling, game worlds operated by agents, and AI-assisted engineering pipelines. Built with the same security discipline as the contracts.

Background

Before Web3 I built software for banks, airlines, energy and healthcare, places where failure is expensive. Since 2018, protocols: the eFIN DEX for TokenPay (non-custodial atomic swaps routed over Tor, 2018 to 2019), token distribution on TokenTable, Mojos DAO on Optimism, real-world asset tokenization with Firepan, and Midnight, where I have been building in Compact since before its March 2026 mainnet.

The AI thread runs through all of it: game worlds operated by autonomous AI agents, MCP servers that let agents hold wallets and transact on Midnight, and a medical claim system on the Midnight blockchain, engineered end to end with AI-assisted workflows.

2023 · now Independent senior engineer · Web3 security and architecture for US clients · DEGA, autonomous AI agents, medical claim system on Midnight, RWA tokenization
2021 · 2023 Blockchain Developer · FIWORK · Solidity contract architecture, audit preparation, dApp integration
2019 · 2021 Senior Software Engineer · PSL Corp, MILL5 · full-stack TypeScript and .NET for US enterprise clients
2018 · 2019 Frontend & Blockchain Developer · Blocksize · eFIN DEX for TokenPay
2009 · 2018 Enterprise engineering · full-stack and .NET across banking, gaming, aviation and energy

Enterprise clients

Wells Fargo Electronic Arts Inter-American Development Bank Deloitte Bancolombia Suramericana Avianca Ecopetrol Medical devices (US, under NDA)

Networks

Ethereum BNB Chain Optimism Base Arbitrum Polygon Midnight

Security products, live

Products I design, build and run myself under the Noctis brand. I think like an attacker daily because my own tools have to catch them.

Writing

Work with me

I take senior contracts in smart contract security and AI engineering: audit-ready development, pre-audit hardening, embedded security work, and agent infrastructure. If you are putting contracts on mainnet and want them to survive both the audit and the attackers, write me.

click to copy, or open your mail app