DEGA ETH ISPO
The first Ethereum ISPO run through Lido: users stake stETH, accrue rewards, and withdraw at any time. Non-custodial by design.
In plain terms: a staking pool where users earn rewards without ever handing over custody of their funds.
Senior smart contract engineer focused on security. Shipping production software since 2009, the last 8 years building and hardening Web3 protocols. Contract systems I architected were taken through independent audits by STATEMIND, QuillAudits and storming0x. The reports, and everything else on this page, link to their sources.
Contracts I architected and shipped, with the third-party reports that reviewed them. Open the PDFs.
The first Ethereum ISPO run through Lido: users stake stETH, accrue rewards, and withdraw at any time. Non-custodial by design.
In plain terms: a staking pool where users earn rewards without ever handing over custody of their funds.
The ERC-20 behind the DEGA ecosystem, with its TypeScript deploy pipeline. Reviewed independently by two auditors.
Multi-chain token claims authorized by EIP-712 typed signatures, with replay protection across chains and contracts. OpenZeppelin v5, tested under Hardhat and Foundry.
In plain terms: users claim tokens on several chains with signed permissions that cannot be copied from one chain to another.
Architecture and implementation of your Solidity system so the audit is a checkpoint, not a firefight: tokens, staking, vesting, EIP-712 claim flows, cross-chain replay protection. Foundry fuzz and invariant suites, deploy pipelines, and documentation written for the auditors.
I get your codebase to the state where the audit firm spends its hours on real issues instead of setup, scoping, and known-pattern noise. Fewer findings, faster audit, cheaper re-review.
Part-time or full-time inside your team, owning contract security from spec to mainnet: threat modeling, manual review of existing Solidity, and remediation with fixes, not just findings.
Agents, MCP servers, and LLM-powered products, in Web3 and beyond: agent wallets and transaction flows, AI security tooling, game worlds operated by agents, and AI-assisted engineering pipelines. Built with the same security discipline as the contracts.
Before Web3 I built software for banks, airlines, energy and healthcare, places where failure is expensive. Since 2018, protocols: the eFIN DEX for TokenPay (non-custodial atomic swaps routed over Tor, 2018 to 2019), token distribution on TokenTable, Mojos DAO on Optimism, real-world asset tokenization with Firepan, and Midnight, where I have been building in Compact since before its March 2026 mainnet.
The AI thread runs through all of it: game worlds operated by autonomous AI agents, MCP servers that let agents hold wallets and transact on Midnight, and a medical claim system on the Midnight blockchain, engineered end to end with AI-assisted workflows.
Products I design, build and run myself under the Noctis brand. I think like an attacker daily because my own tools have to catch them.
Static malware scanner for repositories you are asked to run: build-time code execution, lockfile evasion, hostile git hooks. Built after two real supply-chain attacks aimed at me, both dissected and turned into detectors.
Chat with any EVM contract across six chains. Resolves ABIs from Etherscan, and reconstructs them from bytecode with whatsabi when the contract is unverified.
AI transaction firewall for crypto wallets. Intercepts the signing request, decodes what the transaction actually does, and explains the risk in plain English before you approve. Heuristics answer instantly; an LLM explains the stakes.
AI smart contract auditor for Solidity and Vyper. Runs on Claude or local Ollama models, and outputs JSON, SARIF for GitHub Code Scanning, and styled HTML reports.
I take senior contracts in smart contract security and AI engineering: audit-ready development, pre-audit hardening, embedded security work, and agent infrastructure. If you are putting contracts on mainnet and want them to survive both the audit and the attackers, write me.