Smart Contract Security Researcher
I build and secure on-chain systems — combining protocol development, exploit analysis and security tooling for adversarial environments.
About Me
I'm Sidarth S — a smart contract security engineer working across protocol development, threat modelling, static/dynamic analysis, and production-grade security tooling for live EVM systems.
Alongside security, I work on building and analyzing smart contract systems including — DeFi primitives, NFT infrastructure, and auction mechanisms — with a focus on how design decisions impact real-world behavior and risk.
My background in AI as Data Scientist feeds directly into this, from opcode-level feature engineering to anomaly detection — different expressions of the same pattern recognition problem applied to adversarial systems.
Key Achievements
Detected OpenZeppelin library tampering linked to a ~$1M scam on Base Chain,
Won the formal verification challenge at DeFi Security Summit, Bangkok 2024
ETH-India, Bangkok, Paris, Tokyo
Ranked 65th worldwide in one of the most competitive smart contract CTF competition.
Built Starknet Storage Slot Reader (dev tool), becoming finalists in the StarknetCC India.
Built fully automated NFT generation pipeline with $100K–$150K monthly trading volume.
Completed Ackee Blockchain Security's Solana graduate program.
PRs across Slither (Crytic), Halmos (a16z), Cairo Book, Abstractions-Compose and Shipped SolderX (PyPI package)
My Works
Security tooling, DeFi protocols, cross-chain systems, NFT primitives, and AI experiments — 15 projects across Ethereum, Solana, and Starknet.
Security Tooling
POC smart contract security scanner — automates detection of input validation bugs, access control flaws, and missing critical overrides in DeFi protocols.
Cross-chain
Trustless EVM ↔ Non-EVM atomic swaps using HTLC mechanics — removing the need for centralised bridges and intermediaries.
Solana / DeFi
Lightweight on-chain AMM on Solana — SPL token pools, constant-product swaps, liquidity management, PDA vaults, and LP tokens in Rust/Anchor.
DevEx / PyPI
Published Python CLI on PyPI — fuses and flattens Solidity contracts with Etherscan support, remapping resolution, and cyclic import handling.
Starknet
Developer utility for reading and inspecting storage slots in Starknet smart contracts — aids debugging and security analysis on Cairo-based L2. StarknetCC 2022 Finalist.
NFT
Fully on-chain generative NFTs — art and metadata produced and stored entirely on-chain, no IPFS. Composable trait system with zero external dependencies.
NFT
ERC-998 NFTs that own ERC-20 tokens — NFTs as wallets with composable asset management, enabling novel DeFi composability patterns.
Cross-chain / Gaming
Cross-chain game featuring dynamic ERC-998 composable NFTs — in-game characters own child tokens across different chains.
DeFi
Decentralised stop-loss mechanism — automatically sells user assets when a price threshold is hit, providing automated on-chain risk management.
DeFi
DeFi lending platform for emerging blockchain developers — crypto-backed educational loans and resources through smart contracts.
Payments
Decentralised group expense manager — split and settle shared bills transparently on-chain, eliminating trust issues in group payments.
Social Impact
Blockchain blood bank management — tokenizes blood donations for transparent tracking, tamper-proof record-keeping, and donor incentivisation.
AI / Computer Vision
Real-time AR Sudoku solver — OpenCV detects grid from camera feed, CNN solves it, and the answer is overlaid using augmented reality.
AI / Deep Learning
Real-time hand gesture recognition system that translates sign language to spoken audio — bridging communication for hearing-impaired individuals.
Game
A simple Snake 2d-Platform game, developed using python pygame
Experience & Journey
~5 years across blockchain security, NFT infrastructure, data science, and applied machine learning.
Trugard Labs
Core developer on Trugard's real-time blockchain security monitoring system, blending static/dynamic analysis with ML-assisted threat detection across live EVM chains.
GuardianLink
Smart contract research, internal auditing, and full-stack NFT infrastructure work — from on-chain primitives to revenue-generating drops.
Straive (SPI Global)
NLP and computer vision work that built the applied ML foundation now used in exploit-pattern detection and anomaly scoring.
Nissan Digital India LLP
Deep learning internship building NLP systems and coordinating models with hardware optimisation pipelines.
Open Source
10+ merged PRs across foundational Web3 ecosystem and security tools
Tools I Built
PRs to OSS
The most widely used Solidity static analysis framework. Contributions span new detectors, framework API extensions, and bug fixes.
slither-mutate
slither-mutate
get_msg_sender_checks()
Symbolic testing tool for EVM smart contracts developed by a16z. Contribution improves arithmetic simplification in the solver.
The official learning resource for Cairo and Starknet development. Five PRs improving documentation accuracy and test reliability.
Composable on-chain NFT library. Fixed a critical correctness bug in the ERC-721 enumerable mint flow.
Blogs & Articles
Deep-dive writing on Solidity internals, Solana architecture, NFT standards, and DeFi mechanics — published in Coinmonks and on Medium.
Security
Why passing tests don't mean safe contracts — using slither-mutate to expose gaps that code coverage misses entirely.
Solidity
Reentrancy, integer overflow edge cases, signature malleability, and advanced security patterns — hard-level solutions part 2.
Security / CTF
Step-by-step walkthrough of Ethernaut challenge #38 — finding the vulnerability, crafting the exploit, and understanding the correct fix.
Solidity
Storage layout edge cases, delegatecall semantics, proxy patterns, and low-level EVM behaviour — hard-level solutions part 1.
Solidity
EVM internals, gas optimisation, inline assembly usage, and common audit patterns — medium-level interview solutions with worked examples.
Solidity
Solutions for RareSkills' easy-level Solidity questions — visibility, memory vs calldata, basic storage patterns, and contract semantics.
Solana
Structuring projects, testing strategy, and handling the most common Anchor pitfalls — account space errors, PDA mismatches, and CPI failures.
Solana
Deep dive into advanced PDA and CPI with hands-on Anchor examples — on-chain game storage and hashed PDA seeds.
Solana
Solana program model, account types, the Anchor framework, PDAs and CPIs with implementation examples, and error handling patterns.
Solana
Core Solana architecture — Gulf Stream, Proof of History, Sealevel, Turbine, account-based storage, and a look at the upcoming Alpenglow runtime.
DeFi / NFT
How GDA and CGDA work for token and NFT launches — price discovery, fairness properties, and why Dutch auctions have been adopted in blockchain.
NFT Standards
Solidity implementation of ERC-4907 — expiry logic, user-role separation, and end-to-end testing with Brownie.
NFT Standards
What NFT rental is, why it matters, and what ERC-4907 adds — motivation, interface design, and difference from plain ERC-721 ownership.
NFT Internals
When minting on OpenSea you get a huge token ID number. This blog dissects the bit-packing scheme — creator address encoding and what the blob actually means.
Get In Touch
Open to smart contract security roles, protocol audit engagements,
security tooling projects, and research collaborations.
Based in Chennai, India — available for remote roles worldwide.