Solidity · Rust · Move · Vyper · ZK Circuits
Finding vulnerabilities in DeFi protocols, cross-chain bridges, and DAOs. Focused on zero-knowledge proofs and cryptographic primitives.
Web3:
- 22+ vulnerabilities found across DeFi, DAOs, and cross-chain protocols
- $3K+ in audit rewards
- 8 contests with accepted High/Critical findings Specialties: AMMs, cross-chain bridges, lending protocols
Web2:
- 1 Critical, 5 High, 5 Medium severity findings across 2 application audits
Current Role: Security Researcher at TechFund Inc. (since April 2025)
- 2 Critical vulnerabilities in gaming infrastructure (Majority Games, August 2025)
- High-severity findings in:
- Cross-chain bridges (Allbridge, DODO, Solayer)
- DeFi exchanges (Badger eBTC, Oku)
- AMMs (Burve, SuiDex)
Full details in Competitive Audits below. For other work, see Other Audits through Contract and Fellowships.
Foundry · Echidna · Certora · Slither · Aderyn
- Solidity (Advanced)
- Rust (Soroban, Solana)
- Move (Sui)
- Vyper
- Circom/Noir (for ZK circuits)
MERN Stack · AWS · Python · SQL
- zk-SNARKs: Groth16 protocol, Circom circuits, trusted setups
- Cryptographic Primitives: Elliptic curves, modular arithmetic, hash functions-practiced via CryptoHack challenges
- Protocol Math: AMM invariants, bonding curves, interest rate models
Deep technical breakdowns on DeFi math and zero-knowledge proofs, published via TechFund:
- DeFi AMM Math from First Principles - Part 1: Uniswap
Constant product mechanics, impermanent loss, liquidity provision math. - DeFi AMM Math from First Principles - Part 2: Curve
StableSwap invariant, amplification coefficient, slippage optimization. - Tornado Cash Demystified: Privacy on Ethereum
zk-SNARKs, Merkle trees, deposit/withdrawal circuits. - Breaking Down the Three Pillars of Zero Knowledge Proofs
Completeness, soundness, zero-knowledge property with examples.
| Protocol | Chain/Lang | Platform | Findings | Category | Report/Link |
|---|---|---|---|---|---|
| Swafe | Rust | Code4rena | Pending | Securing the secret through ZK | NA |
| Majority Games | Solidity | HackenProof | 2 Critical | Gaming infra exploit | HackenProof Profile |
| SuiDex | Move | HackenProof | 1 High | Trading logic flaw | HackenProof Profile |
| DODO Cross-Chain DEX | Solidity | Sherlock | 1 High, 1 Medium | Cross-chain exploit | Sherlock Watson |
| Burve AMM | Solidity | Sherlock | 1 High | Liquidity manipulation | Sherlock Watson |
| Badger eBTC | Solidity | Cantina | 1 High | Exchange vulnerability | Profile |
| Oku Custom Orders | Solidity | Sherlock | 1 High, 1 Medium | Order execution bug | Sherlock Watson |
| Project One World | Solidity | CodeHawks | 1 High | DAO governance flaw | Profile |
| Second Swap | Solidity | Code4rena | 3 Medium | Trading vulnerabilities | Profile |
- Spectra Finance (Immunefi): Yield derivatives protocol-focused on oracle integrations and flash loan defenses.
- Acquaris Soroban (Cantina): AMM on Stellar/Soroban (Rust)-audited liquidity pools and cross-asset swaps.
- Centrifuge: ERC-7540 tokenized RWA vaults-reviewed tokenization logic and off-chain data feeds.
- Yield Basis: DAO gauge voting in Vyper-examined emission schedules and vote manipulation risks.
- Cap Protocol (Sherlock): Stablecoin/staking mechanism-identified reentrancy in reward claims.
- Malda (Sherlock): Lending protocol security-traced collateral oracles and liquidation paths.
- Solayer Bridge (Sherlock): Cross-chain Solana<>EVM (Rust)-secured message passing and asset bridging.
- Super DCA (Sherlock): Liquidity network automation-audited scheduled executions and gas optimizations.
- Notepia (May 2025) - Web2 Audit: Access control bypass, Firebase misconfigurations, exposed API keys
- Offu (December 2024) - Hybrid Web2/Web3 audit: 4 High findings including broken authentication, IDOR, missing rate limits, plus smart contract reentrancy
ElectiSec Fellowship (Block 7): Hands-on mentorship with live audits.
- Solidity Smart Contract Auditor Certification (SSCAC)
Hashlock (June 2025)
View Certificate
3rd Place - Majority Games (HackenProof, August 2025)
Cryptography Practice - CryptoHack Progress
Transitioned to Web3 security in 2024 after 8+ years building full-stack SaaS platforms. Background in AWS serverless architecture, API integrations, authentication systems, and leading cross-functional teams now helps trace complex protocol interactions and edge cases in DeFi protocols.
Key Projects:
DocVidya - Video education platform (Brightcove + AWS)
- Stack: HTML, CSS, Bootstrap, jQuery, Knockout.js | Python, PHP, AWS Lambda, REST APIs
- Features: Multi-system authentication, API integrations, real-time analytics (views, engagement tracking)
Push Notifications System - Event-driven marketing automation
- Stack: AWS Lambda, API Gateway, DynamoDB, SQS, SNS, Firebase, Eloqua APIs
- Delivered personalized notifications based on campaign triggers and behavioral data
Core Responsibilities:
- Led Oracle SaaS implementations and backend integrations (Eloqua, Brightcove, Docmode)
- Configured SSO integrations (Auth0, Oracle Identity Cloud, Microsoft AD)
- Built API integrations for video metadata, webinar registration, user data pipelines
- Designed SQL queries and APIs for data retrieval, reports, and sync jobs
- Implemented SMS OTP verification (Amazon SNS + Auth0)
- Optimized backend data fetching, improving website load times
- Managed and mentored 15-member cross-functional team in agile practices
Open to Work: ZK-Focused Web3 Development and Audit Roles
- Email: ashish.lachuria2@gmail.com
- X (Twitter): @0x_Ashish
- LinkedIn: Ashish Lachuria
- HackenProof Profile
Let's secure the next protocol together.