Hey, Iβm Thomas π
I help protocol teams find deep bugs and ship with confidence.
π« How to reach me: blltprf.xyz Β· webintake@blltprf.xyz Β· @audithare
Availability: limited β open to audits & verification engagements β Book a 30 min call or Start an audit
- π Code Review & Security Audits β humans see nuance; tools miss context.
- π§ͺ Fuzzing & Simulation β targeted harnesses for high path coverage and reproducible failures.
- π Formal Modeling & Verification β prove protocol properties with machine-checked guarantees.
- π§ Security Strategy & Training β design for safety; ship with confidence.
- π₯ [redacted] β formal verification of Solidity components with Quint & Apalache
- π‘οΈ Independent audits/code reviews (Cantina, Code4rena, Sherlock)
- π Core team: Apalache β symbolic model checker for TLA+ & Quint
- π© 3-slot finality (3SF) β formal modeling & accountability proofs (Ethereum) Β· repo
- π§ͺ Protocol fuzzing workshop @ Protocol Berg v2 Β· repo
Soroban smart contract audit β focus on authentication & authorization Β· TBA
- π Solarkraft β runtime verification for Soroban/Stellar smart contracts Β· repo
- π Improving Apalache to find bugs in smart contracts, dApps, and protocols Β· repo
- π Quint β modern language/tooling for TLA+ specs Β· repo
π οΈ Languages: Solidity Β· Rust Β· Go Β· Lean Β· Python Β· TypeScript
π Verification: Alloy Β· Lean4 Β· Certora Prover Β· Quint/TLA+ Β· SMT (CVC5, Z3)
π§ͺ Fuzzing: AFL Β· cargo-fuzz Β· libFuzzer Β· Echidna/Medusa Β· Wake