Joran Honig
@JoranHonig
lsr
Biography
Hey!
I'll keep this one short!
๐ ๏ธ tools
I've built and maintained lots of security focused tools:
- consensys/mythril - automatic vulnerability detection using symbolic execution
- joranhonig/tree-sitter-solidity - incremental parsing of solidity
- joranhonig/vertigo - one of the first mutation testing tools for solidity smart contracts
- consensysaudits/napam - An orchestration and development framework for static- and security analysis modules
I've worked a lot with various fuzzing techniques, symbolic execution, mutation testing and formal methods (FV).
๐ bugs
I've also hunted down quite a few crits in production contracts (worked with a lot of different languages: solidity, rust, go, cairo, ... ) and have found some nice bugs in non-smart contract systems (IPFS). You can find write ups for some of these on my personal blog.
I've also written a lot of articles on web3 security, fuzzing, bounty hunting: https://joranhonig.nl/.
Private reviews
View allEngagement | Project title | Timeframe | Researchers |
---|---|---|---|
Virtuals Systems Global Limited | Virtuals Protocol Security Audit Overview | Cantina | May 2025 - May 2025 |