Joran Honig

Hey!

I'm a long time security researcher in the web3 space having worked for 7 years at Consensys Diligence. I've worked a lot on security automation and the application of formal methods, building tools which incorporate symbolic execution, mutation testing, static analysis, and more. I've also been bounty hunting and have found a nice number of critical vulnerabilities in live protocols.

I've worked with a wide range of protocols and teams (audits, bug bounties, responsible disclosure) including: starkware, uniswap, hydration, GMX, Optimism, stellar, IPFS/ filecoin foundation.

In my security research I focus on protocols with a complex model (including for example derivatives, but also consensus algorithms and implementations).

🛠️ tools

An overview of the tools I've worked with:

• consensys/mythril - automatic vulnerability detection using symbolic execution
• joranhonig/tree-sitter-solidity - incremental parsing of solidity
• joranhonig/vertigo - one of the first mutation testing tools for solidity smart contracts
• consensysaudits/napam - An orchestration and development framework for static- and security analysis modules

I've worked a lot with various fuzzing techniques, symbolic execution, mutation testing and formal methods (FV).