Wearer of a white-hat | Security Researcher | Fuzzing https://github.com/vnmrtz
Biography
Hey there! My name is Víctor (@vn_martinez_), and I have been in tech as both a software engineer and blockchain security researcher.
I am an experienced security researcher and solidity white-hat with a robust +2 year background in blockchain security. Started as a white-hat on Immunefi in late 2021, successfully addressing vulnerabilities in prominent protocols like AAVE and RAI (see Portfolio section), securing +33M USD live at risk. I joined some of the best auditing firms in the industry (Oak Security, Spearbit), and I have worked closely with Formal Testing methodologies with the Certora Team. I have conducted +50 audits of DeFi protocols. I also work as an Independent Security Researcher implementing invariant testing and fuzzing suites for top-tier protocols that want to elevate their security standards a notch.
Current roles:
- Security auditor at Oak Security (and Solidified)
- Associate Security Researcher at Spearbit
- White-hat and bounty hunter
- Independent Security Researcher, focusing on invariant testing and fuzzing
My complete audit portfolio and live bugs I have discovered is available at https://github.com/Elpacos/audits.
\
If you want to get in touch, feel free to reach out to me.
My expertise
Technologies
-
Solidity
-
Low level EVM code and assembly (yul)
-
Invariant testing and formal verification (Medusa, Echidna, Halmos)
Protocol Categories and Primitives -
CDP
-
Stablecoins
-
Lending & Borrowing
-
Cross-chain integrations
-
Order books
-
Account abstraction
-
Defi in general
Clients
Some of the protocols I have worked for / discovered bugs in:
- HAI
- RAI
- AAVE
- Euler
- Sablier
Talks and Seminars
Delivered talks and seminars on EVM and smart contract security:
- [Calyptus] Mastering Fuzzing
- [Opensense] Low-level Vulnerabilities
- [Secureum: TrustX 2023] Tips to Master Fuzzing
Articles and Write-ups
Collection of articles on EVM and security, along with detailed write-ups of publicly disclosed bugs on blog:
Security portfolio
Name | Description | |
---|---|---|
Audit and Bug bounties portfolio | A compilation of smart contract audits I have been involved in, along with some live bugs I have discovered. | Read more |