+
Skip to content
View thpani's full-sized avatar
🦚
🦚
32 followers · 5 following

Achievements

Achievement: Pair Extraordinairex4Achievement: YOLOAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair Extraordinairex4Achievement: YOLOAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Organizations

@code-423n4 @sherlock-audit @apalache-mc @blltprf

Block or report thpani

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
thpani/README.md

Hey, I’m Thomas 👋

I help protocol teams find deep bugs and ship with confidence.

📫 How to reach me: blltprf.xyz · webintake@blltprf.xyz · @audithare
Availability: limited — open to audits & verification engagements → Book a 30 min call or Start an audit

What I do

  • 🔍 Code Review & Security Audits — humans see nuance; tools miss context.
  • 🧪 Fuzzing & Simulation — targeted harnesses for high path coverage and reproducible failures.
  • 📐 Formal Modeling & Verification — prove protocol properties with machine-checked guarantees.
  • 🧭 Security Strategy & Training — design for safety; ship with confidence.

🚂 Currently working on

  • 🔥 [redacted] — formal verification of Solidity components with Quint & Apalache
  • 🛡️ Independent audits/code reviews (Cantina, Code4rena, Sherlock)
  • 💙 Core team: Apalache — symbolic model checker for TLA+ & Quint

⏪ Recent work

  • 🍩 3-slot finality (3SF) — formal modeling & accountability proofs (Ethereum) · repo
  • 🧪 Protocol fuzzing workshop @ Protocol Berg v2 · repo
  • :shipit: Soroban smart contract audit — focus on authentication & authorization · TBA
  • 🌟 Solarkraft — runtime verification for Soroban/Stellar smart contracts · repo
  • 🎠 Improving Apalache to find bugs in smart contracts, dApps, and protocols · repo
  • 🍭 Quint — modern language/tooling for TLA+ specs · repo

🛠️ Languages: Solidity · Rust · Go · Lean · Python · TypeScript
📐 Verification: Alloy · Lean4 · Certora Prover · Quint/TLA+ · SMT (CVC5, Z3)
🧪 Fuzzing: AFL · cargo-fuzz · libFuzzer · Echidna/Medusa · Wake

Pinned Loading

  1. fuzz-pb25 fuzz-pb25 Public

    Fuzzing Workshop at Protocol Berg Berlin, June 2025

    Python 2

  2. freespek/ssf-mc freespek/ssf-mc Public

    EF project Exploring Automatic Model-Checking of the Ethereum specification

    TeX 8

  3. freespek/solarkraft freespek/solarkraft Public

    Solarkraft: a runtime monitoring tool for Soroban, powered by TLA+ and Apalache

    TypeScript 12 1

  4. apalache-mc/apalache apalache-mc/apalache Public

    APALACHE: symbolic model checker for TLA+ and Quint

    Scala 498 44

  5. informalsystems/quint informalsystems/quint Public

    An executable specification language with delightful tooling based on the temporal logic of actions (TLA)

    TypeScript 1.1k 95

  6. kripkebuilder kripkebuilder Public

    Interactive frontend for manipulating kripke structures and evaluating temporal logic formulae.

    JavaScript 7 2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载