Season 7 Nominations: Audit Request Team on the Developer Advisory Board

Elected Representatives 💼 Elections
1

Season 7 Nominations: Audit Request Team on the Developer Advisory Board

Please post your self-nominations for the Season 7 Audit Request Team on the Developer Advisory Board by commenting your complete self-nomination in the comments on this post, according to the template and process outlined here. There are 2 elected positions open on this Team within the DAB in Season 7, according to the governance-approved Season 7 Developer Advisory Board Operating Budget and Charter.

Nominations must be posted on this thread by 19:00 GMT on Friday, January 3rd

2 Likes
2

Hey,

My name is m4rio and I’ve been part of the Audit Grants in season 6 and I am reapplying for season 7.
Optimism Profile

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:
I’ve been in web3 security for 5 years now. Currently, I am a Security Researcher at Cantina. You can see my profile here: https://cantina.xyz/u/m4rio.

Some of the names I’ve reviewed recurrently include MakerDAO and Euler, with more listed on my cantina profile. Disclosure there are more that are not listed under my profile because they are not public. I have over 200 security reviews to date of complex protocols.

During the Season 6 Audit Grants, I refined the process to ensure the grant money had a significant impact on the projects that applied. We currently have over 10 Audit Service providers, and I have been the main point of contact for many of them. I guided these providers to successfully apply for the grants.

Please disclose any anticipated conflicts of interest: If you are a top 25 delegate in another ecosystem, hold an elected position in another DAO, and/or are a multisig signer in another community please disclose here.
I am a security multi-sig signer via Spearbit DAO in ZKSync Security Council

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual
I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:
I understand

Please verify that you are able to commit ~20 hours / month to Board operations:
I am able to commit 20 hours per month to Board operations

5 Likes
3

Hi everyone,

I’m Noah. Last season I participated as a DAB member and particularly enjoyed reviewing audit requests. As former Head of Security Reviews at Spearbit, reviewing projects for audit readiness was an important part of my role. To illustrate, I wrote a guide for projects to adhere to and prepare themselves before an audit: Security Review Readiness Guide.

Contrasting Season 7 from Season 6, I look forward to exclusively focusing on audits as a DAB member and teaming up with the other members to strengthen the acceptance criteria and intake application ensuring projects are demonstrating audit readiness prior to applying for a related grant.

Please link to your Optimist Profile or Organization ID here.

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:

Eligibility Criteria for Audit Request Team:

To be selected to the Audit Request Team, an applicant should have established themselves as a senior auditor, either with a role at a firm or through major successes in audit contests and bug bounties

I have over a decade of experience prior to getting into crypto and am now 8 additional years into my exclusive focus on this industry. Since June 2022 I’ve been a Lead Security Researcher with Spearbit, working hands on to review projects such as Llama, Kiln, Coinbase, and more noted here noah.eth (noah) | Cantina. Over this time, I spent nearly a year helping the Spearbit Core team directly engage clients to determine what form of security engagement is appropriate for their needs, what an appropriate budget looks like, and what steps are needed for the project to be ready for 3rd party review.

Now my time is largely spent again as a Lead Security Researcher conducting reviews and as a smart contract developer preparing my own codebases for review.

I would love the opportunity to team up with the other members to both evaluate requests as well as assist protocols in preparing their work for 3rd party security reviews.

Please verify that you have no conflicts of interest:

I have no conflicts of interest

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual

I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:

I understand

Please verify that you are able to commit ~20 hours / month to Board operations:

I am able to commit 20 hours per month to Board operations

8 Likes
4

Hi everyone,

I am Sujith, a security researcher at Spearbit with over a decade of experience in Web3 development and three years of security experience specializing in cross-chain / multi-chain protocol security.

This is my first application to become a Developer Advisory Board (DAB) member.

Current Roles:

  • Security Researcher at Spearbit & Judge at Cantina
  • Independent Security Consultant for LI.FI
  • Part-Time judge at Cantina (Optimism Safe, Infinity Pools, Babylon, Venus protocol)

Previous Roles:

  • Former Founding Engineer at Superform (Cross-chain DeFi protocol with $50M+ TVL)
  • Independent Journalist at Decrypt

Please link to your Optimist Profile or Organization ID here.

Atlas

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:

Eligibility Criteria for Audit Request Team:

To be selected to the Audit Request Team, an applicant should have established themselves as a senior auditor, either with a role at a firm or through major successes in audit contests and bug bounties

As a security researcher at Spearbit, I’ve audited multiple protocols, including Monad, Blast, Berachain, ZkSync, LI.FI, Decent, Drips, SuperSushi Samurai, DistrictOne, Omni-X, Centrifuge, Sweep-n-Flip (optimism grant), and Bitcorn.

During these audits, I reported over 300 bugs in 2024, 30 of which were reported in public audit contests in Cantina.

Over the past five years, I’ve been a founding engineer with two well-funded startups (Superform and SmartDeFi), building the products from scratch.

During my tenure, I’m responsible for ensuring the code readiness for 3rd party audits (with firms including OpenZeppelin, Quantstamp, Y-Audits, and Cantina). I would thrive in the opportunity to evaluate requests and assist protocols in preparing their work for 3rd party security reviews.

Other accolades include,

  • Winner of Surge CTF ($30,000 prize) - Successfully identified critical vulnerabilities in Socket’s DL
  • Solved Paradigm CTF’s cross-chain challenge in under 10 minutes
  • Identified and reported multiple security vulnerabilities in Hyperplane’s cross-chain messaging protocol

Why I Would Be Valuable to the DAB?
My extensive experience in cross-chain security, combined with my practical experience as a founding engineer of a high-TVL protocol, provides me with unique insights into ensuring / guiding protocols are audit-ready before applying for a grant.

Please verify that you have no conflicts of interest:
I verify that I don’t have any conflicts of interest

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual
I understand.

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:
I understand

Please verify that you are able to commit ~20 hours / month to Board operations:
Sure, I will commit 20 hours per month to Board operations

1 Like
5

I was part of a judging panel with Noah for a hackathon in Buenos Aires (remote) for the Crecimiento event with a few complex Optimism tracks, including interop stuff. Noah was of great help and clearly up to date with the status of interop and the future developments. It was great judging along you and thank you for all the support !

5 Likes
6

Hello everyone,

I am gjaldon and I would like to respectfully submit my application for the Audit Request Team.

Please link to your Optimist Profile or Organization ID here.

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:

I’m a security researcher with over 10 years of experience as a software developer, working with Ruby on Rails, Elixir, and Golang prior to transitioning into crypto. Currently, I’m a Senior Watson with Sherlock (ranked #15 on the leaderboard) as well as one of the Founding Researchers of Blackthorn.

Throughout my career, I’ve developed a deep expertise in security, winning multiple contests including Rust Solana, Rust Cosmos-SDK, and Solidity, as well as conducting numerous private audits. In December 2023, I had the opportunity to directly audit Optimism with Trust Security as well as judge the Optimism Fault Proofs contest on Cantina. My other accomplishments include:

  • Top 15 Senior Watson in Sherlock - led 4 contests to date
  • 4x 1st place, 1x 2nd place, 2x 3rd place, 1x top 4, 1x top 5 (across audit contest platforms)
  • Cantina Judge - Judged 3 competitions on Cantina (Optimism Fault Proofs, Eigenlayer AVS, and Omni)
  • Compound Grantee to develop an ERC4626 Wrapper for CompoundV3
  • Won the 1st Reserve hackathon

I’m passionate about securing decentralized ecosystems and am excited about the possibility of joining the Optimism Developer Advisory Board. I believe my deep experience on both the development side and the security side makes me an ideal candidate who will excel in this role. I look forward to collaborating with other experts to strengthen Optimism’s security, establish best practices, and contribute to a more secure and resilient platform for the developer community.

Please verify that you have no conflicts of interest:

I have no conflicts of interest

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual

I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:

I understand

Please verify that you are able to commit ~20 hours / month to Board operations:

I am able to commit 20 hours per month to Board operations

1 Like
7

Please link to your Optimist Profile or Organization ID here. All candidates are required to create an Optimist Profile by following the steps at atlas.optimism.io and sharing their profile link below.
Here is my optimism link Atlas

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:
My name is Vagner, and I am applying to serve on the Audit Request Team for Season 7. I have been a security expert in the web3 space for over two years. I currently work as a Security Expert at Sherlock, where I contribute across a wide range of areas across the company.

Additionally, I’ve been the primary person at Sherlock responsible for assisting teams with the Optimism Grants program, performing due diligence on projects, assessing their scope and complexity, analyzing codebase quality, and guiding teams through the application process to ensure alignment with grant criteria.

In the past, I’ve actively participated in numerous audit contests, including TapiocaDAO, Notional, and Blueberry, among others. My area of expertise is in identifying integration problems, which has been a key focus of my work. These are the areas where I have consistently found the highest number of bugs, including solo discoveries, such as an integration issue related to BalancerV2. This discovery helped multiple teams correctly utilize Balancer integrations and call the appropriate functions.
Please verify that you have no conflicts of interest:
I have no conflicts of interest
Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual
I understand
Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:
I understand
Please verify that you are able to commit ~20 hours / month to Board operations:
I am able to commit 20 hours per month to Board operations.

1 Like
8

Hello @gjaldon, you need to create Optimist profile and link it here as mentioned in template

10

Hi @ismailemin. I just edited my post. Thanks for the catch!

1 Like
11

Please link to your Optimist Profile or Organization ID here. All candidates are required to create an Optimist Profile by following the steps at atlas.optimism.io and sharing their profile link below.

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:

Hi Everyone,

I’m 0x73696d616f, a top performing security auditor working diligently in the space for over two years. This is my first application to the DAB, and I’m greatly looking forward to contributing to the safety and security of the Optimism ecosystem. Here is a little bit of information on my background and qualifications:

  • Founding Researcher at Blackthorn
  • Current Head of Security at Three Sigma
  • Top 5 Senior Watson at Sherlock with 7 Solo High and 25 Solo Medium findings
  • 11x 1st place, 1x 2nd place, and 5x third place finishes (across audit contest platforms)

I’ve actively participated in (and identified vulnerabilities in) numerous audit contests, including OP Safe Extensions, Arbitrum Bold, Perennial, Tokemak, Tapioca, Superfluid, Flayer, Exactly, PoolTogether, and many more. In total, I’ve identified 66 High and 99 Medium vulnerabilities, earning a total of $291k in rewards across audit contest platforms.

I’m very much looking forward to collaborating with the rest of the team to help secure the entire ecosystem!

Please verify that you have no conflicts of interest:

I have no conflicts of interest

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual

I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:

I understand

Please verify that you are able to commit ~20 hours / month to Board operations:

I am able to commit 20 hours per month to Board operations

1 Like
12

Hey,
my name is Sven (aka. Shogoki), and I am applying to serve on the Audit Request Team for Season 7.

Please link to your Optimist Profile or Organization ID here. All candidates are required to create an Optimist Profile by following the steps at atlas.optimism.io and sharing their profile link below.

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you´re applying for:

I am a security researcher with more than 15 years of experience in different areas of computer science, working in areas like server infrastructure, software development, machine learning, DevSecOps, and blockchain projects in enterprise-scale environments, as well as doing Web2 bug bounties on the side. After working on a few community projects in the blockchain space, I transitioned to Web3 security, mainly audit contests, 2 years ago.
Here is a little bit of information on my background and activity in the space:

  • Found and reported numerous bugs on bug bounty platforms for well-known companies like GitHub.
  • Core Backend Developer at a community-funded blockchain project (DeFiChain Wizard)
  • 12 top-10 finishes in audit contests as a solo auditor and in a team (SilentDefendersOfDeFi)
  • Core Contributor at Sherlock as an internal Security Researcher

I’ve participated in several audit contests solo, as well as in a team, scoring some top results.
I’ve also engaged numerous a lot in judging audit contests, ultimately climbing to the top 5 rank of the Sherlock Judging Leaderboard.
Since January 2024, I am a core contributor to Sherlock as an internal Security Researcher, where I am working on several tasks related to scoping, customer onboarding, and a broad array of other security-related tasks.

Please verify that you have no conflicts of interest:

No confict of interest.

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual

I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:

I understand

Please verify that you are able to commit ~20 hours / month to Board operations:

I am able to commit the required time of ~20 hours/month to the Boards operations.

1 Like
13

Hi everyone,

I’m Alejandro (@unsafe_call). This is my first season applying as a DAB member. I currently work as a senior security researcher and lead triager at Immunefi. I’m particularly interested in helping secure the OP ecosystem!

Please link to your Optimist Profile or Organization ID here.

Atlas

Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:

Eligibility Criteria for Audit Request Team:

To be selected to the Audit Request Team, an applicant should have established themselves as a senior auditor, either with a role at a firm or through major successes in audit contests and bug bounties

I have 8 years of experience in Web3 security. Before getting into Web3 I was a senior full stack developer. I entered the Web3 space as an independent auditor, and competed in Code4rena and bug bounties on Immunefi. Since January 2022 I was hired full time to be a triager and security researcher at Immunefi. During this time I’ve been a mediator between the security community and Web3 projects, effectively reaching resolutions through technical research and communication of critical vulnerabilities.

Immunefi has seen more responsible disclosures than any other entity in the industry and having researched into thousands of reports on a wide breadth of projects, I have gained a unique perspective of security in the space and honed effective communication and guidance on the strategies for increasing the overall security of projects. I have directly assisted with OP’s bug bounty program and have gained exposure to many existing projects which build on the OP ecosystem through bug bounty programs launched on Immunefi.

I shaped the academy pages for Immunefi Attackathons, which involves researching a protocol or platform and finding the most effective resources for security researchers and identifying any gaps which projects should provide documentation for, with the aim to quickly get researchers up to speed with a new technology and prepare them to start researching and finding vulnerabilities. There is also additional content I create based on these findings which highlight concepts most relevant to security researchers.

I worked closely with the Ethereum Foundation and client teams to help draft their bounty program and create brand new impacts which would guide researchers in identifying vulnerabilities which are most impactful for the Ethereum Protocol and it’s many client teams, and provide the proper clarity and expectations for researchers participating in the program.

I’ve also contributed to the security space in general by creating Bugfix review articles, technical security content, and creating open source tooling.

Please verify that you have no conflicts of interest:

I have no conflicts of interest

Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual

I understand

Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:

I understand

Please verify that you are able to commit ~20 hours / month to Board operations:

I am able to commit 20 hours per month to Board operations

2 Likes
15

Closing this topic on January 3rd at 19:00 GMT, the due date for self-nominations. Thank you to all the applicants!

Delegates: You can assess candidates from now until January 8th. Elections start on January 9th, so be ready! :sparkles: