Hi everyone,
I’m Alejandro (@unsafe_call). This is my first season applying as a DAB member. I currently work as a senior security researcher and lead triager at Immunefi. I’m particularly interested in helping secure the OP ecosystem!
Please link to your Optimist Profile or Organization ID here.
Atlas
Please link to any contributions that demonstrate you meet the eligibility criteria outlined in the Charter for the specific Developer Advisory Board team you’re applying for:
Eligibility Criteria for Audit Request Team:
To be selected to the Audit Request Team, an applicant should have established themselves as a senior auditor, either with a role at a firm or through major successes in audit contests and bug bounties
I have 8 years of experience in Web3 security. Before getting into Web3 I was a senior full stack developer. I entered the Web3 space as an independent auditor, and competed in Code4rena and bug bounties on Immunefi. Since January 2022 I was hired full time to be a triager and security researcher at Immunefi. During this time I’ve been a mediator between the security community and Web3 projects, effectively reaching resolutions through technical research and communication of critical vulnerabilities.
Immunefi has seen more responsible disclosures than any other entity in the industry and having researched into thousands of reports on a wide breadth of projects, I have gained a unique perspective of security in the space and honed effective communication and guidance on the strategies for increasing the overall security of projects. I have directly assisted with OP’s bug bounty program and have gained exposure to many existing projects which build on the OP ecosystem through bug bounty programs launched on Immunefi.
I shaped the academy pages for Immunefi Attackathons, which involves researching a protocol or platform and finding the most effective resources for security researchers and identifying any gaps which projects should provide documentation for, with the aim to quickly get researchers up to speed with a new technology and prepare them to start researching and finding vulnerabilities. There is also additional content I create based on these findings which highlight concepts most relevant to security researchers.
- Ethereum protocol Attackathon Educational Resources | Immunefi
- Stacks Attackathon 1 | Immunefi
- Fuel Attackathon | Immunefi
I worked closely with the Ethereum Foundation and client teams to help draft their bounty program and create brand new impacts which would guide researchers in identifying vulnerabilities which are most impactful for the Ethereum Protocol and it’s many client teams, and provide the proper clarity and expectations for researchers participating in the program.
I’ve also contributed to the security space in general by creating Bugfix review articles, technical security content, and creating open source tooling.
- https://medium.com/immunefi/dfx-finance-rounding-error-bugfix-review-17ba5ffb4114
- https://medium.com/immunefi/alchemix-access-control-issue-bugfix-review-2a8fbcddf588
- https://medium.com/immunefi/alchemix-missing-solvency-check-bugfix-review-bcbc13289a12
- https://medium.com/immunefi/balancer-rounding-error-bugfix-review-cbf69482ee3d
- https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b
- $10M Wormhole Vulnerability - Dark Forest
- GitHub - immunefi-team/forge-poc-templates
Please verify that you have no conflicts of interest:
I have no conflicts of interest
Please verify that you understand you may be removed from this role via the Representative Removal proposal type in the Operating Manual
I understand
Please verify that you understand KYC will be required to receive Council rewards at the end of Season 7:
I understand
Please verify that you are able to commit ~20 hours / month to Board operations:
I am able to commit 20 hours per month to Board operations