andreitoma.eth
andrei@eth:~$ cat about.txt

// whoami

Security researcher and Solidity engineer with 4+ years of experience building and auditing smart contracts across DeFi, RWA tokenization, and L2 ecosystems. Currently auditing major protocols at Nethermind Security, one of the top blockchain security firms in Ethereum.

Dual background in development and security: 3 years architecting production systems with $100M+ TVL, then a transition into full-time auditing. Strong in EVM internals, Yul/assembly, and vulnerability research.

andrei@eth:~$ cat skills.json
Languages
SolidityYul (Assembly)EVM OpcodesVyperTypeScript
Security
Manual code reviewVulnerability researchInvariant testingFuzz testingStatic analysis (Slither, Aderyn)
Development
FoundryHardhatRemixGitOpenZeppelinERC standards
Domains
DeFi (lending, vaults, yield)Liquid staking / LSTsRWA tokenizationAccount abstractionEIP researchL2 blockchains
andrei@eth:~$ git log --oneline experience/
Smart Contract Auditor@Nethermind Security
August 2025 to Present
  • Audit DeFi protocols as part of one of the top Ethereum and Starknet security teams, which has reviewed 200k+ lines of code and uncovered 1,700+ vulnerabilities across all engagements.
  • Completed 20+ audit engagements across lending, vaults, liquid staking, RWA tokenization, and account abstraction.
  • Build and use AI tooling to enhance the auditing workflow. SolAudit (hex) pairs CLI analysis tools with Claude Code skills and a local dashboard to move faster from received code to validated findings, with better coverage.
  • Write detailed audit reports covering severity classification, impact analysis, and fix recommendations. Work directly with protocol teams through bi-weekly syncs to verify patches.
  • Reviewed and secured implementations of ERC-4337 account abstraction, EIP-8804, and custom vault architectures.
  • Served as incident responder on the DGLD gold-backed token exploit (Feb 2026, ~$250K impact), validated the root cause, and implemented the fix. Publicly credited in the post-incident report.
Solidity Developer@Nethermind
September 2022 to August 2025
  • Led smart contract development of the collateralised lending system for Kaio (formerly Libre Capital), an institutional-grade tokenization platform that launched with $100M+ TVL. Backed by Brevan Howard, built in partnership with Laser Digital and Polygon Labs.
  • Designed and built a new protocol standard for real-world asset tokenization, used by financial-sector companies to issue, manage, and trade tokenized securities.
  • Developed the L2 DeFi Pooling Protocol for StarkWare, giving users low-cost access to DeFi yields through pooled positions on Aave, Compound, Lido, and Ribbon.
  • Built a token vesting and claiming platform for institutional investors with complex unlock schedules and permissioned distributions.
kaio.xyz
Freelance Solidity Developer@Independent
June 2021 to September 2022
  • Delivered custom smart contract solutions (ERC-20, ERC-721, ERC-1155, DAOs, staking, launchpads, lotteries, DEX aggregators) for 20+ blockchain projects.
  • Created open-source staking repositories (ERC-20 and ERC-721) that took off in the community.

# 20+ audit engagements across defi, rwa, liquid staking, and account abstraction.