LOADING_PLAYER_DATA...

player_init("prameya")

Prameya.

web2 pentester. web3 auditor. exploit both.

Security researcher breaking web apps and auditing smart contracts. Pentester by day, competitive auditor by night — hunting bugs across the full stack.

[ VIEW MY WORK ]

01. About Me

Hey! I'm Prameya — a security researcher operating across both web2 and web3. My background is in application pentesting, covering web, iOS and Android assessments.

More recently I've gone deep into the smart contract auditing world — competing on CodeHawks, Code4rena, and Cantina. I hunt logic bugs in state machines, async L1 patterns, and cross-contract flows.

My audit approach is simple: understand the codebase deeper than anyone else — read every assumption, trace every state transition, and take nothing at face value.

A few things I work with:

  • Burp Suite Pro
  • Solidity
  • Foundry
  • Web App Pentesting
  • Smart Contract Auditing
  • iOS & APK Testing
Certs
CDP eWPTX eCPPT v2
HOF
Microsoft IBM Floriday
Ranks
HTB: Pro Hacker THM: 0x9 OMNI CodeHawks: #310 HackenProof: #5091
Prameya Singh Soni

02. Experience

Senior Consultant — Offensive Security @ NetSentries
Sep 2024 — Present
  • Lead Consultant across multiple simultaneous enterprise engagements, owning end-to-end delivery including scoping, execution, and executive-level reporting.
  • Reported 1,000+ Early Notifications (ENs) of Critical/High severity findings across the client portfolio; designated specialist on low-yield engagements to surface vulnerabilities where others found none.
  • Lead all Production Security assessments across client accounts, ensuring continuous security posture coverage for critical infrastructure.
  • Level-1 Reviewer for all trackers and pentest reports across the team, maintaining delivery quality and consistency.
Consultant — Offensive Security @ NetSentries
Sep 2023 — Sep 2024
  • Delivered impact-focused grey-box penetration tests specializing in web application and API security, consistently uncovering Critical and High severity vulnerabilities across enterprise client environments.
  • Engineered internal automation tooling and conducted R&D to streamline the grey-box web application testing workflow, reducing manual overhead for the offensive security team.
  • Expanded assessment coverage to iOS and Android mobile platforms, broadening the team's cross-platform offensive testing capability.
Associate Consultant — Offensive Security @ NetSentries
Apr 2023 — Sep 2023
  • Conducted grey-box penetration tests across web applications, REST APIs, Android/iOS mobile apps, and thick client applications for multiple enterprise clients.
  • Developed hands-on proficiency across the full offensive assessment lifecycle — from threat modelling and attack surface enumeration through to exploitation and remediation reporting.
Competitive Smart Contract Auditor @ CodeHawks / Cantina / Code4rena
2026 — Present
  • Top 10 finish — SNARKling First Flight (CodeHawks, 2026) · 8/10 valid findings, 6 unique high-impact vulnerabilities.
  • Independent security review of AggLayer Vault Bridge (Cantina) — 2 High, 3 Medium, 5 Low findings across 3,039 lines; focus areas: proxy security, oracle manipulation, cross-chain settlement.
  • Bug bounty — Ripio (HackerOne #3739970): discovered CC-1 cross-chain double-mint in BridgeDeposit.sol, CVSS 8.9 High. Responsible disclosures to Celer cBridge and Brevis Network via GitHub Security Advisories.
  • CodeHawks First Flights Rank #310 (XP: 866). PoC development with Foundry.

03. Work

🏛️
Reserve Governor — Security Review

Independent security assessment of Reserve Governor — a hybrid optimistic/pessimistic governance system on OpenZeppelin Governor v5. 2,742 lines across 9 contracts. Identified 1 High (governance DoS), 1 Medium, 7 Low, 3 Informational findings. Co-audited with MuscleFreak92 on Cantina.

Solidity Cantina 1H · 1M · 7L Governance May 2026
🔗
AggLayer Vault Bridge — Security Review

Independent security assessment of Polygon's AggLayer Vault Bridge — a yield-bearing cross-chain bridge (USDC, USDT, WBTC, ETH). 3,039 lines reviewed across 7 contracts. Identified 2 High, 3 Medium, 5 Low, 3 Informational findings including proxy takeover via unprotected reinitialize, unlimited approval grants, and permanently broken cross-chain redemption.

Solidity Cantina 2H · 3M · 5L Cross-chain May 2026
🔍
SNARKeling Treasure Hunt — Security Review

Smart contract & ZK circuit audit on CodeHawks First Flight — ranked 8th. ~220 NSLOC across Solidity contract, Noir ZK circuit, and deploy script. Identified 2 High findings independently allowing complete drain of the 100 ETH prize pool via proof replay and exposed secrets.

Solidity Noir / ZK 2H · 1M · 5L CodeHawks May 2026
🌉
Bridge Bug Detector — Static Analysis Tool

Python CLI that detects incomplete idempotency keys in cross-chain bridge fulfillment functions — the root cause pattern behind $2B+ in bridge exploits. Built from a real HackerOne finding (CC-1) in Ripio's bridge. Expanded to 4 tiers covering 65 major protocols across 5,000+ Solidity files. Confirmed HIGH findings in Celer cBridge and Brevis Network via responsible disclosure.

$ bridge-detect scan --all-tiers
──────────────────────────────────────
  Protocols : 65   Files : 5,094
──────────────────────────────────────
  Across Protocol         199   clean
  Stargate v2             113   clean
  Celer cBridge           128   1 finding
  LayerZero v2            206   clean
  Chainlink CCIP        1,036   clean
  Wormhole                 60   clean
  Taiko Bridge            312   clean
  Brevis Network           94   1 finding
  Scroll Bridge           281   clean
  … +56 more protocols
──────────────────────────────────────
  [HIGH] Celer · PeggedBrc20Bridge.sol
    missing block.chainid in mintId key
  [HIGH] Brevis · PegBridge.sol
    missing block.chainid in mintId key
──────────────────────────────────────
Python Static Analysis Cross-chain 65 protocols 2 disclosures May 2026
Ripio — Cross-Chain Double-Mint (CC-1)

Identified a cross-chain replay vulnerability in Ripio's BridgeDeposit.sol: the idempotency key for fulfillBridgeMint() omits destChainId, meaning a single source-chain burn can trigger independent mints on all 6 destination chains. The bridgeFulfilled mapping is chain-local — the same key is accepted fresh on every chain. CVSS 8.9 High. Submitted via HackerOne; triaged as Informational by program (dispute in progress — the bug class has caused $2B+ in losses industry-wide).

Bug Bounty HackerOne Cross-chain Solidity CVSS 8.9 May 2026
🎯
Bug Bounty & Competitive Audit Findings

Live security findings across Web3 smart contract competitions and the off-chain infrastructure that powers decentralized protocols — mobile apps, backend APIs, and web services that Web3 wallets and DeFi frontends depend on.

$ findings --cantina --hackenproof
── Cantina · web3 contracts ───────────
  [LOW]  Reserve Governor · Cantina 2026
    governance contest · 1 valid finding

── HackenProof · web3 infra & mobile ──
  [MED]  SSRF · XML-RPC Pingback
    web3 platform backend · WAF bypass · paid

  [HIGH] TTNMOB-78 · Android Bridge Injection
    mobile app · exported activity · Cordova bridge
    valid · known issue · bonus awarded
──────────────────────────────────────
  Platforms : 2   Valid findings : 3
Bug Bounty Competitive Audit Cantina HackenProof Android SSRF 2026
🌐
Web2 Pentest Work

Black-box and grey-box web app, iOS and Android assessments for enterprise clients. Multiple engagements — reach out if you want to know more.

Web AppSec iOS Android Burp Pro

04. What's Next?

Get In Touch

Whether it's a security engagement, an audit collab, or just a chat about breaking things — my inbox is open.

[ SAY HELLO ]