player_init("prameya")
Prameya.
web2 pentester. web3 auditor. exploit both.
Security researcher breaking web apps and auditing smart contracts. Pentester by day, competitive auditor by night — hunting bugs across the full stack.
[ VIEW MY WORK ]01. About Me
Hey! I'm Prameya — a security researcher operating across both web2 and web3. My background is in application pentesting, covering web, iOS and Android assessments.
More recently I've gone deep into the smart contract auditing world — competing on CodeHawks, Code4rena, and Cantina. I hunt logic bugs in state machines, async L1 patterns, and cross-contract flows.
My audit approach is simple: understand the codebase deeper than anyone else — read every assumption, trace every state transition, and take nothing at face value.
A few things I work with:
- Burp Suite Pro
- Solidity
- Foundry
- Web App Pentesting
- Smart Contract Auditing
- iOS & APK Testing
02. Experience
- Lead Consultant across multiple simultaneous enterprise engagements, owning end-to-end delivery including scoping, execution, and executive-level reporting.
- Reported 1,000+ Early Notifications (ENs) of Critical/High severity findings across the client portfolio; designated specialist on low-yield engagements to surface vulnerabilities where others found none.
- Lead all Production Security assessments across client accounts, ensuring continuous security posture coverage for critical infrastructure.
- Level-1 Reviewer for all trackers and pentest reports across the team, maintaining delivery quality and consistency.
- Delivered impact-focused grey-box penetration tests specializing in web application and API security, consistently uncovering Critical and High severity vulnerabilities across enterprise client environments.
- Engineered internal automation tooling and conducted R&D to streamline the grey-box web application testing workflow, reducing manual overhead for the offensive security team.
- Expanded assessment coverage to iOS and Android mobile platforms, broadening the team's cross-platform offensive testing capability.
- Conducted grey-box penetration tests across web applications, REST APIs, Android/iOS mobile apps, and thick client applications for multiple enterprise clients.
- Developed hands-on proficiency across the full offensive assessment lifecycle — from threat modelling and attack surface enumeration through to exploitation and remediation reporting.
- Top 10 finish — SNARKling First Flight (CodeHawks, 2026) · 8/10 valid findings, 6 unique high-impact vulnerabilities.
- Independent security review of AggLayer Vault Bridge (Cantina) — 2 High, 3 Medium, 5 Low findings across 3,039 lines; focus areas: proxy security, oracle manipulation, cross-chain settlement.
- Bug bounty — Ripio (HackerOne #3739970): discovered CC-1 cross-chain double-mint in
BridgeDeposit.sol, CVSS 8.9 High. Responsible disclosures to Celer cBridge and Brevis Network via GitHub Security Advisories. - CodeHawks First Flights Rank #310 (XP: 866). PoC development with Foundry.
03. Work
Independent security assessment of Reserve Governor — a hybrid optimistic/pessimistic governance system on OpenZeppelin Governor v5. 2,742 lines across 9 contracts. Identified 1 High (governance DoS), 1 Medium, 7 Low, 3 Informational findings. Co-audited with MuscleFreak92 on Cantina.
Independent security assessment of Polygon's AggLayer Vault Bridge — a yield-bearing cross-chain bridge (USDC, USDT, WBTC, ETH). 3,039 lines reviewed across 7 contracts. Identified 2 High, 3 Medium, 5 Low, 3 Informational findings including proxy takeover via unprotected reinitialize, unlimited approval grants, and permanently broken cross-chain redemption.
Smart contract & ZK circuit audit on CodeHawks First Flight — ranked 8th. ~220 NSLOC across Solidity contract, Noir ZK circuit, and deploy script. Identified 2 High findings independently allowing complete drain of the 100 ETH prize pool via proof replay and exposed secrets.
Python CLI that detects incomplete idempotency keys in cross-chain bridge fulfillment functions — the root cause pattern behind $2B+ in bridge exploits. Built from a real HackerOne finding (CC-1) in Ripio's bridge. Expanded to 4 tiers covering 65 major protocols across 5,000+ Solidity files. Confirmed HIGH findings in Celer cBridge and Brevis Network via responsible disclosure.
$ bridge-detect scan --all-tiers ────────────────────────────────────── Protocols : 65 Files : 5,094 ────────────────────────────────────── Across Protocol 199 clean Stargate v2 113 clean Celer cBridge 128 1 finding LayerZero v2 206 clean Chainlink CCIP 1,036 clean Wormhole 60 clean Taiko Bridge 312 clean Brevis Network 94 1 finding Scroll Bridge 281 clean … +56 more protocols ────────────────────────────────────── [HIGH] Celer · PeggedBrc20Bridge.sol missing block.chainid in mintId key [HIGH] Brevis · PegBridge.sol missing block.chainid in mintId key ──────────────────────────────────────
Identified a cross-chain replay vulnerability in Ripio's BridgeDeposit.sol: the idempotency key for fulfillBridgeMint() omits destChainId, meaning a single source-chain burn can trigger independent mints on all 6 destination chains. The bridgeFulfilled mapping is chain-local — the same key is accepted fresh on every chain. CVSS 8.9 High. Submitted via HackerOne; triaged as Informational by program (dispute in progress — the bug class has caused $2B+ in losses industry-wide).
Live security findings across Web3 smart contract competitions and the off-chain infrastructure that powers decentralized protocols — mobile apps, backend APIs, and web services that Web3 wallets and DeFi frontends depend on.
$ findings --cantina --hackenproof ── Cantina · web3 contracts ─────────── [LOW] Reserve Governor · Cantina 2026 governance contest · 1 valid finding ── HackenProof · web3 infra & mobile ── [MED] SSRF · XML-RPC Pingback web3 platform backend · WAF bypass · paid [HIGH] TTNMOB-78 · Android Bridge Injection mobile app · exported activity · Cordova bridge valid · known issue · bonus awarded ────────────────────────────────────── Platforms : 2 Valid findings : 3
Black-box and grey-box web app, iOS and Android assessments for enterprise clients. Multiple engagements — reach out if you want to know more.
04. What's Next?
Get In Touch
Whether it's a security engagement, an audit collab, or just a chat about breaking things — my inbox is open.
[ SAY HELLO ]