Multi-Ecosystem Security Engineer & Cryptography Researcher. I audit the most complex surfaces in Web3—from Solidity/Rust smart contracts and L1/L2 infrastructure, to bleeding-edge zkVMs, FHE, and ZK circuits (Cairo/Noir).
Profile
Operating under the research banner ZippelLabs, I specialize in analyzing intricate architectures that resist easy explanations and bring the most value when evaluating unconventional, frontier systems.
My deep background in advanced cryptography (ZK/FHE) allows me to find edge-case architectural flaws in core DeFi protocols, while my extensive smart contract experience grounds my theoretical infrastructure reviews with practical exploit mechanics.
- Finding deep, design-level bugs that standard checklists or automated tools miss.
- Auditing complex, high-risk protocols where there is little precedent or existing security literature.
- Protecting millions in TVL by ensuring robust security posture from foundational architecture to ongoing advisory.
Notable Security Review Outcomes
1. DeFi & Smart Contracts
- RadicalxChange - 3rd Rank
: Missing validation check allowed the highest bidder to prematurely withdraw collateral. 🏆
- Sorella Angstrom - 4th Rank
- Geneius Contracts - 6th Rank
order_hashcollisions during order fulfillment.
2. Infrastructure & ZK Systems
- [redacted] (zkVM) - 1 Critical: Identified soundness vulnerability in core proof verification logic.
- GOATNetwork - 1 High: Logic flaw in slash fraction calculations allowing negative slashing, validator inflation, and token siphoning.
- LeanMultisig / LeanEthereum (zkVM) - 1 High, 2 Medium: Uncovered transcript collisions in the Fiat-Shamir backend.
- [redacted] (FHE) - 1 High & 2 Medium: Discovered predictable on-chain randomness and associated logic flaws.
See the Audits tab for a full list of security reviews.
What I Work On
1. Smart Contracts & Execution Environments
Auditing complex AMMs, lending protocols, vaults, and liquid staking systems. Deep expertise in finding logic flaws across diverse execution environments, including Solidity (EVM), Rust (Solana), Go (Cosmos), and Bitcoin Rollups.
2. Infrastructure & Consensus
Deep design-level review of network architecture, cross-chain messaging, and sequencer security. Securing L1/L2 systems, Custom VMs, and Bridges, focusing on both underlying implementation and cryptographic integrity.
3. ZK Systems & Applied Cryptography
Uncovering soundness bugs, transcript collisions, and polynomial commitment flaws. Extensive experience securing custom circuits (Circom, Cairo, and Noir), advanced zkVM backends, and Fully Homomorphic Encryption (FHE) protocols.
Open Source & Research
To support the security ecosystem, I build extensive tooling for the layers I audit:
- ZP1: Core contributor to the ZippelLabs zkVM, focusing on proof generation performance and verifier security.
- Circom / Cairo Security: Comprehensive databases of vulnerability patterns for ZK circuits and STARK systems.
- zkVM-Security & FHE-Security: Specialized vulnerability patterns and security-review checklists for frontier runtimes and encryption schemes.
- SuperAudit: AI Security Agent designed for automated vulnerability discovery.
Explore the Research tab for more tools and deep-dives.
Contact
Interested in securing your AMM, L2 Rollup, or ZK circuit? Reach out directly to book an audit or strategy call:
- Email: thisvishalsingh@gmail.com
- Telegram: @thisvishalsingh
- X: @thisvishalsingh
- Book a call: Schedule here