// schnilch · web3 security researcher
I break smart contracts
before attackers do.
I audit protocols across Solidity, Move and Rust, and I love diving into new ecosystems and technologies. So far I've placed top 10 in over 10 public audit contests and earned two high-severity bug bounties from Sui.
# Public Contests
Every top-10 finish I've earned in public audit competitions.
| Competition | Language | Result | Leaderboard |
|---|---|---|---|
| Monad | Rust/C++ | 6th | Code4rena ↗ |
| Somnia | C++ | 2nd | Hackenproof ↗ |
| Aquarius | Rust | 5th | Cantina ↗ |
| Cabal Liquid Staking Token | Move | 1st | Code4rena ↗ |
| BitVault | Solidity | 5th | Code4rena ↗ |
| Symmio, Staking and Vesting | Solidity | 4th | Sherlock ↗ |
| Fuel Network Attackathon | Rust/Sway | 8th | Immunefi ↗ |
| Acala | Rust | 6th | Code4rena ↗ |
| HydraDX | Rust | 4th | Code4rena ↗ |
| Steadefi | Solidity | 6th | Codehawks ↗ |
| DittoETH | Solidity | 4th | Codehawks ↗ |
# Bug Bounties
These findings were disclosed privately and aren't public. Two High-severity rewards from the Sui bug bounty on HackenProof.
# Projects & Tooling
Tools I build for my own security work.
Auditor Assistant
A set of rules and job definitions that direct AI coding agents to support smart contract audits: bug discovery, attack-surface mapping, code explanation, PoC development, finding validation and report writing. Language-agnostic across Solidity, Move, Rust and more.
github.com/TheSchnilch/auditor-assistant ↗Clone Contracts Skill
A Claude Code skill and CLI that pulls verified Solidity source from Etherscan across 20+ EVM chains. It auto-resolves proxies to their implementations and rewrites package-style imports to relative paths, so cloned code is readable right away.
github.com/TheSchnilch/CloneContractsSkill ↗# About
I'm a full-time Web3 security researcher. My main areas of experience are Solidity, Move and Rust, and I love exploring new ecosystems and technologies. I have successfully placed in the top 10 in over 10 contests, and I have also earned two bug bounties from Sui.
I'm also exploring how to best integrate AI into my workflow. Right now I run a hybrid setup, testing which tasks AI can handle well and which it can't, and I'm building my own custom skills that I can run on every audit. This hybrid workflow has already helped me catch bugs that I might have missed on my own.
You can follow me on X (@Schnilch) to see my latest achievements.
Need an audit?
I'm available for audits and collaborations. The fastest way to reach me is Telegram, so send me a message about your protocol, scope and timeline.