Skip to content
View thpani's full-sized avatar
🦚
🦚
37 followers · 69 following

Achievements

Achievement: Pair Extraordinairex4Achievement: YOLOAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair Extraordinairex4Achievement: YOLOAchievement: Pull Sharkx3Achievement: QuickdrawAchievement: Arctic Code Vault Contributor

Organizations

@code-423n4 @sherlock-audit @apalache-mc @blltprf

Block or report thpani

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
thpani/README.md

Hey, I’m Thomas 👋
I help protocol teams find deep correctness bugs and ship systems that behave as intended — even under adversarial or surprising conditions.

📫 Contact: blltprf.xyz · webintake@blltprf.xyz · @audithare

🧰 What I Focus On

  • 🔍 High-context code review & security analysis – where subtle invariants actually matter
  • 🧪 Fuzzing & deterministic simulation – exploring behaviours your test suite never reaches
  • 📐 Formal modeling & verification – checking protocol properties with TLA+, Quint, Alloy, SMT
  • 🧭 Protocol correctness guidance – design reviews, modeling patterns, failure-mode analysis

🚂 Recent work

  • 🔥 Aztec Governance Protocol: Formal Verification – formal specification + symbolic verification of 125 invariants across a multi-contract governance system · write-up
  • Ethereum Foundation: 3-slot finality (3SF) – formal modeling & verification of accountability · repo
  • Protocol fuzzing workshop @ Protocol Berg v2 · recording + repo
  • Soroban smart contract audit – private audit with authentication / authorization focus · TBA
  • Solarkraft – runtime verification for Soroban/Stellar smart contracts · repo
  • Core team: Apalache – symbolic model checker for TLA+ & Quint · repo
  • Quint – modern language & tooling for TLA+ specs · repo

Pinned Loading

  1. fuzz-pb25 fuzz-pb25 Public

    Fuzzing Workshop at Protocol Berg Berlin, June 2025

    Python 3

  2. freespek/ssf-mc freespek/ssf-mc Public

    EF project Exploring Automatic Model-Checking of the Ethereum specification

    TeX 8

  3. freespek/solarkraft freespek/solarkraft Public

    Solarkraft: a runtime monitoring tool for Soroban, powered by TLA+ and Apalache

    TypeScript 12 1

  4. apalache-mc/apalache apalache-mc/apalache Public

    APALACHE: symbolic model checker for TLA+ and Quint

    Scala 527 47

  5. informalsystems/quint informalsystems/quint Public

    An executable specification language with delightful tooling based on the temporal logic of actions (TLA)

    TypeScript 1.2k 113