Sanket SalaviSmart Contract Auditor
Profile

Seeking challenging opportunities in a forward-thinking Web3 firm where I can apply my skills in smart contract auditing and blockchain security, contribute to team success, and grow alongside the organization.

Professional Experience

Smart Contract Auditor

Credshields Pvt Ltd
  • Performed 90+ smart contract audits with the CredShields team.
    • Jul 2024 – presentRemote, India
  • Worked on EVM, SVM, and TON-based projects.
  • Audited code in Solidity, Rust (Solana, CosmWasm), and Func.
  • Research on Security detectors of SolidityScan

    • Independent Security Researcher

    VDP, RDP, Bugcrowd, Hackerone
  • More than 100+ bugs submitted across all platforms.
    • Sep 2021 – presentRemote, India
  • Performed Web application vulnerability scanning and penetration testing manually and with tools such as Burpsuite, WPScan, SQLMap, NMap and Dirb etc.

    • Security Researcher

    Loginsoft Pvt Ltd
  • For the project, I was a member of the Application security (AppSec) research team at Checkmarx.
    • Aug 2022 – Jul 2024Remote, India
  • Analyzing security issues in open-source projects to cover affected software in multiple languages (Java, JS, C#, PHP, Python, iOS, Go, etc.)
  • Researching and disclosing new vulnerabilities in open-source projects (0-days and untracked vulnerabilities)
  • Solving bugs and code review.
  • Anaysis various CVE's
    • Skills
    Web Application Pentesting
    Solidity
    Linux
    CWE Top 25
    Smart Contract Audit
    Rust
    SAST/DAST
    Source Code Review
    FunC
    OWASP Top 10
    Tools
    BurpSuiteFoundryHardhatAnchorNMapSQLmapOther Recon Tools
    Awards, Recognition and Talks

    Hall of Fames

    University of Twente, Kistler Company, National Australia Bank, Thomson Reuters, Drugs.com, Stryker.com.

    Awarded By

    Ivanti, Decred, Google, ChargeOver, Wisepops, Airship, E-GOI, MailerSend.

    Many Times Presented bug bounty bytes

    SecurityBoat Meetup
    Sanket Salavi
    1 / 2

    Hosted Panel Discussion - 09/2023

    SecurityBoat Meetup
    CTFs
    Openzeppelin Ethernaut CTF
    Hackerone
    Overthewire CTF
    CryptoZombies
    PicoCTF
    COMMUNITY CONTRIBUTION

    OWASP Smart Contract Security (SCS) Project

    SecurityBoat Community Pune Chapter

    Lead

    SB Meetups is dedicated to fostering a strong and inclusive cybersecurity community.

    Oct 2022 – presentPune, India

    CVE's

    CVE-2023-3580: Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.

    Dec 2022 – present

    CVE-2023-0827: Cross-site Scripting (XSS) - Stored in GitHub

    repository pimcore/pimcore prior to 1.5.17.

    CVE-2023-1239: Cross-site Scripting (XSS) - Reflected in GitHub

    repository answerdev/answer prior to 1.0.6.

    Writeups

  • How to Writeupsopen .Bin file in Linux!
    • Feb 2021 – presentichalkaranji, India
    Languages
    Solidity
    Rust
    C programming
    Bash scripting
    Certificates
    Web3 Security and Auditing - updraft.cyfrin.io
    Open Source Software Development Methods

    coursera

    Certified Blockchain Practitioner (CBP)
    Using Git for Distributed Development

    coursera

    C and C++

    Hackerrank

    Education

    B.Tech in Electronics And Telecommunication

    DKTE Society's Textile & Engineering Institute

    GPA: 7.23 out of 10.0

    Jul 2018 – Aug 2022ichalkaranji, India
    Projects

    Accident Detection and Protection

    Detects and prevents against Car or bike accident using GSM and GPS modules

    May 2022 – Jun 2023

    Hack and Secure Together

    An online platform where students can come learn the basics of cyber security and how to get started in this field through online CTF like

    Mar 2021 – May 2021

    challenges.

    Interests
    Reading Security blogs/Articles|Outdoor Games|Trekking
    Sanket Salavi
    2 / 2