I'm Rappie, CTO & Lead Fuzzing Specialist at Perimeter, Associate Security Researcher at Spearbit, and active in bug bounty on Immunefi. I specialize in fuzzing EVM-based smart contracts to help protocols secure their code.
Beyond security research and protocol assessments, I contribute to the fuzzing community through open-source projects like EVM Fuzzing Resources and the List of Public Fuzzing Campaigns.
Rappie found some extremely subtle behaviors in our code that many others missed. He not only uses the cutting edge of multiple fuzzing engines, but also helps shape how these fuzzers are built. We've been delighted to use his mastery to make our contracts more secure.
Rappie went above and beyond to deeply understand our protocol and cover all the edge cases. His experience and knowledge about the art of fuzzing is unparalleled. Overall he is an incredible security expert, we certainly will be returning to him with our future smart contracts.
| Protocol | Engagement Type | Completed | Report | Code |
|---|---|---|---|---|
| Origin Protocol | Perimeter Fuzzing Engagement | 2025-03 | Report | Code |
| Berachain | Perimeter Fuzzing Engagement | 2025-01 | ||
| Berachain | Perimeter Fuzzing Engagement | 2024-12 |
||
| Berachain | Perimeter Fuzzing Engagement | 2024-12 |
||
| Berachain | Perimeter Fuzzing Engagement | 2024-11 | ||
| Berachain | Perimeter Fuzzing Engagement | 2024-10 | ||
| Berachain | Perimeter Fuzzing Engagement | 2024-09 | ||
| Berachain | Fuzzing Specialist during Spearbit Security Review | 2024-08 | ||
| Seven Seas | Fuzzing Specialist during Spearbit Security Review | 2024-05 | Report | |
| Origin Protocol | Perimeter Fuzzing Engagement | 2024-05 | Report | Code |
| Private | Perimeter Fuzzing Engagement | 2024-04 | ||
| Coinbase | Fuzzing Specialist during Spearbit Security Review | 2024-03 | Report | |
| Coinbase | Fuzzing Specialist during Spearbit Security Review | 2024-03 | Report | |
| Drips Network | Perimeter Fuzzing Engagement | 2024-01 | Code |
|
| Drips Network | Fuzzing Specialist during Spearbit Security Review | 2023-11 | Report | |
| Private | Perimeter Fuzzing Engagement | 2023-11 | ||
| Origin Protocol | Fuzzing Engagement | 2023-09 | Code | |
| Origin Protocol | Fuzzing & Audit | 2023-03 | Report |
| Project | Link |
|---|---|
| EVM Fuzzing Resources | Link |
| List of Public Fuzzing Campaigns | Link |
| Creator of Fuzzlib, a General Purpose Unopinionated Solidity Fuzzing Library | Link |
| Reproduction of the Rari Finance hack using on-chain fuzzing with Echidna | Link |
| Reproduction of the Curve Reentrancy hacks using on-chain fuzzing with Echidna | Link |
| Author of Echidna Exercise: Solve Damn Vulnerable DeFi - Side Entrance | Exercise, PR |
| Description | Severity |
Report | Platform | Protocol |
|---|---|---|---|---|
Incorrect argument passed to Utils.characterToUnicodeBytes in Namespace.fuse |
High | Report | Code4rena | Canto Identity |
Calling OUSD.burn() on an address with zero balance causes the totalSupply to go down |
Low | Report | Immunefi | Origin Protocol |
Vault.redeem() fails with only non-rebasing credits in the protocol |
Low | Report | Immunefi | Origin Protocol |
| Total supply can become larger than max supply | Low | Report | Immunefi | Origin Protocol |
LiquidityTree.push() does not always update state correctly |
Low | Report | Immunefi | Azuro |
OUSD.burn() allows for destroying supply while balance remains |
Low | Report | Immunefi | Origin Protocol |
I'm open to fuzzing engagements, security research, consulting, and general fuzzing-related questions. Feel free to reach out!
- X: @rappie_eth
- Discord:
rappie - Telegram:
@rappenstein - Cantina: Rappie