nabilech.com

Menu

About

I’m Nabil, a Web3 security researcher based in Lyon, France.

I audit smart contracts and hunt for vulnerabilities in DeFi protocols through
public audit contests on Code4rena and Cantina. My focus areas include lending
protocols, vaults, DEXs, and DeFi primitives built on the EVM. I have validated
findings from contests and I’m actively building my track record with every new
codebase I review.

On this blog, I write about vulnerabilities I’ve studied, security patterns I’ve
encountered in real codebases, and deeper concepts like zero-knowledge proofs and
the P/NP problem in the context of ZKP. Writing is how I learn — and how I make
sure I actually understand what I think I understand.

Where I come from

Before going deep into Web3 security, I trained as an Electronics and
Telecommunications engineer at ENSIL-ENSCI and currently work as a V&V
(Verification & Validation) Network Engineer. My daily work involves
validating embedded network systems — testing security protocols like TLS,
RADIUS, LDAP, and X.509 certificates, designing automated test plans, and
systematically hunting for edge cases in complex systems.

This background shapes how I approach smart contract auditing. When I look at a
protocol, I think about specifications vs. implementation, trust boundaries,
failure modes, and what happens at the edges. The same discipline that finds bugs
in railway network systems finds bugs in DeFi.

What I’ve done so far

  • Completed all Ethernaut challenges
  • Participated in 9+ audit contests on Code4rena and Cantina
  • Protocols reviewed include OKX Labs, Revert Finance, Makina Foundation,
    Mento V3, Octant v2, Pike Finance, Votre, and Genius Foundation —
    spanning DEXs, lending, vaults, and broader DeFi
  • Validated findings from public contests
  • Studying Bitcoin at the technical level through LearnMeABitcoin
  • CCNA certified

What I’m building towards

My goal is to become a senior security researcher in the blockchain space. I’m
working towards transitioning to full-time Web3 security — through contest
performance, continuous learning, and building a body of public work on this blog.

Get in touch

If you’re hiring for a junior security researcher or auditor role, or if you
just want to talk security, reach out:

  • Email: nabilech01@gmail.com
  • GitHub
  • X: nabil_ech