Skip to content
View TUPM96's full-sized avatar

Block or report TUPM96

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
TUPM96/readme.md

Hi, I'm TUPM96

Freelance full-stack engineer | OSS bounty hunter | Web3 security researcher

Public repositories Open PRs Email

I build production software, audit code for real-world impact, and turn bounty issues into PRs with tests, validation, docs, and a clear rollback path. My edge is getting productive inside unfamiliar codebases quickly, isolating risk, and shipping focused fixes that hit the root cause.

Current focus

  • Security hardening for backends, webhooks, auth flows, queue runtimes, CI/CD, and deployment configuration.
  • Web3 review with Solidity/Vyper, Slither, Foundry, access control, oracle, accounting, and invariant testing.
  • Product engineering for real apps: Node.js, TypeScript, Python, Java/Spring, PostgreSQL, WPF/.NET, and mobile workflows.
  • Bounty workflow: reproduce, write failing test, patch, verify, submit PR, iterate with maintainers.

Highlighted bounty & OSS PRs

Project Work Status
orchestration-agent/AgentOrchestration Reclaim abandoned scheduler reservations PR #4222
orchestration-agent/AgentOrchestration Hide disabled agents from capability discovery PR #4219
OriginProtocol/arm-oeth Harden Lido withdrawal claims PR #242
ramimbo/mergework Reject boolean bounty identifiers PR #245
ramimbo/mergework Harden OAuth next path validation PR #243
ramimbo/mergework Reject non-global public base URL IPs PR #242
ramimbo/mergework Webhook URL/body/issue-number hardening series #231, #235, #236
ramimbo/mergework Sender, payload, Postgres URL, wallet lookup and auth session fixes Merged #221, #223, #225, #226, #227
crytic/slither Add exclude-test filter flag, docs fixes and trophy updates #3031, #3032, #3033
BitgesellOfficial RPC debug namespace and EVM address validation js-bitgesellcore-rpc #2, gobglbridge #7
tscircuit/jlcsearch Extended promotional component filter PR #342
pvium/github-app Centralized bounty issue discovery PR #44

Web3 security lab

I review DeFi repos with static analysis, manual review, and exploit-path-oriented tests:

Area Repos
Smart-contract audits arm-oeth, moonwell-contracts-v2, mamo-contracts, sata-contracts-v1
Protocol / oracle / trading veriswap.io, sorosave-contracts, st0x.oracle
Tooling slither, bounty-radar, awesome-bounties

Toolkit

Python TypeScript Node.js Solidity PostgreSQL Docker GitHub Actions Foundry Slither

GitHub activity

Public repositories Bounty and security PRs GitHub followers

Connect

GitHub LinkedIn Facebook Email

@TUPM96's activity is private