# Blockchain developer application ## #1 A brief overview of my cmplete web3 journey and the projects I worked on in the web3 space. I started looking into the web3 field from 2022 onwards. Before that for two years I was foccusiing mainly on cryptographic algorithms and application security. This helped me to better understand the overall architecture of blockchains and their workings as an essential part of any block chain innvolves cryptographic algorithms which are used for signing and verification of transactions. Initially I focussed more on cryptographic algorithms that enabled the blockhain transactions. Later I moved on to ethereum specifically and started to look into solidity which had its own unique approach as far as programming language went and I researched a lot on various tokens and NFT contracts. Naturally my background in security led me to read a lot on the various methods in which smart contract could be exploited and otherwise be comprmised, enlightening me on various ways to best secure smart contracts and identify commo and the not so obvious flaws a contract may contain. The extensive research and blog posts on the same helped me to secure an internship at Nethermind, a company which purely focusses on various technologies surrounding ethereum and related chains. As an intern I was accepted into their smart contract auditing team, where I took part in client meetings intially just understanding and learning the process and later helping with resolving issues and making the final report along with the sr. management. Along with this I also learnt cairo and Starknet, a layer 2 scaling solution for ethereum chain. This led me to develop a plugin for truffle framework which enabled users to instantly convert solidity contracts into cairo code and deploy them on starknet network. Later I mainly focussed on bug bounties specifically from code arena (c4) and ethernaut ctf which helped me to enhance my smart contract development and auditing skills. This helped me to understand the concepts in defi and fintech like amm's, exchange pools, flash loans, staking etc., and curently am looking into EVM assembly and gas optimisation techniqes uusing assembly, to further enhance contracts efficiency and get a more deeper understanding of EVM and contracts. Below is the list of projects along with links to respective reference material.... ### Truffle-Starknet-Box ([Link](https://github.com/Vishvesh-rao/Truffle-Starknet-Box)) This was my individual assignment as an intern at nethermind which was to develop a Truffle Box which provides the boilerplate Truffle structure necessary to start with starkwares contract. It enabled developers to write solidity contracts which would be auotmatically transpiled to cairo contracts and deploy them on strakent without the user having to do any extra work. ### SECURITY OF EC-SCHNORR SIGNATURE ALGORITHM ([Link](https://vishvesh-rao.github.io/posts/SECURITY-OF-EC-SCHNORR-SIGNATURE-ALGORITHM/)) I Conducted a security analysis of the EC-schnorr algorithm specified in the bitcoin Taproot upgrade (BIP0340 ) and analysed vulnerability in threshold sharing scheme used to secure crypto wallet keys. This was an individual project done to purely understand in depth the vulnerabilities faced by the algorithms used for transaction authentication. The following are the main issues which have been discussed in detail in the blog post: - Acquiring the account private key via Nonce Reuse in Schnorr Signature Alg - Exploiting the linear relationship between nonce's generated by an insecure PRNG. - Taking control of a multi signature process in a two-of-two Naïve Signature Aggregation scheme via a rouge attack on shared public Keys without the knowledge of other participant. ### Allowance-Automation ([Link](https://github.com/Vishvesh-rao/Allowance-Automation)) Essentially this project is to expose a couple of API's that allow the user to input any address and get the list of addresses and their allowances that the given address has approved them to spend. *The two API's are:* - **getAllowance** This api takes the address as a parameter and returns the list of addresses along with their approved amount to spend - **UpdateAllowance** This api takes the private key of the given address and updates the allowances of all the addreses present in the list returned by getAllowance() to 0. This was an individual project done mainly to understand web3js library and programatic analysis of on chain data and sending transactions using web3js. ### code4rena Audit reports ([Link](https://github.com/Vishvesh-rao/Audit-Reports)) These are the audit reports for the [c4](https://code4rena.com/) contests I participated in. They detail all the various issues found and how they affect the codebase and the steps that can be taken to mitiigate the said issues. Along with repporting vulnerabilites, wherever applicable gas optimisations have also been proposed to make the contract run as efficiently as possible minimising unesseccary usage of gas. This is a brief summary of my work in web3 space till now. More of my work can be found on my [website](https://vishvesh-rao.github.io/) ## #2 What is your current salary and what you are expecting from us My internship is over an so am currently not working as part of my internship my stipend was around 90-100 thousand rupees per month (converted from dollars). My expectaion would be around the current industry average for the role. ## #3 List all the chains that you have worked on or have knowledge of. As of now I have focussed mainly on ethereum and starknet, and have some knowledge of solana and BSC as well, but I am continuosly learning and updating my knowledge and would be able to pickup on new concepts as required. ## #4 Are you okay to join as full time in Delhi office. Yes I am willing to commit to full time work and would be able to relocate to delhi for the same immediately. ## #5 List one best reason why we should hire you among other applicants. My technical skills apart I feel that I have excellent team work experience as I had to work with a completely remote team situated in different countries as part of my last internship, enabling me to effectively communicate my ideas to the entire team and accept and analyse others point of view. Also as I had been involved in meetings with companies clients explaining them issues I discoverd during the audit process I feel that exposure will help me to better represent and express my work as part of the company in such meetings with clints and understand them. Moreover with my extensive knowledge in block chain vulnerabilities and their mitigations and a secrity oriented mindset I will be able to apply this to develop secure, efficient and optimized contracts. ## #6 What do you think about 2X Solution. The whole concept of a decentralized system is interesting to me and I feel that a lot of its potential is not truly discovered as yet with regards to the decentralized privacy preserving nature of block chains and the anonymity it offers opening it to be considered as potential base for a vast amount of daily activities that we perform now in the web2 space. 2X solutions is a company which focusses on developing this space providing the necessacary frontend ui and the backend smart contracts for ICO's, NFT's, Tokens and more and this is somethiing I am passionate about implementing and comitting to and I feel being a part of this team with 2X Solutions can help me to grow and learn while effectively contributing to the company and Web3 space at large.