Kalyan

🚀 Built for @lablabai Agentic Commerce hackathon: Policy-Governed Agent Payments (PGAP) AI agents paying for APIs/data/services? Risky without safeguards. PGAP fixes it: 🤖 AI proposes intents 🔐 Smart contracts enforce policy on-chain 💰 USDC settles deterministically on Arc AI never holds funds. Backend untrusted. Contracts rule. Demo: ✅ Valid pays | ❌ Over-limits/cooldowns/unauth/nonce replays Competing for Best Trustless AI Agent. Video: loom.com/share/1464c2d0… @BuildOnCircle #AgenticCommerce #Web3Security

It is happening! Week 4 is finally live. Join the Super League of Solana hackers, find vulnerabilities in the FrankSol protocol built with Anchor V2, and earn real money. 1st place: $500 2nd place: $300 3rd place: $200 Like and repost as a sign of participation — let's go!

Never posted about my first win. Time to fix that. Fluid DexV2 - Jan 2026 • First ever validated finding • $2,516 USDC • Ranked #9 QA → Full Stack → Web3 Security Zero earnings. Countless rejections. "Invalid" after "Invalid." Then one finding changed everything. Since then: Limit Break AMM (2nd valid Medium) To everyone still at zero: I was you for 2 years. Keep building. The grind is real, but so is the breakthrough. 🩸 #Web3Security #SmartContractAudit #DeFi

@SeenerhDev @GuardianAudits @limitbreak Accepting and learning is part of growth. Be consistent and you will have valid findings soon, just as I got.

@kalyan__tr @GuardianAudits @limitbreak Documenting my progress 🥲

Progress check ✅ Just got my second Valid Medium finding in the @GuardianAudits x @limitbreak AMM contest. Feels good to see the submissions turning into confirmed issues. The journey is just getting started. More bugs incoming 👀

@ScrewCopper @GuardianAudits @limitbreak Thanks! Can't share details yet — contest disclosure rules. Will write it up once it's cleared.

@kalyan__tr @GuardianAudits @limitbreak Congrats , what part of the code was this bug? Fixed lib or dynamic?

@0xSheetal @blok_cap @Anthropic AI operating within on-chain risk parameters enforced by the contract. The governance isn't in the prompt — it's in the code. That's what makes it trustless. That's what makes it a DAO primitive.

DAO Interface members of @blok_cap are building different: > they use @Anthropic models that talk directly to onchain BLOK Capital laws > AI that understands our governance, not just our UI. > fat protocol. smart thin interface. FULLY decentralised this isn't a dashboard. it's the operating system for a new kind of decentralised organisation, a DAO this is what web3 actually is 🚀

This is a genuinely interesting angle — Diamond proxy (ERC-2535) makes this cleaner than any other wallet architecture. Swappable validator facets mean you can migrate from ECDSA to a post-quantum scheme without moving funds or redeploying the wallet. Hadn't thought about it from this angle before. Building a modular Diamond smart account as part of the cohort — adding this to the roadmap now.

🚨 BREAKING: Google research reveals quantum computers may be able to crack Bitcoin's private keys in just 9 minutes. This is why Account Abstraction wallets are more secure and quantum resistant already. Bottom line: > smart wallets + abstraction = easier UX, plus built-in quantum armor. it's rolling out with @blok_cap

Built the core architecture of ModularGarden Today. - Diamond.sol routes every call to the right facet via fallback() + delegatecall in assembly. - Each facet has it's own ERC-7201 namespaced storage, mathematically collision free. - The manager cage is built - risk params enforced before every execution at the code level. Github: github.com/tr-Kalyan/modu…

@blok_cap Next: ERC-7201 storage namespaces per facet ERC-4337 validator facet RiskParamsFacet — the manager cage AaveFacet + SwapFacet GardenFactory with CREATE2 Repo dropping at first milestone 🌱

@blok_cap Biggest thing I learned while building this: - delegatecall doesn't accept calldata directly - The EVM only reads from memory - So fallback() does calldatacopy(0, 0, calldatasize()) first — copies calldata to memory and then delegatecall reads from memory position 0.

Building a Modular On-Chain Portfolio Manager as part of @blok_cap cohort. Understanding every decision before writing every line - the why behind each pattern, the tradeoffs, the security implications. Thread of what I have built so far 🧵

Been learning Rust as part of @rektoff_xyz Security Boot Camp. Documented my deep dive into ownership, borrowing, and what it means for security research. First of many. x.com/kalyan__tr/sta… #Rust #Web3Security #LearnInPublic

Still learning. Still building. Not stopping. Fellow hunters and aspiring auditors: What's your biggest "loss that turned into a win" story? Drop it below — let's normalize the grind. 🚀 #Web3Security #BugBounty #SmartContracts #WhiteHat

I'm a former QA engineer (5+ years in TradFi) transitioning into Web3 security. No prior audits before this year — just consistency, methodology, and not quitting after rejections. If I can land valid bugs, so can you. The losses are part of the path, not the end.

The last 48 hours were a rollercoaster in my Web3 security journey. Banned on one bug bounty platform → same finding validated on another. Sharing both the Ls and Ws. No highlight reel. If you're grinding as a beginner, this one's for you. 🧵📷 #Web3Security #BugBounty