I design, build, and harden smart contracts for protocol teams, DAOs, and founders launching DeFi on Ethereum — fixed scope, fixed price, audit-ready.
DeFi doesn't grade on a curve. A contract either holds with real money at stake, or it doesn't — and the gap between "compiles" and "survives" is where protocols get drained.
Reentrancy, a stale oracle, a rounding edge — any one can empty a vault in a single block. A review costs a fraction of the exploit it prevents.
The Curve ecosystem runs on Vyper, but few engineers specialize in it. Generalists default to Solidity and miss what the language — and the ecosystem — actually require.
Catching an invariant break before mainnet is a code change. Catching it after is a war room, a disclosure, and lost trust. Prevent the exploit, don't survive it.
Productized engagements — fixed scope, fixed price, settled in USDC. You work directly with the engineer who writes the code: no account managers, no offshore handoff.
From spec to deployed, fuzz-tested contracts — Vyper 0.4 or Solidity, architected to pass audit the first time.
Audit-ready Stateful fuzzing on every build.
An adversarial, invariant-first review before your code meets mainnet — or an attacker.
MEV / oracle / reentrancy focus · active on Cantina & HackenProof.
Designing how the pieces fit — stablecoins, vaults, DEXs, governance, and the routers between them — so the system is secure by composition, not by hope.
Proven on the TARE flywheel — four contracts, zero keys to the money.
Plug into the money-legos correctly — Aave, Uniswap, Curve, Chainlink — and harden against the failure modes that drain protocols.
SnekSentry, Coil, Chainlink VRF — live on testnet.
Three deep case studies from a live Sepolia DeFi stack — each led by the problem it had to survive, not the line count. Full architecture and threat models inside.
An overcollateralized, ETH-backed USD stablecoin with redundant oracles, permissionless liquidation, bad-debt machinery, and a surplus→savings split — engineered so a crashing collateral market can't take the peg with it.
200% min collateral · permissionless liquidation · Dutch-auction + bad-debt settlement · 186 tests green · no admin keys on the engine
Read the case studyA multi-strategy ERC-4626 vault with the senior/junior risk tranching plain 4626 doesn't give you — routing capital across Aave V3, Compound V3, and Morpho Blue behind high-water-mark fees.
senior/junior tranching · Aave V3 + Compound V3 + Morpho adapters · HWM fees · EIP-2612 · stateful-fuzzed + fork-tested
Read the case studyA CoW-style intent DEX: off-chain signed orders settled in batches at one uniform clearing price, so there's no ordering edge to sandwich. EIP-1271 wallets, permits, partial fills, fork-replay protection.
batch-auction uniform clearing · MEV-resistant by design · EIP-712 / 1271 / 2612 / 7702 · 104 tests across 8 modules
Read the case studyCurve-style vote-escrow, gauges & bribes rebuilt in Vyper 0.4 — the governance layer that steers emissions without ever touching funds.
Inventory-funded executor + off-chain bot that gets Aave's void liquidationCall right, with balance-delta guards that kill sandwich and slippage attacks. No flash loans.
Wraps impaired LlamaLend positions into transferable DebtClaim tokens — a liquid exit for lenders, a par-redemption path for speculators, on a monotonic par-coverage invariant.
On-chain elimination raffle with Chainlink VRF 2.5, quadratic ticket pricing, pull-payment payouts, and reentrancy guards.
Replaces one storage slot per subscriber with a single Merkle root — membership for any number of subscribers in 32 bytes, proven on demand.
Five OpenZeppelin contracts ported to Vyper 0.4 with a Snekmate module map and pattern catalog — the fast path off Solidity.
Building something similar? Book a call →
Every engagement is scoped to a fixed price and timeline before any work starts — so you always know what you're getting and what it costs.
We talk through what you're building. Within 24h you get a 1-page Statement of Work — scope, deliverables, fixed price, timeline.
Sign the SOW, 50% to start in USDC. Engagements over $5k can run through escrow — your choice, no extra cost.
I build in the open with daily progress over Telegram / email. You watch invariants and tests go green as we go.
Code, tests, and report shipped. Final 50% on acceptance. 7 days of post-delivery support included.
I'm Khomenkov Yuriy (KhomDev) — an independent Vyper and DeFi engineer focused on the Curve ecosystem and protocol security. I don't ship isolated demos; I build composed systems where a stablecoin, ve-governance, a vault, and a DEX reinforce each other through small permissionless routers that move value but never hold a key to it.
My discipline is the same on every repo: write the invariant first, fuzz it hard with Hypothesis stateful machines, prove the risky integrations on a Sepolia / mainnet fork against the real contracts, then review my own work in the open and publish the trace.
Solo is a feature. You work directly with the engineer who writes the code — no account managers, no offshore handoff. Escrow and milestone delivery keep it low-risk.
One carried rule on every contract — no actor moves a solvent user's funds. The system is built to keep it.
Hypothesis stateful suites + Sepolia-fork runs against real Coil & real Curve pools.
Self-reviewed in public, on-chain traces published — audit-ready, and clear about what an independent audit still adds.
Chainlink Developer verification · public Cyfrin profile · active on Cantina & HackenProof.
Reports filed on live bug-bounty programs — PoC-backed and judged on their merits by independent triage.
A base-asset quantity (minSize) mixed into quote-unit fee accumulators, understating the per-fill minimum fee for sub-minSize fills. Filed with a Foundry PoC. Independent triage: "a well-researched observation … technically valid."
Outcome: closed Informative — protocol-revenue edge, no user-fund risk / out of bounty scope. Full report on request.
A single reverting claim in _executeClaims aborts the entire inbound LZ batch, forcing endpoint.clear() + manual re-execution of valid co-batched claims. Filed with write-up + PoC. Independent triage: "thorough write-up and PoC."
Outcome: closed Out of scope — UX/operational (no fund loss, no unauthorized access, retryable). Full report on request.
Two findings with passing PoCs covering a potential panic path in the NEAR exit bridge and a cross-contract overflow — submitted through the HackenProof program for the Aurora engine.
Outcome: submitted — verdict pending. Report available on request.
Client testimonials are on the way — engagements run under NDA until clients approve attribution. No quote here is published without a name behind it.
My own systems are self-reviewed, stateful-fuzzed, and fork-tested on Sepolia, and I build every system audit-ready. I'm not a substitute for an independent audit before mainnet — I make that audit faster and cheaper, and I can coordinate one.
Fixed scope, fixed price, settled in USDC (Request Finance or Coinbase Commerce). 50% to start, 50% on delivery. Engagements over $5k can run through a Safe multisig with a neutral signer or Kleros escrow — your choice, no extra cost.
Vyper's smaller surface area and explicitness remove whole classes of bugs, and it's the native language of the Curve ecosystem. Few engineers specialize in it — that scarcity is exactly why teams bring me in.
Reviews in days, integrations in 1–2 weeks, full builds in weeks — every engagement is scoped to a fixed timeline before we start. 24h reply on inquiries.
Yes to testnet and mainnet deployment with handoff. And yes, solo — you get the engineer, not a sales team. Escrow and milestone delivery keep it low-risk.
Tell me what you're building. You'll have a fixed-scope, fixed-price plan within 24 hours.
Book a call