Bespoke Protocol + Software Correctness R&D

Faults and vulnerabilities lurk everywhere.
Your systems deserve a future free from them.

Dr. Thomas Pani

About Me

I’m Dr. Thomas Pani, a freelance protocol and system correctness R&D engineer and researcher.
I help teams build software protocols where correctness and resilience are paramount, and failure in production is not an option.

Security audits are snapshots. I design & build system correctness.

I combine deep (semi-)formal methods and security expertise with hands-on engineering.
I build and integrate software that make systems robust by design.

Fuzzing & Simulation

I build integrations and deploy advanced techniques — using tools like AFL, libFuzzer, cargo fuzz, the Wake fuzzer, or Echidna/Medusa — engineered for maximum coverage, reproducibility, and depth to uncover critical system behaviors.

Formal Modeling & Verification

Leveraging powerful tools like Alloy, TLA+, Lean4 or Certora Prover, I apply formal verification to prove the correctness of your protocols and systems, ensuring reliability beyond traditional testing.

Training & Applied Research

I provide training and mentorship in formal methods, fuzzing, and security best practices. Applied research in protocol design and security, including implementation guidance, paper review, and public speaking.

Security Consulting & PL Advice

Offering expert guidance on security strategy, threat modeling, audit preparation, post-deployment monitoring, and leveraging programming language design for enhanced system correctness and security.

Some languages I work in: 🛠️ Solidity 🦀 Rust 🐹 Go 📐 Lean 🐍 Python 🟦 TypeScript

New! Workshop Recording

25-Minute Solidity Fuzzer: Fuzzing Smarter, Not Harder
Presented at Protocol Berg v2 - June 2025
Learn more

Selected Technical Contributions

Fuzzing Project for ▓▓▓▓▓▓▓▓ [client redacted]

2025 (ongoing)

Ongoing fuzzing project. Targets deep functional security properties through concrete execution and simulation.

🦄 Solidity / Ethereum

Solarkraft: Runtime Monitor

2024

Developed a low-latency runtime monitor for Soroban smart contracts on Stellar blockchain.

GitHub
🌟 Stellar Soroban Rust TypeScript Go

Verified Accountability in Ethereum 3SF

2024

Formal modeling of Ethereum 3-slot finality (3SF) consensus, exhaustively verified accountable safety.

GitHub
🦄 Ethereum (core proto) TLA+ Alloy SMT Python

Independent Security Audits

2022–Now

Independent security reviews on Cantina, Code4rena and Sherlock.
Competitive verification contests with Certora Prover.

🌌 Cairo / StarkNet 🌟 Soroban / Stellar 🦄 Solidity / Ethereum 🧬 Various Ecosystems

Apalache

2022–2024

Contributed to the symbolic model checker for TLA+ and Quint. Developed & verified formal specs around the Cosmos blockchain ecosystem.

GitHub
🧬 Various 🪐 Cosmos TLA+ Formal Verification

Quint

2022–2024

Contributed to Quint, language and tooling for writing formal TLA+ specifications in a modern way.
 

GitHub
🧬 Various Quint TLA+ Simulation Language Tooling

Tired of Big Firm Overhead or the Commitment of a Full-Time Hire? Let's Talk.

Why navigate the overhead of a large firm or the long-term commitment of a full-time hire?
I offer a powerful blend of strategic thinking and hands-on execution, precisely when and where you need it.

💡 Strategic Insight, Practical Execution

I'm not just a researcher; I'm an engineer ready to roll up my sleeves and build the solutions we uncover together.

🚀 Agile and On-Demand

Access expert help exactly when you need it, without the long-term contracts or overhead of traditional options.

💎 Value-Driven and Focused on You

Get the expertise you need without the big firm price tag. I'm committed to finding the right tools and solutions tailored to your specific challenges.

🤝 Solo, But Not Isolated

My strong network of fellow researchers and engineers is an extension of my capabilities, ready to be tapped when needed.

🏆 Direct Accountability, Exceptional Quality

You work directly with me, ensuring a personal commitment to delivering outstanding results.

🗣️ Strong Communicator, Team Integration

While I operate independently, I communicate effectively and integrate well into existing teams.

Impressum

Name:

Dipl.-Ing. Dr.techn. Thomas Pani

Adresse:

𝖧ardeɡgaѕse 65A/Ⳍ/11
𝟣𝟤𝟤𝟢 𝒲𝒾ℯ𝓃
Österreich

Kontakt:

E-Mail: office @ thpani.net
Tel: +𝟦𝟥 𝟨𝟩𝟩 𝟨𝟤𝟦 ৪৪𝟢 𝟦𝟢

Unternehmensgegenstand:

Dienstleistungen in der automatischen Datenverarbeitung und Informationstechnik

UID-Nummer:

ATU80152237

Mitgliedschaften:

Mitglied der WKO, WKW

Aufsichtsbehörde / Gewerbebehörde:

Magistratisches Bezirksamt Wien 22

Anwendbare Rechtsvorschriften:

Gewerbeordnung (www.ris.bka.gv.at)

Online-Streitbeilegung:

Verbraucher haben die Möglichkeit, Beschwerden an die Online-Streitbeilegungsplattform der EU zu richten:
http://ec.europa.eu/odr

Work With Me

I take on a small number of high-leverage projects where security is part of system design—not bolted on at the end.

Email Me Telegram Schedule a Call Project Intake Form