Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
@broccolirob
broccolirob
Follow

Robert Schneider broccolirob

🥦
Product security engineer for Web3 systems · former Trail of Bits · audit tooling, invariants, fuzzing, CI security, AI security workflows

Block or report broccolirob

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
broccolirob /README.md

Robert Schneider

Security engineer focused on Web3 product security, protocol review, and security automation.

I help teams secure protocol and product changes from design through deployment: threat models, invariant and fuzz testing, CI security gates, review heuristics, monitoring/runbooks, and remediation guidance.

Former Blockchain Security Consultant at Trail of Bits. My public review work includes Franklin Templeton, Immutable zkEVM Bridge, Seaport, Maple Finance V2, LooksRare, Arcade.xyz, MYSO v2, Primitive Hyper, and a Code4rena high-severity finding in Stader.

Focus areas

  • Protocol security: Solidity, EVM, DeFi accounting, access control, oracle assumptions, upgradeability, governance/signer risk
  • Product security engineering: threat modeling, CI security checks, monitoring rules, incident runbooks, privileged-role hardening
  • Security automation: fuzzing, invariant testing, static analysis, audit notebooks, graph-based review, AI-assisted review workflows
  • AI security: RAG hygiene, prompt-injection-aware pipelines, audit-drift detection, human-in-the-loop review

Selected public security review work

  • Franklin Templeton tokenized fund
  • Immutable zkEVM Bridge
  • Seaport / OpenSea
  • Maple Finance V2
  • LooksRare
  • Arcade.xyz
  • MYSO v2
  • Primitive Hyper
  • Code4rena high-severity finding: Stader, 2023

See: work-sample

Featured projects

Project What it demonstrates
work-sample Public security review writing samples from Trail of Bits and Code4rena
meridian Audit notebook generator for turning codebases into navigable security-review workspaces
ledgerline Web3 payment/revenue infrastructure with on-chain Merkle anchoring, tests, and verifier flow
rag-hygiene-scanner CI-friendly scanner for prompt-injection indicators, risky HTML/Markdown, PII, and secret-like content
solidity-audit-graph Solidity code graph tooling for protocol review workflows

Current interests

I am especially interested in security roles that combine hands-on engineering with deep review of production systems: product security, protocol security, security tooling, Web3 infrastructure, and AI-assisted secure development.

Contact: LinkedIn · SuperDroids

Pinned Loading

  1. work-sample work-sample Public

    Public security review portfolio: Trail of Bits protocol reviews and Code4rena high-severity finding.

  2. meridian meridian Public

    AI-assisted audit notebook generator for Solidity/codebase review: flows, attack surface, risks, and diffs.

    Python

  3. ledgerline ledgerline Public

    x402 revenue subledger with double-entry recognition, Merkle anchoring, Solidity contracts, and verifier flow.

    TypeScript

  4. rag-hygiene-scanner rag-hygiene-scanner Public

    CI scanner for RAG corpus risks: prompt injection, risky HTML/Markdown, PII, and secret-like content.

    Python

  5. solidity-audit-graph solidity-audit-graph Public

    Graph-based Solidity analysis tooling for smart contract audit workflows.

    Python

AltStyle によって変換されたページ (->オリジナル) /