Eman Herawy is a blockchain developer and smart contract security auditor with 6+ years of hands-on experience across EVM, Polkadot, and Sui. She began her blockchain journey in 2017, specializing in Solidity smart contract development, and expanded into security auditing, working across competitive platforms and at Nethermind, where she audited 10+ production protocols with findings ranging from Critical to Informational.
Her technical work spans Solidity (advanced), TypeScript, Rust, and Move, enabling her to build and review contracts across multiple ecosystems. Eman has won 10+ international Web3 hackathons (2023–2026), demonstrating consistent problem-solving depth across EVM, cross-chain, FHE, and AI-integrated systems.
She is a Chainlink Developer Expert with production-level experience in CRE, CCIP, CCT, VRF, Price Feeds, Functions, and Automation. She holds the Macro Smart Contract Security Fellowship Badge and Secureum RACED Badge.
Beyond technical work, Eman founded Arabs in Blockchain, the largest Arabic-speaking Web3 community, and co-founded NoonDAO, the first Arab women-led DAO.
Eman is a TechWomen Emerging Tech Leader (2022) and Devcon Scholar Alumni, holding a Master's degree in Cloud Computing Networks from Cairo University.
📚 Master's degree in Cloud Computing Networks, 2020, FCI, Cairo University
🔬 Graduation Research: Innovation in Storage: Opportunity & Challenge — Decentralized Storage Systems
Languages: Solidity (Advanced), TypeScript, Rust, JavaScript, Move
Frameworks & Tools: Foundry, Hardhat, Anchor, Slither, Next.js, React, Node.js, Bun
Blockchain: Ethereum, EVM L2s (Arbitrum, Optimism, Base, Polygon, Zircuit), Polkadot (Substrate, FRAME), Aptos, Sui, Solana
Chainlink: CRE, CCIP, CCT, Price Feeds, VRF, Functions, Automation
Security: Manual Review, Slither, Foundry Fuzzing, Forta, PoC Development
Specialties: AMM, DEX, Vault, Governance, Token Vesting, Upgradeability, NFT, Bridging, Cross-chain, Account Abstraction
AI & Agents: Prompt engineering, agentic workflow design (CrewAI, OpenClaw.ai), LLM API integration (OpenAI, Anthropic, Gemini)
I approach audits with emphasis on manual review, business logic analysis, and edge case identification beyond what automated tools surface.
Professional Experience:
- Nethermind — Smart Contract Security Auditor Intern (Feb 2024 – May 2024)
- Audited 10+ production protocols; findings ranging from Critical to Informational
- Identified a Critical vulnerability on the final night of an extended audit by spotting a missing edge case in the test suite. Competitive Auditing:
- CodeHawks Competitive Audits: 3 High, 2 Low
- Sherlock: 1 Medium (ranked #18 in Symmio)
- Cantina: 1 Informational
- HackenProof: 2 Informational (Sui/Move)
- CodeHawks First Flights: 10 High, 1 Low
First Flights Authored:
- Secret Vault on Aptos — First Flight #46 · Move/Aptos · Secure secret storage with access control
- Aptos Pizza Drop — First Flight #47 · Move/Aptos · Randomized token distribution mechanism
Security Tooling: Slither, Foundry Fuzzing, Forta, PoC development, manual review
Certifications:
- Macro Smart Contract Security Fellowship Badge
- RACED Badge — Secureum
- EthGlobal Buenos Aires 2025 — Bounties Winner (Chainlink CRE + Zircuit + Octav) · Wolfy
- EthGlobal Taipei 2025 — Finalist + Bounties Winner (1inch 3rd place + Celo) · EthereumFighter
- Agentic Ethereum 2026 — The Graph: Best Use of The Graph with an AI Agent (2nd place) · Hadi
- Womxn Hack 2024 — DeFi Track Winner
- EthGlobal Brussels 2024 — Bounties Winner
- EthDenver 2024 — Bounties Winner · ZTrust
- Forta Hackathon 2024 — Winner · EigenWatcher
- EthGlobal Istanbul 2023 — Bounties Winner
- Fuel Network Istanbul Hacker House 2023 — Winner
- Chainlink Constellation 2023 — 1st Place (Web3 Gaming & Dynamic NFTs) · Ceptor-Tech
- EthGlobal Superhack 2023 — Bounties Winner
- EthDenver 2023 — Bounties Winner · Geni
| Project | Year | Description | Stack |
|---|---|---|---|
| zarqaa | 2026 | Real-time Web3 transaction security intelligence — 8-stage contract analysis (source verification, audit history, CVE scanning, MEV risk) before you sign | Rust, TypeScript, Next.js |
| TrustRail | 2026 | Privacy-preserving compliance infra for Web3 — only binary attestation hits chain, personal data stays confidential in Chainlink TEE | Solidity, Chainlink CRE, World ID |
| SafeClone | 2025 | Chrome extension that detects supply chain attacks in GitHub repos (malicious VSCode tasks, npm scripts, obfuscated code) before you clone | TypeScript |
| Wolfy | 2025 | Browser extension wallet with EIP-7702, hardware wallet support (Arx HaLo + Firefly), multisig, and Chainlink CRE x402 payment workflows — EthGlobal Buenos Aires (3 bounties) | TypeScript, Solidity |
| EthereumFighter | 2025 | PvP AI trading battle arena with FHE encrypted strategies + 1inch Fusion+ cross-chain swaps — EthGlobal Taipei Finalist | TypeScript, Solidity, FHE |
| EigenWatcher | 2024 | Forta bot monitoring EigenLayer deposits, withdrawals, pod creation, and protocol events | TypeScript |
| Ceptor-Tech | 2023 | On-chain D&D with full Chainlink stack (CCIP, VRF, Automation, Price Feeds, dynamic NFTs) — Chainlink Constellation 1st place | JavaScript, Solidity |
| Geni | 2023 | Auto-generates security test specs for EVM smart contracts (Foundry + Echidna) — ETHDenver winner | JavaScript, Solidity |
| Polkadot SDK — OpenGov Precompiles | 2025–2026 | Production-ready governance precompiles contributed to Polkadot SDK runtime via OpenGov-funded bounty | Rust |
| pq-agents | 2026 | Post-quantum agent marketplace — hybrid ML-DSA-44 + ECDSA signatures, World ID verification, ERC-4337 AA — ETHGlobal Cannes | TypeScript, Solidity |
- Polkadot Blockchain Academy — Protocol Track (Bali, 2025)
- Chainlink Developer Expert: CRE Masterclass
- Chainlink Developer Expert: CCIP Masterclass
- Macro Smart Contract Security Fellowship Badge
- RACED Badge — Secureum
- Devcon Scholar Program — Ethereum Foundation
- Blockchain: Foundations and Use Cases
- Blockchain Developer - Mastery Award — IBM
- Blockchain Developer - Explorer Award — IBM
- Polkadot Blockchain Academy — Protocol Track (Bali, 2025)
- Uniswap Hook Incubator — Atrium Academy
- zkEVM Bootcamp
- ReFi Talent Program — Frankfurt School
- DeFi Talent Program — Frankfurt School
- Macro Engineering Fellowship — Macro
- TechWomen Emerging Leader — U.S. State Department
- Secureum Bootcamp — Secureum
- Devcon Scholar — Ethereum Foundation
Follow along in my vibe-learning repo — that's where I document what I'm actively studying.
- Post-Quantum Cryptography (ML-DSA, lattice-based schemes) — Rust
- Ethereum Protocol internals (EPS 2026)
- Move / Sui ecosystem
- Solana development
- From Building Workflows to Breaking Them — Jan 2026
- Building with Chainlink CRE — Lessons from a Decentralized x402 Payment Facilitator — Nov 2025
- Why Everyone in Web3 Should Participate in a Hackathon — Oct 2025
- 10 Smart Contract Vulnerabilities with Code Examples — Sep 2023
- Smart Contract Vulnerabilities: Euler Finance Hack Case Study — Sep 2023
- Flash Loans: The Double-Edged Sword of DeFi — Aug 2023
- Innovation in Storage: Opportunity & Challenge — Research paper
- Founder @ Arabs in Blockchain — largest Arabic-speaking Web3 community
- Co-founder @ NoonDAO — first Arab women-led DAO
- Co-organizer @ Arab Blockchain Week
- Chainlink Developer Expert
- Ethereum.org Translation Program Contributor
"Building secure, scalable decentralized systems while empowering the next generation of Web3 innovators"
