Muhammad Rifqi Haikal

Summary

Smart contract auditor and CTF player focused on finding vulnerabilities in DeFi protocols and on-chain systems. Experienced across the full audit workflow — reading codebases, tracing execution paths, and writing actionable reports. Active competitor on Sherlock, Code4rena, Cantina, and Codehawks with confirmed findings. Outside of audits, competing in CTFs with TCP1P across web, Web3, and cryptography categories.

Audit Results

• 1 valid Medium severity finding confirmed

• Top #1 ranking out of all participants

Experience

• Participating in competitive smart contract audits on Sherlock, Code4rena, Cantina, and Codehawks.
• Analyzed DeFi protocol audit reports to identify vulnerability patterns and attack vectors.
• Studied EVM internals and common vulnerability classes including reentrancy, price oracle manipulation, flash loan attacks, and access control flaws.

• Solved 100+ challenges across 30+ competitions spanning web, Web3, cryptography, forensics, and reverse engineering.
• Authored Web3 challenges for the TCP1P CTF Platform.
• Published writeups for 50+ challenges at blog.kudaliar.id.

Achievements

• Top #1 — Codehawks First Flight #56 (2025)
• 3rd Place — RITSEC CTF, team TCP1P (2026)
• Top 15 Pentester — CyberAcademy Helium Challenge (2026)
• Solved 100+ CTF challenges across 30+ competitions with 10+ categories

Projects

• On-chain forensics and investigation toolkit for Solana — traces fund flows and identifies suspicious transaction patterns.

• OSINT-based financial threat intelligence platform. Python backend, React frontend, Docker, 92 passing tests.

Skills

Certifications

• Cyfrin Updraft: Smart Contract Security
• Cyfrin Updraft: Uniswap V4
• Cyfrin Updraft: Advanced Web3 Wallet Security