founder
Droppie
No-code tool to turn a CSV into a gas-efficient Merkle-proof airdrop on any EVM chain — deployed straight from your wallet, claimable in one click. App + server + Solidity.
~/anukul/experiments · 0% cool · 100% shipped
i’m Anukul Pandey — i ship production protocol infrastructure (indexers, explorers, data APIs) on EVM chains, and i break web apps with permission. 3+ years, 10+ chains, an acknowledged bug-bounty researcher, and everything ends up on a subdomain.
Built and ran indexers, the Reefscan explorer, and data APIs polling in lockstep with the 10-second block time (~8,600 syncs/day, indexed data within ~10s of chain head). Led the EVM migration from Substrate-EVM to PolkaVM — shipped the @reef-chain/evm-util-lib SDK, a Reefswap Uniswap-V2 fork, the Sqwid NFT marketplace, a Blockscout explorer fork, a Rust resolc contract verifier, and node/validator infra. Cut a 3–4 hr release process to ~2 min, and fixed the qix npm supply-chain vuln.
Built the multi-chain wallet & payments layer for a creator-first AI video + NFT platform: WalletConnect + MetaMask SIWE auth, Reown multi-chain support, chain-aware routing, a canonical blockchain server, and a hot-reload Docker dev stack (Colima, Infisical).
Built a cross-platform desktop app with Tauri (Rust) + React + TS for an AI venue product: an AI chat assistant, structured menu CRUD, guest-feedback UX, and crash/performance triage.
Built the Flutter mobile app for a social challenges & payments platform — passkey auth, chat, challenges, notifications, in-app Stripe payments — plus Rust backend services for auth, Stripe webhooks, and transaction APIs.
Authored 50+ merged PRs (docs + sample apps) across 15+ stacks — PHP, Rust, JS/TS, Python, Java, .NET, Go, Elixir, Swift, Kotlin, RN, Next.js, Nginx — covering OpenTelemetry app- and OS-level instrumentation.
Replaced paper defect-tracking across 8 assembly zones with a QR-driven web app (zone forms + SMS alerts) and a paperless records app (Flask, PyMongo). Earlier, environmental-monitoring instrumentation + Kaizen process proposals.
not just blockchain — an AI contract auditor, a freelance SaaS, security tooling, client landing pages. every screenshot captured live: pulled from the running site, or cloned & run locally just for this wall.
founder
No-code tool to turn a CSV into a gas-efficient Merkle-proof airdrop on any EVM chain — deployed straight from your wallet, claimable in one click. App + server + Solidity.
live
Stripe for AI-agent API calls. Wrap any REST endpoint in a pay-per-call gate — agents pay in USDC over the open x402 protocol, on-chain, no API keys, no humans in the loop.
live
Blockchain explorer + indexers syncing with the 10s block time (~8,600 syncs/day). CoinGecko-compatible supply APIs, cross-chain supply accounting, 4 exchange/on-ramp integrations.
AI
An AI-powered smart-contract auditor. Paste a BSC/opBNB address or code — it fetches verified source, analyses 50+ vulnerability patterns, simulates transactions, and publishes audit attestations on-chain.
private
My private bug-bounty research console — password + WebAuthn security-key gated. Where the recon notes, payloads and findings live before they become disclosures.
live
Never guess your makeup shade again. Paste any product link — Nykaa, Sephora, Amazon, MAC — and Tryo extracts the true pigment and renders it on your face in real time (468-pt mesh, AI shade-matching).
SaaS
Your entire freelance business in one place — time tracking, invoicing, expenses & tasks, beautifully designed and seamlessly integrated. Full marketing site + app.
client
A booking site for a private eco-farmhouse in Madhya Pradesh — “slow mornings under the teak canopy.” Full landing with gallery, surroundings, tariff and one-tap call / WhatsApp.
4.4k+
Co-founded content brand — your hub for hacking, AI & tech. Bite-sized ethical hacking & cyber-security, plus a blog for the long-form breakdowns. 4,400+ followers across IG, Telegram & more.
grant
ENS-style on-chain naming — registry, ERC-721 base registrar, commit/reveal controller, public resolver + web app. Reef Community Developer Fund grant recipient.
tool
One console line, N WhatsApp messages. A tiny DevTools snippet generator for WhatsApp Web — fill in message, count & delay, copy, paste. Zero install, all client-side.
tooling
Open-source security tools: sqlinjector (SQLi scanner + dork scanner), LFI-Hunter, a dir-buster, a WebRTC deanonymization PoC, and a qix npm supply-chain scanner.
responsible disclosure only. some findings are public, most stay under wraps — here’s what’s on the record.
A resolved GitHub bug bounty ($500), GitHub Thanks & reputation, hunting since 2022. Screenshot straight from the public profile — click through to verify.
Surfaced an access-control gap in organisation internal repositories — an external, non-member collaborator could hold hidden push access that didn’t surface in the members list. Reported via HackerOne, triaged & fixed. GitHub Thanks · reputation 22.
Cross-site scripting on a public surface — reported and acknowledged in Domino’s official responsible-disclosure hall of fame.
A web-app vulnerability responsibly reported & documented to the institution — patched after disclosure.
OWASP Top 10 the manual way — SQLi, LFI, XSS, broken auth, access-control & logic flaws — with Burp Suite plus my own tooling: sqlinjector, LFI-Hunter, a dir-buster, a WebRTC deanonymization PoC and a qix npm supply-chain scanner.
I break it down in public on Coding Jungle, keep open teardown notes in nice-catch, and file everything responsibly — reports first, writeups later.
Indexers, explorers, EVM/PolkaVM, contract dev & testing, protocol forking, Substrate/Polkadot, Hardhat, wagmi/ethers, MetaMask, IPFS
TypeScript, JavaScript, Python, Rust, Solidity, C++
Node.js, Flask, Docker, Nginx, CI/CD automation, Linux, Bash, Git, OpenTelemetry
PostgreSQL, MongoDB
React, Next.js, Vue, Nuxt, Flutter, Tauri
Web app pentesting, vuln research & responsible disclosure, exploit tooling, OWASP Top 10 (SQLi, LFI, XSS, broken auth), Burp Suite
i build in public. security & code, mostly.
cool is a cage. this is where i keep the receipts — protocols i forked, apps i shipped, bugs i reported. every experiment gets a subdomain and a burst of hyperfocus.
hand-rolled · html · css · vanilla js · no framework · no tracking · just vibes