Introduction
Hello everyone!
I’m Gustavo Grieco, a freelance blockchain security engineer, and I’m excited to announce my candidacy for the Arbitrum Security Council.
I previously spent ~8 years at Trail of Bits (TOB) working on security reviews across the Web3 ecosystem. During that time, I audited multiple components of the Arbitrum stack across its evolution from Arbitrum Classic to Nitro and most recently Stylus.
Last year, the DAO also elected me to serve as a Technical Expert for the Arbitrum Audit Program (AAP), where I help evaluate security reviews and coordinate with auditors working across the ecosystem.
Given my familiarity with the protocol and my background in smart contract security, I believe I can contribute meaningfully to maintaining the safety and resilience of the Arbitrum network.
Professional Background
My work focuses on identifying and preventing vulnerabilities in blockchain infrastructure and decentralized applications.
Over the past decade I have performed security reviews across a wide range of systems including:
-
Layer 2 infrastructure
-
Stablecoins
-
Lending protocols
-
Decentralized exchanges
-
Wallet infrastructure
-
Core smart contract systems
Within Arbitrum specifically, my work has included reviewing multiple generations of the protocol stack.
I was also part of the Trail of Bits team that audited the smart contracts used for this Security Council election, where we identified a low-severity issue during the review. I have also proven experience reviewing governance actions and emergency upgrades for Nitro/Stylus while at TOB, later overseen by the Security Council.
Beyond audits, I contribute to the broader Ethereum security ecosystem through open-source tooling such as echidna and hevm, which are widely used for fuzz testing and formal verification of smart contracts.
Motivation for Candidacy
The Security Council plays a critical role in protecting the protocol during emergency actions and governance-approved upgrades. Effective decisions require both deep familiarity with the system and strong technical judgment when evaluating security-sensitive situations.
One area I believe will become increasingly important is the use of AI-assisted security tooling and agent-based analysis to strengthen smart contract and protocol security for the Arbitrum infrastructure. Recent advances in AI systems are making it possible to augment traditional auditing techniques with automated reasoning, vulnerability discovery, and continuous monitoring. If used carefully, these approaches could significantly improve our ability to detect and prevent vulnerabilities in complex systems like Arbitrum and Stylus.
As a member of the Security Council, I would advocate for exploring and leveraging state-of-the-art security techniques, including emerging AI-based approaches, while remaining vendor-neutral and focused on open, security-first practices.
Combined with my experience auditing the protocol and working extensively with fuzzing and formal verification tools, I hope to help ensure Arbitrum continues to operate with the highest possible security standards.
Conflict of Interest Statement
I currently work as an independent freelance security researcher.
I do not hold any positions in other DAOs, Layer 2 projects, or competing governance bodies. My governance involvement in the ecosystem is exclusively with Arbitrum.
Additionally, through my role as a Technical Expert for the Arbitrum Audit Program, I am already bound by the Arbitrum Constitution and its associated conflict-of-interest requirements.
While I may continue performing security audits for various projects in the broader Web3 ecosystem, I will disclose any potential conflicts transparently and recuse myself from Security Council decisions if necessary.
Conclusion
Arbitrum has become one of the most important ecosystems in Ethereum, and maintaining its security is essential for developers, users, and the broader DAO.
With my background auditing the protocol, contributing to widely used security tooling, and serving as a Technical Expert for the Arbitrum Audit Program, I believe I can provide a strong technical perspective to the Security Council.
Thank you for your time and consideration.
Best regards,
Gustavo Grieco