I'm a developer from Germany. By day I do quantitative research on prediction markets (mostly Polymarket microstructure and orderbook stuff). On the side I read a lot of open-source code and file the bugs I find, which is what most of the activity on this profile is about.
My path was not the standard "CS undergrad straight into a SWE job" one:
- Three-year vocational programme in business IT (German qualification: Kaufmännischer Assistent zur Informationsverarbeitung)
- Higher-education entrance qualification (German: Fachhochschulreife)
- Started a Bachelor in Informatics out of curiosity, dropped out without finishing because I learned more building real systems than working through the curriculum
I'm self-taught in everything that matters for what I do now. Reading unfamiliar codebases carefully is a big part of how I learn, and the contribution sprints on this profile are mostly that practice spilling outwards.
The card above counts what's actually visible: issues filed in public repos and PRs maintainers wrote to fix them. I try to write each report well enough that the maintainer can ship the fix without follow-up questions.
A few categories I keep coming back to:
- TypeScript / Python / Rust / Solidity SDK code-correctness: async race conditions, lifecycle bugs, decimal precision, type-binding drift between SDK declarations and runtime behaviour
- OpenAPI generator artefacts (missing enum cases, schema validation gaps)
- Auth callback routing failures and token-lifecycle issues
- HackerOne reports and coordinated GHSA disclosure for security findings
- Polymarket/clob-order-utils#22 -> PR #23: Insecure Math.random salt generation, switched to crypto.getRandomValues with 53-bit JSON-safe cap
- drizzle-team/drizzle-orm#5839 -> PR #5857: mysql2 + singlestore iterator leaking event listeners, plus a regression test that pins the listener count
- vercel/turborepo#12975 -> PR #12976: turborepo-auth using reqwest::Client::new() with no timeouts, fixed and shipped in a canary the same day
- open-webui/open-webui#25464 + #25465 -> PR #25478 + #25479: terminal proxy hang + interval cleanup leak
The full list lives in the issues and PRs tabs on this account.
Yes, I use Claude Opus for a lot of my issue and PR drafting and for the verification passes that run before I file anything. It's a tool I rely on the same way I rely on an IDE or a linter.
If you maintain a project I've reported on and you'd rather not receive AI-assisted reports, just say so on any of my issues or PRs and I'll stop on your repo. I'd rather lose a finding than burn a maintainer relationship over disclosure style.
I sign every commit with my SSH key (ED25519 SHA256:CWX60WPoOQcianliIELliGtEftFs9vEnkLmywphAUP8) and read everything I push. AI does the heavy code reading and drafting; the call to file and the responsibility for what gets filed are mine.
- HackerOne: hackerone.com/nexory
- Email for coordinated disclosure: visible on my GitHub profile sidebar
Sometimes useful for a maintainer who'd like to send a thank-you for a finding, or just if something here helped you.
| Chain | Address |
|---|---|
| ETH / EVM (Mainnet, Base, Arbitrum, Optimism, Polygon) | 0xc70d9CAbe1d11Edb126E6be7793D1E09cf5C7F89 |
| Solana | FqDxFXK21qsFamTrFgDAqYXd3L5MNshArf4RD2pbpTt |
| Bitcoin (native SegWit) | bc1qeepx83cenkjv29q0gvs8g74u7ujfexcgfsn9wc |