Korok
@0xKorok
Independent Security Researcher | DM for private audits
Found an uninitialized implementation contract in a factory. Anyone can initialize it which writes an arbitrary bytes32 to the protocols shared storage. There is no impact on the overall system (trust me I checked) but I was tempted to initialize it with “Korok was here” as such…
Sometimes after finding a bug I’ll implement a fix myself. To test the dev skills! This backfired today when I forgot to revert my fix, then ran my PoC (one last time for good luck) before submission… suddenly the bug was gone. For 5 minutes I thought I’d lost my mind hahaha
The latest iteration of @cantinaxyz rep score makes it much harder for the average auditor to increase their score. I’m curious what others think of this change. I’ll share my thoughts below 👇 As a Cantina user who was, and continues to be, adversely impacted by this change I…
I managed to get a high with only 1 duplicate in the Velvet contest. I’m happy with the result. Thanks @cantinaxyz for the opportunity. The grind continues!
Imagination is a great way to make auditing more fun. In games you often spawn as an insanely fit, perfectly aged, and untiring hero free of mundane concerns like food, money, or household chores. Not so with auditing. Every bit of an auditors ability is earned.
I believe auditing is like beating a boss in a video game The first time you fight it, you don't know anything about it, so you: - study its patterns & behaviors - identify ways to go around its defenses - try different attack strategies - keep going until you get that xp & loot
I feel like auditors also need some strategic ignorance or delusion. Most would be highly demotivated by the reality of what it takes. Better to be irrationally optimistic and deal with it day by day. Every time I sit down I think to myself “I’m just here to learn”
I think the key with auditing is to imagine the worst possible outcome, then multiply it by 10 and prepare for that mentally. Contest? Worst case scenario I find nothing -> worst case scenario I spend 100 hours analyzing 10 leads only for them to turn out invalid. Bounty?…
Earned 4th place in the Size contest (tied with others). It always blows my mind the difference an extra low dup count finding can make. In this case it was the difference between a $171 and $4500 reward. Congrats to the other competitors who found bugs. Back to the grind!
I switched from bounties to contests in Feb. It’s a different rhythm but I’m getting into it. Happy with this performance 7th place with 2 mediums and 1 low. This was my first @cantinaxyz competition, great platform. Judging is strict but that’s better than the alternative.
I’ve long believed that a well-developed imagination fuels creativity, and together, they create a massive advantage—not just in bounty hunting, but in life. At some point, imagination and creativity form a self-reinforcing loop: imagination sparks creativity, and creativity…
I planned to write a guide about hunting in the wild, but it came out as something completely different. It's the story of a JRPG about hunters, realms, guilds, monsters and necromancers.
Inspired by @WhiteHatMage's post, I might start calling disclosures made outside traditional BBPs “wilderness bounties.” After all, “hunter” has always sounded cooler than “security researcher,” and there’s something epic about the idea of hunting in the wilderness. Not everyone…
Another Critical found in the wild 🐗 The realm was saved, and the king honored me with some gentle words and a generous reward 🍀💰 Grateful with the team. Top-tier 🏅 I'll write an article with some tips for hunting outside of bounty platforms if anyone is interested ✍️
United States Tendências
- 1. Chiefs 102K posts
- 2. Branch 29.8K posts
- 3. Mahomes 31K posts
- 4. #TNABoundForGlory 50.4K posts
- 5. #LoveCabin N/A
- 6. LaPorta 10.1K posts
- 7. Goff 13.4K posts
- 8. Bryce Miller 4,230 posts
- 9. Kelce 15.7K posts
- 10. #OnePride 6,286 posts
- 11. #LaGranjaVIP 47.5K posts
- 12. Dan Campbell 3,349 posts
- 13. #DETvsKC 4,825 posts
- 14. Butker 8,354 posts
- 15. Mariners 48.2K posts
- 16. Gibbs 5,511 posts
- 17. Baker 53.9K posts
- 18. Pacheco 4,889 posts
- 19. collinsworth 2,924 posts
- 20. Mike Santana 3,985 posts
Something went wrong.
Something went wrong.