3DOↃ Security
@3DOCsec
Cyber entomologist | warden, judge, Zenith @code4rena | FV ambassador @CertoraInc
LLMs are bringing security research to the next level. Yesterday, they made up non-existing bugs. Today, they make up non-existing code, and report bugs on it. Tomorrow, they'll reply to this post saying how game-changing their model is over the ones I'm talking about
You can measure how vulnerable the code is after a contest. This can help: - Projects and users to estimate hack risk - Bug hunters to scope targets - Ecosystem to track what works best - Platforms to manage reputation risk TL;DR: More solo findings -> more hidden bugs. This…
Code4rena will run audit contests for free, as public goods. 100% of funds from sponsors will go directly to auditors and judges. We won't take any cut. Why? 1. Competitions are commodities. They're CRUD apps. Why should builders pay premium for a website just to submit bugs?…
Straight to bookmarks 💯
We retrieved every contract on Ethereum. Along the way, we found the exact date when 16,000 unique contracts were deployed (the most in one day), the EOA with the most deployed contracts (2.9M), and much more. This is how we did it.🧵 (Spoiler: It’s 69,788,231 contracts!)
BOUNTYHUNT3RZ Episode 12: w/ @tpiliposian @0xriptide Bringing out the AUDITOOOR We discuss how auditors and bounty hunters differ, @hexensio audit model, what the @CertoraInc prover actually does, what devs should do prior to deploying, RED FLAGS to look for when looking at a…
👀 Hacker mindset but white hat, passionate, dedicated, attention to detail, you wanna work with us? ➡️📩@PabloSabbatella @opsek_io
Opsek is growing: we are looking for the best talent obsessed with Cybersecurity and blockchain technology. If you are, drop me a dm. btw, we don't work with anons, camera always on.
Kicked from Immunefi for not paying? Hold my beer.
In November, I submitted a critical bug to Cronos (@cronos_chain) which they downplayed and have since been kicked off Immunefi. Here's some info about the bug and an example of how projects can simply not pay a fair amount. Report: gist.github.com/fatherGoose1/6… tl;dr: - It's a…
The best time to start writing searchable notes about design and gotchas of the protocols I work on was a couple of years ago. The second best time is now 🎧@bountyhunt3rz
Certora is now open source! What’s your excuse now for not securing your protocol, anon?
“Multiply it by infinity and take it to the depths of forever, and you will still have barely a glimpse of what I’m talking about.” - SR escalating their finding
From pentesting to Web3 security, he addresses threats like phishing, fake interviews, and stolen private keys. With a focus on eliminating single points of failure, @theSouilos prioritizes risks that could shut down an entire company or protocol. His mission: protect…
On January 27h, @code4rena will introduce the @chainlink contest awards. And you'll see why 1987 won't be like "1987".
What is the #1 code quality measure? It's BORING. Below is one of my bookmarks from well before I started my security research journey. Yet, I find it even more relevant to this field. youtu.be/5TJiTSWktLU?fe…
youtube.com
YouTube
JDD 2018: Reactive programming: lessons learned by Tomasz Nurkiewicz
Introducing Zenith: an auditing firm that delivers good, affordable audits ASAP. Teams want to ship this week, not next month. And without critical bugs. We pick a team of top auditors and manage the audit. It's hassle-free. No more waiting: we can start at a moment's notice.
anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. if you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected) if you run a service that can blacklist addresses, do your thing with…
21 contests running simultaneously: 6 of these have 6-figure pots, one has 7 figures (source dailywarden.com); this without considering bug bounty programs. Can protocols putting less than $50k on the table for a public contest really expect decent coverage in return?
United States Trends
- 1. Texas A&M 12.1K posts
- 2. South Carolina 12.7K posts
- 3. Marcel Reed 2,446 posts
- 4. Aggies 3,626 posts
- 5. Nyck Harbor 1,257 posts
- 6. College Station 1,929 posts
- 7. Jeremiyah Love 3,144 posts
- 8. Elko 2,266 posts
- 9. Malachi Fields 1,349 posts
- 10. Mike Shula N/A
- 11. Dylan Stewart N/A
- 12. Shane Beamer N/A
- 13. #GoIrish 2,992 posts
- 14. Sellers 10.2K posts
- 15. Michigan 41.9K posts
- 16. TAMU 5,682 posts
- 17. Northwestern 4,266 posts
- 18. Zvada N/A
- 19. Randy Bond N/A
- 20. Sherrone Moore N/A
Something went wrong.
Something went wrong.