I’m locking in for the 1001 Day Cantina Challenge (shoutout @_hrkrshnn for sparking it). The mission: turn 0 → $1M in security research over the next ~3 years. I’ll share everything along the way — bugs, audits, lessons, wins & losses. It’s a long game.
If bug bounty hunters get rated like Pokémon stats and projects can see all that, why don’t we get the same visibility on them? Some of us earned trust, built skills, the least these platforms could do is give us the project stats back. Costs them nothing AND boosts their own…
I think the top bug hunters should be rewarded by the bug bounty platforms with DATA. I want to know which projects are actually worth my time to audit, not waste hours on trial and error. Give us a transparent list of projects that actually care about security. It’d save a…
I think the top bug hunters should be rewarded by the bug bounty platforms with DATA. I want to know which projects are actually worth my time to audit, not waste hours on trial and error. Give us a transparent list of projects that actually care about security. It’d save a…
Are we done with conditional prize pools yet? So we can finally come back.
Cyfrin CodeHawks is dedicated to transparent and fair prize pools. We’ve made the decision to never host tiered prize pools in their current form on our platform. Here’s why 👇
Hit where it hurts: a short guide and description of vulnerability.
“Two roads diverged in a wood and I — I took the one less travelled by, and that has made all the difference” – Robert Frost
Talk the talk, walk the walk. Don't talk the walk, don't walk the talk. Duh.
Almost half the researchers at RareSkills are from Nigeria. If you can’t find good talent there, it’s a skill issue with recruitment, not a country problem.
It's funny how this project is even audited by top firms
Astera has experienced a security exploit. Our team confirmed the attack at 17:39 AEST and immediately paused the Core Pool and all Mini Pools. Currently no deposits or withdrawals are possible. We are working with our security partners to trace and recover funds. Full…
A fantastic post on "AI-driven development" and how to think about it in your engineering flow. Thanks @hansfriese chrisloy.dev/post/2025/09/2…
What I would really recommend is to learn by understanding the codebases directly. This might not be the best advice for those going from 0 to 1. But I'd say it's the best to go from 1 to infinity
I wouldn't recommend learning from reports, but if you want to make the best of your time, I'd say to only check this: - Code fix - Attack flow - Impact Just look for novelty on any of those fields, nothing more. Build concepts, not checklists. If any of those is vague, ignore…
I have been accepted to School of Solana Season 8 by @AckeeBlockchain Join me in learning Rust and developing Solana programs! ackee.xyz/school-of-sola…
💯
Many don’t want to read this, but the most important thing one must do to succeed as SR is work It doesn’t matter how much you study or how brilliant is your roadmap, it’s all worthless if you don’t put in the hours
After teaching 1,500+ graduates through the School of Solana, we've compiled The Solana Programs Security Checklist. Now, we're sharing it to help devs and security researchers level up. Want it? ✓ Repost ✓ Comment: Alpenglow We'll DM you (must be following).
What I like most about myself is the ability to never feel satisfied even after a major win. I hit a 100k crit back in August, felt happy for a day then went back to work to hit 200k this month, and still have many more stuff coming for October. Happiness and excitement are…
I’ve seen a lot of Web3 teams confuse Fuzzing and Formal Verification. They’re not the same. - Fuzzing throws inputs at your contract to find bugs. - FV proves your contract behaves correctly in all cases. Made this visual to show the difference clearly 👇
4 rules for safe ECDSA recover: • Signature must be 65 bytes • s in lower half-order • v only 27 or 28 • Recovered signer ≠ address(0) 💡 And ofc - use ECDSA.tryRecover - don’t reinvent the wheel.
Day 13/1001 Spent today messing around with consensus protocols — PBFT & HotStuff specifically. I am still wrapping my head around how they work, their code implementations, the inspiration behind them, and how modern blockchains tweak HotStuff for scalability + safety.
🧙♂️Wise sage @pks_ once sad: 🧠 Thoroughly review related third-party codebases first 📜 "When auditing an unfamiliar codebase, it's essential to thoroughly review related third-party codebases first. For instance, when..."👇 web3-sec.gitbook.io/art-of-auditin…
United States الاتجاهات
- 1. #DWTS 40.9K posts
- 2. Whitney 13K posts
- 3. Giannis 15K posts
- 4. Brunson 5,950 posts
- 5. Elaine 42.9K posts
- 6. Sixers 20.8K posts
- 7. #RHOSLC 5,386 posts
- 8. Alix 5,601 posts
- 9. Andy 65.2K posts
- 10. #WWENXT 15.9K posts
- 11. Ryan Rollins 1,361 posts
- 12. Kuzma 1,112 posts
- 13. Markstrom N/A
- 14. Flyers 8,783 posts
- 15. Don Lemon 8,856 posts
- 16. CJ McCollum N/A
- 17. Bucks 24.3K posts
- 18. Caden 6,095 posts
- 19. Josh Hart 1,202 posts
- 20. Sabonis 1,792 posts
Something went wrong.
Something went wrong.