I got a Bug Bounty 🎉 on @xyz_remedy https://t.co/eXRfRwvBZM

It's December, most workers will be taking a break or holiday. Most auditors too, but those who know the grind know this is when to lock in and redefine your new year.

This is the truth

Balancer and Yearn are wake up calls. We need to get our shit together as an industry. The black hats aren't waiting for us to figure it out. They are ramping up their efforts.

Within the first 2 minutes of the talk Mitchell confirms that bounty hunters are getting a worse deal over time

If you're wondering why hacks are increasing recently here is your reason, projects are not compelled to honor any agreements, and are mostly shameless. Until money is stolen most DeFi companies treat user funds as expendable because we're a fundamentally unserious industry.

I laugh when people say this and think it's a flex. Hungry unemployed upskilling "white-hats" + AI with infinite time to look at your code, we're not even there yet and top protocols are getting hacked left and right. It is almost imperative to make sure this doesn't happen.

You know it's a bear market when @aave cannot hold a 7 figure contest for an already heavily audited codebase. Simply terrible ev for highly skilled auditors, so they won't participate. Less eyes on code is always a bad idea, ask Balancer.

Learning things fast is a skill It requires balancing relentlessness and self knowledge - Push through your limits - Force yourself to move fast - Set delusional goals - Stop and recharge **before** burning out

Centralised rails held the door shut while the chains kept running. When the web went dark, “decentralisation” didn’t fail, everything built on top did

Friendly reminder that the balancer hack should never have happened, we have to find out why, and I am not talking about a post-mortem write-up. Nobody takes security seriously and everyone is paying the price.

Centralized "Admin" roles, in Decentralized Finance.

Governments are clamping down on Crypto and now everyone is talking about privacy for BTC, zcash, etc. It is important to remember that Crypto is war-time technology If your code is centralized or upgradeable/malleable you will eventually be arrested or forced to rob your users

Study Futarchy.

We don't need 100 more contest platforms, just the right one (a contest platform made by auditors for auditors) For most of these current companies it's all about extraction.

Cheatcode to Outcompete all current contest platforms 1. How long does it take to Judge a contest ? Can't be arbitrary, people audit for a living (2 weeks max) 2. How long does it take to pay after Judging ? (Immediately is better) 3. Do you treat your researchers like trash

Day 1/180

Tip for hunters who want to do this as a full-time job: 30 minutes of investigating a project before auditing its code can save you from weeks of research, lengthy mediation processes, and lower rewards than promised. For example: If @InterlayHQ's current financial situation

It should be impossible for a protocol like Balancer to be hacked, we need to come up with a comprehensive security framework for protocols securing the heart of DeFi, it might be costly but not nearly as costly as losing money and trust.

Every big hack sets web3 adoption back like 10 years, we need to compel every big protocol in the space to adopt an air-tight security framework. It can't be audits alone, white-hats need to be looking at your code around-the-clock, because black-hats are. We need more auditors.

You just need to open linkedIn, boomers are fascinated with web3 like they just heard of it yesterday, trillions of dollars are coming onchain and you're blackpilling ?