Security is a top priority for every #web3 project. While much is written about vulnerabilities, less focus is on practical steps for a secure lifecycle. Check out my guide, "The Complete Guide to Securing Smart Contracts," from design to deployment.

Going to extend it soon to cover web2 subjects and ops security and many more, stay tuned!.

What do you want to know?.

8+ years in web3 have taught me many lessons. This is the first in a series I’ll share—covering building, investing, and maintaining long-term perspective in this space. In the early days, the focus was on ideals. Decentralization and immutability were considered essential.

Hey frens 👋 My smart contract security guide just got a glow-up — it’s now a GitBook 😎.

Updated guide on securing Web3 protocols! 📖 New section on contract deployment verification. Fresh from aiding a project’s launch (~$1B TVL in 2 weeks) Check it out:

eth pumps = many opportunistic people enter the scene = rush to deploy quick = more money is being stolen. been through these cycles. .

Projects need to always review code fixes suggested by external people. I can imagine a scenario where a malicious bounty hunter catches a low/medium and proposes a fix that might cause a critical issue that later will be exploited.

Plant what you need.and water that seed.and then you gon' eat when it's time to.

Was reading about Monad parallel execution. It’s like an RDBMS for blockchain—optimistic txs run concurrently with dependency tracking to keep things ACID-compliant. txs run on separate cores if they don’t touch the same state. Conflicts? Just re-run the clashing ones.

It is always darkest before the pump.

it's time for web3 protocols to hire in-house security teams, or at least a head of security/ web3 CISO or at least a killer vCISO (virtual CISO). I'm working on formalizing what are all the tasks such role should have. stay tuned.

@iakshatmittal is a great advocate of on-chain deployment scripts, I had the amazing opportunity to work with him to secure @reserveprotocol in the past.

So much noise in this industry, just build.

The actual vulnerability is not described well. I guess it is due to a non atomic initialization created because off chain deployment (foundry for instance) is done in more than a single transaction. that's why I'm a fan of on-chain deployment scripts (although not perfect) and.

Wow, that's big! was a great time helping securing your code, and looking forward for the next time 🫡.

RT @cantinaxyz: This review was conducted by @0xhyh, @0xOptimum, rvierdiiev, and @slowfinanc3. Issue classification risk is as follows:. •….

RT @0xOptimum: orderBook.executeIncreaseOrder() called the fallback function of the exploiter contract that then called back the reward rou….

Cross contract reentrancies are the nastiest, hardest to find, usually caused by poor contract design and can't be stopped by a simple reentrancy guards.

The DAO hack struck June 17, 2016, stealing 3.6M ETH via reentrancy. 😱 9+ years later, reentrancy bugs still haunt DeFi! .As a security auditor, I’ve found 30+ such vulns but clearly audits are not enough.