0xSlowbug 🥷
@0xSlowbug
Followers
610
Following
4K
Media
47
Statuses
2K
Finding vulnerabilities before attackers do | Smart Contract Security Researcher | @QuillAudits_AI | Solidity | Move
Atlanta, GA
Joined October 2024
Been having a lot of questions about road map and how to learn web3 security. On this thread I’ll be sharing every resource I have used. I’ll simplify it so you’d work with it in steps. Follow the roadmap sequentially don’t skip any course! #1
15
24
142
What’s happening with contests this December? Last year was obviously way better. Private audit bull market? Contest bear market? AI Audit bull market? Hacks bull market?
0
1
8
Hey you Yes you Take one weekend away and study those bookmarked posts. Those tips Those findings Hack explainers Don’t stop at bookmarking Start learning
5
1
41
Doing this audit and it’s crazy how I’m still learning simple things. Like wrapping a -ve integer to a Uint is completely different from wrapping a +ve integer. First time I’m encountering this.
1
0
7
The more I dig into the rabbit hole of web3 security The more I know that I know little The more I want to know And the cycle continues Where does it end?
0
0
3
Great breakdown Just thinking there could be a lot of exploits that a few parts were misunderstood. Time to get to work on AMM’s back.
yETH Exploit Deep Dive After spending some time exploring the recent yETH exploit, I quickly realized that it's easily one of the most sophisticated attacks I've ever seen. In fact, it was so complicated that every writeup I read misunderstood at least some part of the attack.
0
0
5
What I will do next - Study common bugs in SUI - Read some audit reports - Run some shadow audits - Start bounties on @HackenProof
2
0
3
Almost done with this section of learning move. So far I’ve studied: - Basics - Coin standard - NFT standard - Data structures - Libraries Currently learning about unit testing
4
0
17
1/ Introducing The Mentorship Series https://t.co/EavHXaNBXT I’m personally mentoring a small, hand-picked group of auditors in 2026. 1st announced tmr. 3 months of 1-on-1 mentoring with me each. Targets: 0 → 4 figures 4 → 5 figures Step 1: Like and repost this post.
57
191
447
The space will be different in a few months to years from now Be like water Flow with the wave Don’t get left behind
New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark:
4
0
9
Another Balloon Day on Twitter Spent my early morning chasing a false positive.
10
0
29
Need to pull a miracle to achieve any of my goals for the year haha What was your goal for the year? How’s it going so far?
1
0
2
Balancer's $125M Attack Was in the Decimals. The recent Balancer exploit reveals a terrifying new class of vulnerability. The attacker exploited a subtle rounding inconsistency in the protocol's core math, artificially deflating the pool's value through precision-engineered
2
3
12
⏰ Finally the moment is here We're going live with "Intent vs Outcome: The Future of DeFAI Copilots" in just a few minutes! We’ll be talking about Mandates, x402, the verification tax, what breaks and what actually survives. Featuring @Wach_AI & @HeyElsaAI Hop into the
Cloudflare rugged half the internet yesterday. But we don’t miss deadlines. Intent vs. Outcome – The Future of DeFAI Copilots Round 2. Today. 19th Nov | 2PM UTC Mandates vs natural language. x402 payouts vs verification tax. No slides, No trust-me-bro🫵
14
8
37
The greatest math in history is compound interest. Teaches you that little effort daily compounds overtime
3
1
19
Buenos Aires, we're coming. 🇦🇷 QuillAudits is heading to @EFDevcon (Nov 11-23) — Ethereum's first World's Fair with 75+ projects, 40+ events, and 15K builders converging on one city. At @summit_defi, @turvec_dev will be presenting a 3-layer security framework for DeFAI: →
0
4
23
Remember this? I came back to quote with a confirmed tag. First of many confirmed bounties on @immunefi. Will fully switch next year to bounties hopefully Uhmmm qualified for $IMU airdrop @immunefi?
Alright @immunefi I just sent a mail. First Bug Bounty report on immunefi. JSYK I don’t take invalid/insight as an answer. Hopefully I’ll return to quote this post with a confirmed tag.
15
1
80
Unpopular opinion: I think I became a better developer by being an auditor
14
1
65