I managed to secure #1 place in this contest. Thank you for the opportunity given by @code4rena and @nudgexyz Many to comes in the future 🫡

Just updated my github page and I realize something, I need to work harder and more diligently to increase my achievements as an SR

The protocol @Balancer appears to have been exploited — about $70.6M in assets was transferred out, including: 6,587 $WETH($24.46 M) 6,851 $osETH($26.86 M) 4,260 $wstETH(~$19.27 M) https://t.co/oH4OuWSSbR

Even though the results are not very satisfying and there is still a lot to learn, this is my first Vyper contest and I am quite proud 😅 Only in web3 sec world, you can learn and earn money while in the learning process. Thanks to @sherlockdefi and @yieldbasis for the

🚨NPM packages are compromised with malware Your dependencies could be infected right now without you knowing it. Check and scan your repo against 8200+ vulnerable dependencies containing malware from the recent and prior hacks. Scan your project repo in ~3 seconds :

Explanation of the current npm hack In any website that uses this hacked dependency, it gives a chance to the hacker to inject malicious code, so for example when you click a "swap" button on a website, the code might replace the tx sent to your wallet with a tx sending money to

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works

https://t.co/TbUHEFKE3L

avoid using yarn or npm for the next few hours!!!

someone deployed a malware extension for @cursor_ai but seems he forgot to delete promotional messages and the clear-text payload lol extra loot: download booster script

while you busy deciding whether do audit with us or not, we still cooking non stop on public competitions! congrats @0xdemonnn taking 2nd place in Allbridge Core Yield our DM are open if you need to book an audit 🫡

Thanks for the opportunity @sherlockdefi and @Allbridge_io

Filling the afternoon with testing codebases while listening @bountyhunt3rz So much alpha about web3sec and life too from @0xFlint_ https://t.co/bvjgKwa0hM

congrats bro's, Kasturi aim higher @0xfrsmln @boserba77

🤝

Imagine a world where saying researchers should not be abused is a controversial take.. That's what happens when a firm with unlimited cash shows up and buys its way into market dominance. Dumping on researchers with extractive policies simply becomes the new Nash equilibrium

Hot takes that I think shouldn’t be hot, and should be “the default” 1. The contest platform is ultimately responsible for the payout. It is the contest platform that promises payout, so if a platform doesn’t pay out, no matter the drama, it is the platform’s fault. 2. The

Respect 🫡

https://t.co/hzucLYklBp

What a big move 🔥