pessimist
@0xpessimist
Followers
2K
Following
4K
Media
70
Statuses
489
21 y/o Blockchain Security Researcher. SR @Hashlock_, Proud member of @0xDup1337, Contributing @_pioneerlabs
Joined May 2023
Completely independent from Yearn, A 200k max bounty is honestly okay; imo the real issue is that situations like below discourage security researchers from doing bug bounties. These people are skilled, and they can earn money by auditing, working as developers, or in many other
sad to see this happen to yearn but here we go again what incentive is there for anyone to hunt on this low reward, old bug bounty?
2
1
18
Contracts are just blueprints. Onchain state is everything. A small experience made me feel useful today. Last month I reviewed an OG contract, and something felt off even though it was presented as a feature. I can’t disclose the details because there are many forks, and not
4
1
62
Gotta make the SLAs mean something or bounty hunting will always be too risky of a career for top talent. I've heard nearly nothing back regarding these reports. One has already been fixed.
12
7
102
Things are doing good 🧙♂️ Nuked the prev account right after the first AB test on the latest polemical feature here --- If you're wondering if this account is legit, you're doing good! We don't know! lol I added a comment on my Imm profile bio if you'd like to cross check, or
9
2
73
@MitchellAmador accurately sums up the frustration that whitehats are feeling at the lack of respect and courtesy for the service they are providing. https://t.co/0VEifbcnxZ
@summit_defi
4
5
42
I just realized that the Ethereum Bug Bounty program uses Google Forms for submissions BUT if you want to disclose via email, they want you to use PGP. Why was Google Forms even an option?
0
0
8
2022 leaderboard is wild. What caught my attention is that there isn't even a single name in common with the 2025 top 10.
@chrisdior777 Looking at ImmuneFi 2025 leaderboard only top 8 earned $200k+ from bug bounties. Most auditors would be better off getting a tier 1 firm job focusing on private audits; they'd have much better quality of life with much less stress & good pay.
4
2
52
Sometimes you think you've caught a big fish, turns out you just didn't notice the fixed branch.
2
0
23
8
2
134
The OG Code4rena we loved isn’t the same anymore. Standing with @0xitsgreg and @0xriptide, we’ve won together before and still do. The quoted tweet says it all.
The sponsor had clearly confirmed both issues, one of them as HIGH. And the judge, who by rules has the last word, CONFIRMED them both as well (pic) So why @code4rena @gf_256 did you suddenly downgrade them unilaterally without any explanation at all? It was not the judge, nor
0
1
20
I am not launching an AI auditing agent this week. You heard it here first.
5
2
34
> Bad auditors over-rely on LLMs to find bugs > Zellic builds an LLM because bad auditors miss obvious bugs > Basically an LLM trying to fix other LLMs' mistakes > LLM finally shills the LLM-built + LLM-audited product on social media How does it feel, anon?
Bad auditors miss obvious bugs. We built an AI tool that finds them. Introducing V12: the only autonomous Solidity auditor that actually finds Highs and Criticals. We'll be releasing it for free. V12 finds Crits in Zellic audits, High/Mediums in Cantina, and a bug in Pendle.
4
1
40
Every time I read a new Asymmetric Research blog post, I’m amazed at how simple yet incredibly effective the vulnerability is, and it hypes me up to go bug hunting.
New post: @RelayProtocol’s contracts trusted Ed25519 verification without validating offsets, opening the door to forged allocator signatures and potential double-spends. @_fel1x details the bug, the risks it posed to cross-chain liquidity, and how the issue was addressed.
0
0
16
Update your google chromes, chromium based browsers CVE-2025-10585 - An attacker using type confusion can RCE into your machine
3
3
25
Excited to share that I'm now part of @Hashlock_! I'll be spending more time on audits, so I might slow down a bit on bug bounties. Reaching my Immunefi All-Star goal could take a little longer - or maybe not. I'm still digging into a potential big finding. If it turns out to be
11
3
71
By popular SR demand, we've created a new 'Paid Recently' bug bounty program filter. You can now view just the programs that have recently paid out in size. Happy hunting.
2
9
75