I've been cookin' quietly the past few months. As a security researcher, I kept running into the same thing:.- Solo audits are valuable, but overlooked. - No infrastructure. No visibility. No incentive for anyone to fix it. I think it's time we make solo audits mainstream.

We need more awareness!.

> 20+ legendary SRs are already locked in and fully behind the vision. And I haven’t even made the public announcement yet. This is gonna be huge 🚀🚀.

The Web3 space is evolving!. After multiple years working in both Web2 and Web3 security, I’ve seen too many protocols spend millions securing onchain—while ignoring Web2 infra—and get drained. Now teaming up with the chads @0xaudron & @hunter0x7 at Valkyri to offer full-stack.

Some things in Web3 security should just exist. - Not because they’re lucrative,.- but because the whole ecosystem is better when they do. This one’s a public good. Every solo auditor will want it. ⏳ 7 days.

e1bdf199d74c0a3ffb23cea42ade3b3a036e7d47.

I might be crazy, but hear me out:. Instead of offering a $2M conditional pot for a very secure codebase, why not run a fixed-pot contest with one intentionally hidden, very hard-to-find bug?. Now top SRs know there’s definitely something to find. EV is real. Everyone tries hard.

Thought some people would disagree with this, guess not xD.

GOING TO WAR !!!

What happened? why are the black hats winning?.

This year, I’ve completed several solo audits for lending protocols. I genuinely believe this audit model is efficient, more focused, and a better option for many teams—but it’s currently not mainstream. Should we change that?.

I’ve seen web2 bug bounty platforms ban security researchers just for sharing personal opinions on X—politics, drama, or critiques of other companies. In web3, we don’t really have that, and I hope it never starts happening here.

The audit competition platform to use AI effectively to detect spam/llm generated reports, is going to have a very strong market advantage.

I have been off X for quite a while, where did all the Audit Contest fkn go?.

Invest in what you know!. I spent 4 years investing in stocks with my best yearly ROI being just 0.3% (-50%, -15%, -3%, 0.3%). Then, I switched to investing in DeFi projects I personally knew and audited. The gains have been life-changing.

his year, I’m committing to attending 4 Web3/Web3 security conferences or events. Any recommendations? 🚀.

End of Dec '24, I speed-ran 4 contests in 5 days. 🏃‍♂️💻. After a year in web3 security, this was my first time trying it. Normally am against speed-running, but I wanted to test myself under pressure and improve efficiency.

RT @GalloDaSballo: What’s an Invariant?.How do you write them?. A collab between @nican0r and @alcueca.

If you could start your auditing journey over from scratch, what would you do differently?.(no bs alllowed).