1 Hour with @PatrickAlphaC where I cover: 1⃣ how I break down stateful fuzz testing by invariant types and contract lifecycle 2⃣ my favorite general heuristics which I use to find all sorts of bugs in many different codebases 3⃣ mindset and ultimate recipe for success Link👇

Useful heuristic for your AI Auditors: 1⃣ `payable` function receives ETH into contract 2⃣ check which uses `address(this).balance` without subtracting `msg.value` - check can be in modifier, function body or in child function 3⃣ subsequent `call` to external contract sending

Read the full report: https://t.co/0H4gFf2MjL Formal Verification report coming soon by @alexzoid

Shout out @0xRajkumar @jesjupyter @ctrusonchain @alexzoid AMAZING work on Solana DEX / Perps audit finding: * 20 High * 37 Med * 18 Low Large ambitious protocol with DEX/CLOB/Perps/DAO functionality, lots of attack surface very fun audit! @Cyfrin expanding Solana audits🚀

Explore how @Inference_Labs leverages Arweave to tackle AI trust challenges and the future of decentralized AI.

At lunch today with group of 🇰🇷 k-mums one asked what I do for fun, since I don't have hobbies like normal people. I thought then answered "Success". My fun is to set goals, work hard to achieve them then set new goals, rinse & repeat. What do you do for fun?

The biggest talent shortage in web3sec is killer sales & business development.

When your AI reports fee-on-transfer, use SafeERC20 etc, report only one finding for each of these then within that finding list all affected lines. Reporting every affected line as its own finding inflates your stats and wastes tons of valuable human time.

Please continue to pray for the protection of Israel and her people. 🙏

Epic December layoffs by all big tech giants & among numerous web3 protocols & firms too. Want to be safe or even get promoted? Prioritize directly contributing to growth, revenue & profit - be seen as a growth-maxing, money-making machine 💰

You're a professional smart contract dev or auditor making $100K+ p/y & you have chiselled abs with v-line, the body of a Greek God? Please be honest and if yes, please reply with your workout and diet program.

I’m looking to train a new invariants engineer If we worked together already in some capacity and you want to take the leap DM Small base salary + bonus for engagements and bounties

This is why we often recommend defensive measures in our private audits. The best defensive measures remove cards from the attacker's playbook without impacting normal users.

Today we announced our $15M Series A, led by @Accel, and launched Prism — agentic reporting that can explain your finances. Prism gives you answers you can follow: what changed, why it changed, and the transactions behind it. It’s reporting that shows its reasoning.

Useful heuristic from recent Balancer hack: * function X has one rounding direction * X is called by multiple parent functions * is X's rounding direction correct for all parent callers? Easy, effective & perfect for AIs to automatically identify incorrect rounding.

Recent private audit client was thinking about launching fast after an audit by another firm produced only 1 Crit. But they postponed the launch after our on-going audit produced 6 Highs and counting! The last audit before mainnet should feel like it wasn't worth it.

Wake up: Easy money in Web3 security is gone. If you don’t feel the shift, you’re already behind. The game now belongs to people who deliver real value, not hype. Adapt fast and raise your output. Natural selection is kicking in and only the best will stay.🔄

Many recent complaints by high-profile SRs about unfairness of existing bug bounty models; the space full of copycats seems ripe for disruption. Perhaps 2026 will be the year a new innovative fairer model appears with improved game theory to disrupt existing incumbents? 👀

Onchain Options Trading https://t.co/tSBmLmhcp4 via @YouTube

Our pond has frozen now, winter is really here 🇰🇷

1/ Citadel got DeFi wrong. Today, DEF, @a16z, @DigitalChamber, @orca_so, @theblockprof, & @UniswapFND wrote to @SECGov in response to @citsecurities' letter misrepresenting how DeFi technology works. Why this group? Citadel blatantly miscited us, and we feel obligated to

Major competitive advantage: behaving professionally with clients especially during disagreements - which should always be kept private, never aired publicly on X. We are always on the same team with our clients, their partners working together towards win-win outcomes.

Beautiful view of the garden from my office, Winter in South Korea 🇰🇷 Very quiet and peaceful here far away from Seoul; great environment to work hard, raise children, have a great life🫰

@windhustler $200K is "Low Reward"? 😅 Relative to TVL maybe, but $200K is a lot of money to many people! The fact that auditors can work-from-home in their own time, find a cool bug and get paid $200K is a huge blessing and opportunity.

New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing, AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark:

South Italian San Pietro Coffee beans have arrived on US ground.