Shieldify Security
@ShieldifySec
Followers
1,944
Following
138
Media
113
Statuses
1,396
Specializes in blockchain security audits. Your security partner, for the long term. Secured multiple millions in TVL across protocols ⛓️
Joined June 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
JIN JIN JIN
• 747052 Tweets
HAPPY 3RD BINIVERSARY
• 223565 Tweets
Ciotti
• 109427 Tweets
#TimnasDay
• 57327 Tweets
#บอลไทย
• 52352 Tweets
うたコン
• 34691 Tweets
刀剣男士
• 33006 Tweets
オリックス
• 28487 Tweets
KIM SEOKJIN IS BACK
• 26425 Tweets
ライエモ
• 23644 Tweets
#お迎え渋谷くん
• 20702 Tweets
#くる恋
• 18845 Tweets
Thom Haye
• 18520 Tweets
NuNew 1st Solo Concert
• 15970 Tweets
ジャクソン
• 13833 Tweets
Schwab
• 13772 Tweets
Verdonk
• 11361 Tweets
ミエセス
• 10234 Tweets
We're honoured to be partnering with
@Agos_Labs
, marking the beginning of an exciting journey for Shieldify in expanding our presence within the Asian Web3 Community 🌎
2
31
126
Another Shieldify Private Pool ⚔️
@ionprotocol
🥷
🗓️May 6th 15:00 UTC - May 19th 15:00 UTC
💰You will be rewarded based on these tiers:
⚠️Not Audited by anyone else
Critical: $2700
High: $2100
Medium: $800
If you are interested in joining, like or drop us a comment below 👇
81
2
101
🔒 Thread: Understanding Account Abstraction (AA) Security Vulnerabilities & Best Practices 🧵👇
2
20
78
We are pleased to be partnering with
@steakhut_fi
to help them secure their liquidity provisioning platform! 🥩
1
9
57
Another Shieldify Private Pool ⚔️
@Possum_Labs
🗓️April 17th 14:00 UTC - April 28th 19:00 UTC
💰You will be rewarded based on these tiers:
High: $2500 (2.5M PSM)
Medium: $1000 (1M PSM)
Low: $150 (150k PSM)
If you are interested in joining, like or drop us a comment below 👇
51
6
63
Independent Smart Contract Security Researchers?
Drop a GM and Connect 👋
Shieldify will need you soon! 🙌
43
5
58
Planning to grind between the holidays? You are our guy! 🫡
We seek auditors to participate in one of our private bug bounty pools with PPV. Lasting from 28.12-02.01.24.
A single contract with 268 nSloc 👀
If interested drop us a comment below and a DM with a short bio. 🎄
38
4
58
Shieldify goes multilingual 🌏
Reach out to us for Solidity, Rust, Cairo and Go-based security audits.
3
14
56
If you could only pick a single online resource to learn Web3 security:
Which one would you pick?
Our choice 👇
6
7
50
Sometimes Web3 auditors claim that our space is saturated, it's hard to win in contests when there are such big names and so on. In the end, they quit.
Right now, there is a great opportunity in front of our eyes — Move. It's a language that is used by dApps on Aptos and Sui.👇
4
7
50
MEV Attack 🍔
- Non-Malicious Attacks:
1. Arbitrage trading
2. Liquidations
3. Malicious Attacks
4. Sandwich swaps
5. Just-in-time liquidity
6. Stealing vault rewards
7. Time Bandit Attack
- Code Examples:
- Mitigation:
- Conclusion:
3
11
52
Want to perfect your Solidity style? Easy.
Read this 👇
Then this 👇
Then this 👇
1
12
51
🧵 Thread: Common Solidity-Based Smart Contract Vulnerabilities 🔓
2
10
47
Alright, guys, it is official - we are thrilled to announce our biggest partnership to date! 🤯
The amazing team behind
@Geode_Finance
has trusted us with adding another layer of security to their protocol!
Report coming out later today👀
4
6
44
Unfortunately, after our yesterday's exploits digest,
@GoGalaGames
has been hacked for $212M, which is several times more than the entire April.
The problem was in inappropriate access control. The Mint function in the Gala Token contract has a Minter Role check and was
3
10
44
Bookmark this tweet. Could you do it now? Thanks. 🙂
4
6
42
Welcome to another Shieldify Private Pool ⚔️
@ionprotocol
🦾
🗓️Feb 28 19:00 UTC - 12 Mar 19:00 UTC
💰You will be rewarded based on these tiers:
Critical: $2700
High: $2100
Medium: $800
If you are interested in joining, drop us a comment below 🫡👇
Details below:
36
5
42
We are thrilled to announce our first audit for
@DarkMythosIOTA
We would like to also extend our gratitude to the latest addition to our auditors' team that played a key role for the audit -
@marcobesier
Read the report here:👇
#IOTA
#Shimmer
#SMR
@iota
4
9
42
Seven months ago a fellowship joined a common cause: To help secure Web3
We are proud to announce Shieldify's 2023 recap!
- Pioneering Bulgarian Web3 Security firm.
- More than 16 successful security audits.
- 45,000+ Lines of code secured.
Building momentum 🧵👇
4
6
40
The announcement is now official!
Shieldify has joined the
@CairoLang
ecosystem.
Teaming up with the Web3 Security OG
@RealJohnnyTime
and his
@ginger_security
, our mission is to enhance the safety of Starknet. 🔐
5
6
39
Ohh, so you're a Web3 Security Researcher?
Name at least 3 EVM Operation Codes 👀
18
2
39
We are thrilled to announce our latest published report for
@steakhut_fi
🙌
The security assessment spanned 16 days,
@steakhut_fi
effective communication and dedication significantly contributed to the working process.
Link:
2
6
38
🗓️ 5 months:
15+ happy clients 😊
20k+ nSLOC reviewed 👀
3
4
38
Inflation attack: from idea to code
- What is a Vault and how does it work?
- Inflation Attack: Theory (Deposit, Withdraw)
- Inflation Attack: Scenario
- Inflation Attack: Code
- Inflation Attack: Mitigations
0
6
36
🛡️ 8 Reasons Why Subscription-based Smart Contract Auditing is Better in the Long Run 🧵
3
4
36
We are happy to announce our partnership with
@DarkMythosIOTA
!
Dark Mythos is Shieldify's first project from the gaming industry and our first audit for the IOTA/Shimmer ecosystem.
#IOTA
#Shimmer
#SMR
#IOTAcommunity
@iota
@shimmernet
3
9
34
In case you've been living under a rock: Mastering Ethereum is freely available on GitHub.
Read it here👇
2
3
35
Thread: Best Practices for Formal Verification of Smart Contracts
2
3
33
Signature Malleability is a well-known but hard-to-understand vulnerability in solidity. But, to talk about it, we need to understand what an elliptic curve is and how it works.
We’d appreciate a repost, spread the knowledge 🫡
Now follow the thread 👇
5
16
35
Pearing with
@pear_protocol
to secure their innovative tokenized trading system that enhances position utility!🫡💥🍐
6
9
34
1/ Signature Malleability is quite a complex Vulnerability, so we created a thread for you to understand it!
Simply put, an attacker can get another user’s signature, copy it and, for example, double-spend the amount, essentially stealing from the protocol.
Follow the thread👇
4
7
33
🙌 It’s official.
The first Shieldify Private Pool will be launched on 28.12. A dozen security researchers will participate.
Good luck everyone! 🍀
1
3
34
@ShieldifySec
is multilingual🌏
Reach out to us for Solidity, Vyper, Rust, Cairo and Go-based security reviews.
Public Portfolio Here:
5
3
32
What Is ERC-404 Token Standard?
What problem does ERC-404 solve?
More info here: 👇
3
13
32
Thank you for the Trust! It was a pleasure working with the Yeet
@eatsleepyeet
team and help the
@berachain
ecosystem 🐻 ⛓️
The audit report will be out soon here: 👇
3
4
32
Another two security reports with serious findings will be uploaded in the coming days. 👀
1
3
31
The 3 most infamous hacks to date are:
• Ronin Network ($624M)
• Poly Network ($611M)
• BNB Bridge ($586M)
Guess what they all had in common: all three have been *unaudited*. 🙄
2
6
31
Recently, the
@eigenlayer
was launched and from the first sight, many can find it hard to understand what EigenLayer does.
Jump into our thread and learn what it does and how it works 👇
1
4
31
Welcome to another Shieldify Private Pool ⚔️
@Possum_Labs
🫡
🗓️Mar 11 14:00 UTC - Mar 24 19:00 UTC
💰You will be rewarded based on these tiers:
High: $2500 (2.5M PSM)
Medium: $1000 (1M PSM)
Low: $150 (150k PSM)
If you are interested in joining, drop us a comment below 🫡
16
2
31
Shieldify Private Pool (SPP) report is live for
@Possum_Labs
- Adapters⚡️
Findings Summary: 👇
Critical and High: 2
Medium: 3
Low: 12
Report Link:
3
4
30
24 security audits done in 5 months, 22+ Solidity ones, one Go and Vyper!
Our mission is over 10 audits per month! 🫡
2
3
30
The vulnerability of usage of the Uniswap slot0 function is widely known, but we still see protocols implement it.
For example, we found such an issue in the recent SteakHut security review.
The slot0 function returns lots of values but we're interested in sqrtPriceX96 👇
3
2
30
Today we've prepared a thread for you about ERC2771, Multicall and Arbitrary Address Spoofing attack.
Appreciate a repost, spread the knowledge 🫡
Let's dive in and learn what it is, how it works and how to mitigate it. 👇
3
3
30
2 books on DeFi everyone and their mother should read.👇
1. DeFi and the Future of Finance
2. How to DeFi: Advanced
No links 🙃
3
4
29
It's important to understand what L2s are and how they work.
Today we created a thread for you explaining the workflow of Optimistic Roll Ups.
We’d appreciate a repost, spread the knowledge 🫡
Let's dive into it👇
3
9
28
Another Code Quiz! 🚨
Today let's look at a simple function to get the signer of the signature from hash, v, r and s values.
What is the vulnerability here and how to fix it?
Look for hint in the comments 👇🫡
6
4
28
Probably the best online resource to learn about the EVM:
0
5
27
Here's a short list of exploits that happened in Web3 this month:
1. OSN lost $109k by incorrect reward distribution.
2. SATURN lost $65k (15 BNB) due to price manipulation.
3. GPU lost $34k with safe transfer.
4. Saturn suffered a loss of $140k due to isufficient validation.
5.
3
4
28
There are two types of security companies in web3:
- Centralised 🏦
- Decentralised 👨👩👧👦
Shieldify opens up a new type. A niche. A blue ocean. 👇
1
4
27
Recently we released the results of our recent ion protocol with only *one* issue found by
@MarioPoneder
The problem was in unsafe casting from int256 to int24 leading to the variable silently truncating and proceeding with incorrect data.
If you want to see the details, check
2
2
27
Smart Contract Audit Approaches: Pros and Cons 📓
- What is a Smart Contract?
- Are smart contracts secure?
- How Are Smart Contracts secured?
- Centralised Smart Contract Audit
- Bug Bounty Smart Contract Audits
- Introducing the Hybrid SC Model
1
2
25
Have you ever taken your interest from deposited funds in advance?
Yeah that's a super cool niche in web3. And we hope that our partners
@Possum_Labs
will dominate it!
@HatsFinance
Audit Competition Soon
Read our security review of their protocol here:
5
4
26
Being creative as a security researcher can often differentiate a mediocre auditor from a good one.
For example, protocols are often protected against slippage. Still, this critical edge case in SteakHut’s code allowed an attacker to front-run deposits by manipulating the fees.
1
4
25
Reentrancy and Denial of Service (DoS) attacks, what are they and example mitigation strategies: 🫡
- Reentrancy attack
- How to mitigate Reentrancy attacks
- Denial of Service Attack
- How to mitigate DoS attacks
- Other common security threats
0
3
26
The Shieldify team completed another DEX Protocol Audit, which was 2500 nSLOC 🫡
The Findings Summary is:
Critical/High: 5
Medium: 13
Low: 11
The audit report is coming soon!
2
1
25
To abstract (away), in computer science, refers to intentionally obscuring the details of how something works to simplify things conceptually.
This is what we strive for at Shieldify - abstracting away the worry of web3 security.
Thanks a ton for the trust,
@AmbireWallet
🙏🚀
3
7
24
____ is a tool every Web3 security researcher should use. 🤔
8
2
25
Extremely thrilled to audit ERC-6492 by
@ivshti
and the
@AmbireWallet
team!
Being one of the key ERCs in the AA space, it proposes an ingenious way to validate a signature of a SCA that’s not deployed yet 🤯
2
5
25
We all know that even if the contract doesn’t have a receive or fallback function, they can still receive tokens if someone uses selfdestruct opcode.
But what happens when there, if a contract Malicious Sender has 10 ether and tries to send it via selfdestruct to the Victim.sol
5
4
25
Automated Market Makers Specifics:
1) Is there a slippage protection?
2) Working for different token types and decimals?
3) Rebasing tokens can break the functionality (consider creating a blacklist).
0
3
25
A new player in the Web3-sec space is up in town. Look out for its audit reports, due to go public soon! ✌️
Psss, the legend says that if you "star" the repo, you will be eligible for some cool Alpha 🕵️♂️
3
4
25
Zero Knowledge becomes more and more popular leading to more auditors getting into it.
If you're one of them, dive into our thread to learn what are zk-SNARKS and upgrade your ZK knowledge level.
Now follow the thread 👇
2
4
25
Web3 Security has significantly evolved in the last years and there are plenty of different types of audits.
If you're building a protocol dive into our thread explaining the pros and cons of them to see what suits your protocol's needs best 👇
3
4
24
The Findings Summary Table For
@Possum_Labs
Smart Contract Security Review 🙌
Found:
• Critical: 1
• Medium: 3
• Low: 4
Link:
3
4
24
🔒Today we’re introducing a new addition to our security review practices as part of our wide-range service offering: Fuzz Testing 🧪
3
2
24
As of today we are officially launching our latest service!
The Protocol Design consultation is targeted at newly-conceived protocols that are yet to assemble their blockchain team.
The consultation consists of two meetings and a research period in-between them.
1/3 🧵👇
5
5
23
Shieldify team completed another audit of ERC-4337, Account Abstraction. Two additional researchers from Shieldify's newly formed fuzzing team conducted Fuzz tests, leveraging Halmos and Echidna ✅
Findings Summary:
Critical/High issues: 2
Medium issues: 3
Low issues: 5
5
6
23
Over the last 7 months, we completed +20 security reviews and provided the same amount of in-depth reports for each individual audit.
These are 20 teams with happy faces, and more than 45,000 lines of code secured. We aim for 100% hard-coded commitment and quality of service.
2
2
24
As a security firm in Web3, our focus is on safeguarding protocols from malicious actors. The industry has quite matured over the last couple of years. The last bull market pushed the space mainstream with millions of new users joining the revolution.
The volume of projects has
6
1
23
📎 When conducting an audit of an Account Abstraction implementation, it is essential to meticulously review the checklist from our friend and external partner
@agfviggiano
and refer to example audits for a comprehensive examination. 👇
0
6
23
Something big is cooking ...
The report for our biggest client to date is due to go public in a week. Make sure you hit that star in the top right corner on Github, you would not want to miss this 🚀
1
7
20
Last month we saw the creation of the new token standard — ERC404!
Now, there are already a couple of tens of ERC404s with a 300M+ market cap, which can be easily applied in RWAs, Gaming, NFT liquidity providing, etc.👇
2
6
22
As a Final Security Layer after 2 OpenZeppelin audits and Hats Finance competition 🛡️
Shieldify Private Pool (SPP) report is live for
@ionprotocol
🫡
Link: 👇
1
2
22
Shieldify is happy to announce partnership with
@HackenProof
! Uniting forces to contribute web3's safety 💪🫡
4
3
21
1/ Questions you should ask yourself while reviewing liquidation functionality:
- If add collateral is paused, can the user get liquidated even if he wants to deposit more?
- Is the eligibility for liquidation calculated consistently everywhere?
1
1
21
Want to support *all* ERC20 tokens in your protocol?
Sorry, but you're asking for trouble.
Here are 10 issues with ERC20s that can ruin your smart contract.👇
2
5
22
Thread: Some breaking changes with Solidity v0.8.0 to be aware of 🧵👇
1
1
22
Super grateful to
@ipor_io
's team for helping us battle-test and enhance the in-house tools that we use as the first step of our 6-layered security methodology that we enforce across all our customers! 🙏
2
3
22
📚In our latest blog post we cover the interesting topic of Solidity Storage Management and security considerations revolving around it.
🤓Give it a read!
0
3
21
We are happy to announce our partnership with
@phi_xyz
!
We would like to thank their team for the given chance to add another layer of security to their amazing project! Congrats on the successful launch, Phi Team! 🚀
Read the audit report here: 👇
2
5
20
What is ERC-404?
Another potential narrative shift that is next on the line.
ERC-404 is an experimental Ethereum token standard that merges the features of ERC-20 and ERC-721. This hybrid standard aims to bring versatility by allowing tokens to represent both fungible and
5
0
21
