⚡️
@ZealynxSecurity
⚡️
Official Presentation of our new company together with
@Seecoalba
Our plan is to be all over Web3 in the coming months with:
🔹 Web3 Security Reviews with Fuzzing and Formal Verification
🔹 Smart Contract Development
🔹 Free Educational Content
🔹…
We're excited to share our partnership with not only amazing Security Researchers but also incredibly kind people at
@ShieldifySec
.
We have already performed Fuzzing and Formal Verification Services for two of their clients.
And many more to come soon...
Ready to learn Rust?
I have prepared the most comprehensive guide to building an NFT with Rust.
After watching this guide you will be able to understand every single line of the Smart Contract.
This can be the beginning of your Crypto project, or it can get you started to…
How can I learn about Smart Contract Auditing from zero?
I have started a series of articles where I will publish ordered material (a roadmap) every week for anyone who wants to become a smart contract auditor and needs guidance on what to tackle next.
Who wants to see it?
Today is a turning point. I no longer have a 9 to 5 job!!
It’s Web3 full-time now🔥🔥🔥🔥
It’s scary but extremely exciting. I finally have a chance to give it my full attention.
After a year being only able to spend 2-4 hours daily on this I managed to
⭐️ Grow my brand with…
MY NEW WEB3 SECURITY YOUTUBE CHANNEL
🥳🥳🥳🥳✨✨✨✨
I've finally taken the step.
This is very new for me and it was stressful to finally start it.
But here it is and it starts with a session of Smart Contract Shadow Audit of a
@code4rena
contest.
If one of your goals is to start auditing Smart Contracts and you are planning to start with
@code4rena
, this is for you.
Your report might not get accepted!
It is important to understand how to write your Gas Optimization report.
Let's go through the main points to consider🧵
Web3 Security Roadmap 2023⚡️🚀
Become a Smart Contract auditor with this FREE content
This is a roadmap based on my personal path and improved by my experience. So that you can get to learn faster than I did.
Ready to learn from the best in the web3 community? 🧵 👇
LEARN RUST for Smart Contracts 🦀
Recently, I discovered that the demand for Rust smart contract developers and auditors is much higher than I expected, and since learning Rust has been rounding my mind for a while I decided it’s time to start.
The approach I chose to learn…
I must say it’s pretty exciting to learn Rust by grabbing a Solidity Smart Contract and start converting it.
I have to do a tone of research in what is the equivalent between them and how to properly write it in Rust.
The good thing is that I’m writing down every single thing…
Roadmap to become a Smart Contract auditor is now on my YouTube channel
If you're just starting and want to follow a step-by-step guide to gain the right context of Blockchain and Web3
This is for you!!!
👉Link to channel on my profile bio 🔗
I'm feeling kind of overwhelmed.
I am currently:
- studying web3 sec
- auditing
- writing articles
- being active on Twitter
- and meanwhile handling my full-time job
And I actually feel I'm not being really productive at any of those.
I'm truly doing many things anyways,…
If you love Fuzzing with Foundry
you should check how powerful is the Fuzzer with Echidna in Assertion Mode.
In the second chapter of my Echidna tutorial on my YT channel, I am going through a few different ways you can execute Echidna in assertion mode to test your Smart…
Are you learning how the EVM works?
What if I tell you that learning about it can get you some $ by reporting some gas optimization issues?
Check out these tips to save gas in your smart contracts and learn something new about how EVM works.
My Book collection for the next few months:
- AMM maths
- Advanced DeFi
- Cryptography
- Rust Hacking/Security
What are you currently reading or planning to read?
Shadow Auditing is one of the most convenient ways to improve your auditing skills. Why?
- You're actually auditing a codebase
- You're studying past contest reports
Now...
Would you like to study with me?
I decided to record myself and start a series of videos
Interested?
Become a Smart Contract Auditor. ⭐️ ⭐️
Where to start?
Here is the material for your second week toward learning to hack Smart Contracts.
Learn about Blockchain, DeFi, EVM and Solidity
"How can I learn about Smart Contract Auditing from zero? Week 2"
I learned yesterday something not too pleasant about Solana.
I was trying to help a friend of mine find the code of the Solana program deployed for his dApp.
At first, I thought that since in Etherscan you can always search for the contract's address and usually get to see the…
I'm proud to announce the launch of The Blockchainer Hub
Besides enhancing Web3 Security by auditing smart contracts
and Mastering DeFi by writing articles
my goal is to build on-chain and this site is a step closer to that
Here's what you'll find 🧵
Are you willing to learn Rust?
but, finding it complicated to understand its syntax?
In my next article & video, I will explain every part of every expression, while building an ERC-721, so that you gain confidence in recognizing what lines like this one are about.
`from !=…
8 articles explaining DeFi protocols from their Smart Contracts...
And I wrote them in not more than 2 months
This is a work in progress of The Blockchainer Hub website.
Any suggestion to increase this list?
🦄
I am creating TheBlockChainer hub website 💻
where I’m going to organize per topic all my articles. So far I’m splitting in:
🔹My journey
🔹Smart Contracts
🔹DeFi Protocols
🔹Web3 Security
🔹Roadmap
This will make it more visible and accessible for everyone to read what…
I’m getting a car from my earnings on Web3 Security. Don’t miss this advice and you will as well.
A few months back I wrote an article about the stage I found myself in and the current Web3 Security income sources I had.
The goal was to speak about the importance of grinding in…
Learn how to test Smart Contracts with Echidna 🟢
New Video on my YT channel 🔴
I've decided to continue with my commitment to sharing my learnings.
So, I've started a series of videos to show how to use Echidna. My idea is to create short videos with specific features of the…
a RED FLAG 🟥 while auditing a smart contract would be when...
you know the code is using an Oracle to get a token's price
Why?
It can be exploited and cause a DoS attack!
Let's continue in the thread, and I'll show you what to keep an eye on and how to avoid it.
I must say it’s pretty exciting to learn Rust by grabbing a Solidity Smart Contract and start converting it.
I have to do a tone of research in what is the equivalent between them and how to properly write it in Rust.
The good thing is that I’m writing down every single thing…
Less than a month ago I went all in on Web3 Security and co-founded
@ZealynxSecurity
While it is still concerning to not have fixed salary I can’t really complain of our first month payout.
The potential of opportunities in Web3 is immense and I hope we get to do much better.…
How long did it take me to start making money in Web3 Security?
When you’re dedicated fully to learning something new for a professional career change, the money factor is often important.
So, I would like to share my experience on how long it’s taken me to start making money…
1/7 - Do you know how the UniswapV2Route smart contract works?
Let's dive into its function `addLiquidity()`!
Understanding how to add liquidity to a UniswapV2 pair can be quite complex.
I'm here to make it easier for you
Time to learn about
@Uniswap
DeFi protocol.
Let's go
Is anyone interested in learning how to implement an NFT in Rust?
I'm preparing an article, which will later become a YT video on my channel explaining every line from an ERC-721 built with ink!
Would you like to be able to create one yourself or understand it properly to start…
I've just finished my first Solo Private Audit
I've raised 4 Highs, 2 Mediums, and 3 Lows
I feel satisfied but have some tiny bitter-sweet feelings
I am under the impression that with more time I could have found more.
Do you think audits should not be time-based?
Sunday morning: 🌅
- Woke up
- Sat on bed with my phone
- Opened the Github’s repo we’re auditing for a quick check
- 30 minutes later, 2 High Vulnerabilities detected
- Sent to my mate to run the PoC on the laptop and confirm
- Vulnerabilities valid 🙌🏻
- Let’s start the day🫡
Who needs help creating PoCs to confirm their Audit finding?
If you've got a High Vulnerability and you can't figure out the PoC implementation
DM me!
We will prove it right/wrong
with Invariant tests with Echidna/Medusa/Foundry
with Formal Verification with Halmos/Kontrol
🟧 Foundry Fuzz test challenge for beginners 🟧
Do you know why this foundry fuzz test works even if no one has funded the account that transfers ether?
why does 'SafeTest' contract have a non-zero balance at the very start of testWithdraw()??
Shouldn't it be using "vm deal"…
There we go!
My first audit results from
@code4rena
are out!
My QA report and low severity issues seemed to be successful! ✌️
From here, it can only get better!
It is common to learn about existing DeFi protocols while auditing smart contracts of new ones.
Now, if you understand the main existing ones prior to audit new protocols, you'll save time.
"Aave-V3 — DeFi Protocol’s code explained. Part 1— Pool.sol"
Follow these steps to earn $2 Million from a Security Review on Solana!
1. Find a Loss of Funds vulnerability on the Solana Labs Validator Client
2. Report it to
@solana
3. No need to provide a mitigation
🫡
Do you know how UniswapV2Route smart contract handles the swaps of tokens? 👀👀
Once I analyzed the code myself, I honestly understood the process in a much clearer way.
I would like you to learn this as well
Let's dive into its function swapExactTokensForTokens()
Ready?
Are you wondering if it is worth starting a career in Web3 Security?
It's a tough way to master it, but is it worth it?
Let me tell you how long it took me to start making money since I got into Blockchain and Smart Contracts.
Smart Contract Hacking course Part 1 from
@RealJohnnyTime
finished: Was it worth to pay for it? Did I learn much?
Since I started it, many things have changed in my feeling and involvement with Web3 security and auditing
What I think of the course in the thread 🧵👇
⚠️ | High severity Web3 exploit | ⚠️
ERC20 allows the sender to increase its balance
Checkout:
- how to find this issue in the smart contract
- how to report it to
@code4rena
- how to mitigate it and protect the DeFi Protocol
It is here 🔥🔥🔥🔥
Uniswap V2 — Complete Guide to understand the DeFi Protocol from its code
You will find:
- Theory to understand main concepts
- Uniswap Router and Factory contracts explained step by step through the code
- Examples
- A challenge
Ready to learn Foundry once and for all!?
It’s time to start increasing our chances of finding H/M severity issues in the next Web3 audit.
We heard about Ripped Jesus from
@PatrickAlphaC
But now it's time to get real and tackle it with this guide.
🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
Is anyone performing private audits interested in providing long-term security to their clients by offering a complete testing campaign??
Or any developer who wants to make sure their project is free of bugs and safer from exploits?…
I need to take a step back.
Now I know what my next steps are and what I should be focusing on.
🔶 Studying. In order to keep learning and filling the gaps I have in my auditing skills, I need to consume much more content from my go-to people. Do you want to know who they are?…
I am super proud and happy that my articles are interesting and helpful for many people.
I'm one of the top 5 writers out of 5.9K about blockchain development.
And my article explaining
@gravitaprotocol
for
@HatsFinance
bug bounty is Trending in fourth place
Why should you read my next article about
@Spiral_DAO
? 🤯 🤯 🤯
If you are an auditor, you might want to stay ahead of the rest before the next public contest on
@immunefi
and
@HatsFinance
. Read it now and save it.
If you're a dev, before/while creating your DAO, make sure you…
Understanding the UniswapV2 protocol is crucial
Here is the Master Thread where you can finally understand the UniswapV2Route Smart Contract
And start applying this knowledge the next time you audit a DEX DeFi protocols.
- addLiquidity()
- removeLiquidity()
- swap()
1/9:🔒✨Attention auditors! Don't overlook this crucial step in upgradable contracts. Discover why reviewing constructors and initialize functions is crucial
You can use your Solidity contracts with OpenZeppelin Upgrades without modifications...
Wait, without any modification?
1/7 Did you know that Aave DeFi Protocol is one of the most forked Lending & Borrowing protocols?
I'm going to summarize some of its main points you should know before analyzing its smart contracts in the following thread.
Let's take a look at it together 🧵
1/ 🧵 What is zkEVM?
Let's dive into this exciting technology that combines zero-knowledge proofs with Ethereum Virtual Machine (EVM) to enhance privacy and scalability. 🔒🚀
In which lesson of the Formal Verification course from
@CyfrinUpdraft
course are you so far?
It's exciting to keep learning with
@PatrickAlphaC
After finishing this course, I'll be closer to start offering Formal Verification services with Certora as well
Halmos + Certora🔥
Ready to finally understand properly Invariant Testing?
🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢🟢
No more simple theory with simple examples, this time I wanted to learn for real. And I did!
Now, it's your chance!!
In my latest YT video, I'm showing you how to define invariants for…
If you're interested in learning Fuzzing to help you create those PoCs you've been crabbing for
Then, you might be interested in what's coming
Be among the first to stay up-to-date with the latest alpha from
@agfviggiano
on
@fuzzy_fyi
link to my YT channel on my profile bio
WATCH OUT 😱😱
nonReentrant modifiers might potentially cause a DoS attack.
Check out my latest article
"Uncovering Real-Life Examples of Denial of Service Attacks on Smart Contracts"
Find out about DoS attacks edge cases here 👇
Ready to start getting deeper into Blockchains, Ethereum, and Auditing?
This week's material is covering a series of the fundamental knowledge you should be covering on your path to
Becoming a Smart Contract Auditor. 🔥
Incredible!
I was astonished when I found out which High Severity Vulnerabilities paid best and which paid almost nothing.
@KrisApost1
shared through the whole shadow audit a bunch of insights on what vulnerabilities are more important to spend time investigating.
But then got…
Auditing is one of the most mentally exhausting things I’ve done in my life!
questions, to well stablished auditors.
How many hours per day can you actually spend in an audit?
Does it get less tiring?
How to improve resilience?
@0xOwenThurm
@PatrickAlphaC
@pashovkrum
1/5: It's time to `removeLiquidity` with UniswapV2Route SC
Let's dive into the code and explore the function in Uniswap. 🔄💰
This function allows LP-token holders to burn their tokens and receive a proportional amount of underlying tokens.
Let's break it down!
Shall we?
Are you less than 1 month learning Web3 Security?
Probably, while you keep following what top auditors post on Twitter you can't understand it yet.
Use this post to introduce yourself.
Follow each other! 👈
Start posting your updates and learnings.
Support each other!! 👈
I have never had so much alpha connected to Private Audits in such a short chat!!
Thanks a lot,
@solidityauditor
!!! It's been a pleasure.
If you are interested in getting involved in private audits there is so much you will take from this.
Go to my YT channel (🔗link on my…
Have you just finished a Solidity course and you're wondering what comes next?
Are you interested on learning Web3 Security and improving knowledge on smart contracts and EVM?
I wrote 3 articles about the decision I took and why you should do too.
Planning to switch to Rust from Solidity?
Curious to learn a new Smart Contract language?
I've been working on a short introduction to ink! which is based on Rust
This is your starting point for auditing smart contracts on Polkadot blockchain
and any other Substrate-based…
🚀 On your path to becoming a Smart Contract auditor
make sure you get a broad knowledge of Blockchain and get familiar with DeFi tools and protocols
Soon, I'll release the third part of "Learn about Smart Contract Auditing from zero!"
Here's what to expect.
Thank you
@PatrickAlphaC
and Chandra for this very insightful chat about formal verification and testing smart contracts in general!
I'm very surprised this video has so few views!!!!
It has been very interesting to watch so I totally recommend it!
Before it was mainstream because of the new
@code4rena
contest
was already recommending amazing resources to study ZK-proof material.
Visit its Web3 Security section and check that out, plus any other MUST READ material.
I made it... I found it... I raised it... 🐛 🐞 🐜
There it goes my first High issue raised
Clear as the water!
Might not get much from it, though.
Yet, I'm super proud of myself for my whole report for this audit
Consistency pays off.
Things get clearer over time, right?
goddammit I'm so busy finishing the Fuzzing + Formal Verification Testing campaign for this client
that I can't even tweet to share our recent BIG REWARD of $8.3k in Beanstalk part1 contest from CodeHawks already as
@ZealynxSecurity
company
yes, it's official, Zealynx is ON 🔥
Do you want to get rich with Solo Auditing SC in public contests? Let me tell you a secret!
I have been asked a couple of times what is my goal from all this studying I’m doing on Web3 Security, what keeps me so motivated to spend so much time after work and on weekends?
Have…
Are you interested in PoC templates for your bug bounties?
@immunefi
has provided a repository with templates for:
- Reentancy
- Token Balance Manipulation
- Flash loan
- Price manipulation
It will be useful if you write your tests with Foundry
How to make your life easier while auditing smart contracts with VS Code?
Install Solidity Visual Developer extension!!!
When you audit a smart contract, visualisations can be very useful to understand it in high level. This extension provides a few.
Let's go through them 👇
Very excited and grateful to have 3 more clients at
@ZealynxSecurity
for this and next month.
We will be covering for each of them:
⚪️ Security Audit + Fuzzing + Formal Verification
⚪️ Unit + Fuzz Tests to increase coverage
⚪️ Formal Verification for 3K nSLOC
🎉🎉🎉 1000 followers 🎉🎉🎉
Still trying to figure out how I got to this.
I must thank you for your support because that's what keeps making me constant and showing up every day
The best part of all is that I'm meeting amazing people very often
Thanks again to everyone ♥️
What are you doing to reach your goals on Web3 security?
It's a complicated journey, but I show up every day.
If you want to achieve something, whether in your professional or personal life, it's crucial to set goals and plan ahead.
Why is it important?
Do you want to read all my Medium Articles FOR FREE?
⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️⚪️
I have updated every single article I wrote which was only available for paid subscribers so that you can now read them for free!!!
In each article look for the text on the first line:…
I found out some time ago about Capture the Ether
Seems to be a game in which you
#hack
#Ethereum
smart contracts to learn about security.
So, basically an alternative and/or addition to Ethernaut.
I am wondering why I don't hear much noise about it...
I have just started the course from
@RealJohnnyTime
an I'm not sure if I feel more excited, scared or a combination of both.
I wrote and article, though, about why I have decided to pay for a Smart Contract Hacking course. I hope you find it entertaining
Master your knowledge about Over/Underflow attack vector 🚀 🚀
Explore High and Medium severity issues with tips that help you understand them better.
Practice hacking a smart contract to confirm your learnings!
There it goes, my first
@code4rena
audit report sent!!
I encourage anyone who hasn’t done any yet, to give it a try. The amount of things you get to learn in the meanwhile, is huge!!
Can anyone please tell me how long does the feedback from the reports take to go public?
🔴New Shadow Audit video on my YouTube channel 🔴
It will be released in 2 hours ⏱️
Findings:
8 High
12 Medium
30 Low
in only 4 smart contracts ( 460 SLOC )
Asymmetry DeFi protocol was the first web3 project I have ever reviewed.
Wanna see how many findings I got right?
📽️
We took the first client in the history of PoC-AaS last week
Did he get paid thanks to the PoC we wrote for him? Let's see...
It has been a very interesting and intense few days to help
@97Sabit
create that PoC to prove the high vulnerability that he had found.
And we helped…
Three points need to be made here:
1.- Web3 security community is so far a friendly and hate-free bunch of people learning, doing, and helping each other. Why would you want to alter that by complaining about a fellow peer?
2.- I've read the comments here, and you keep saying,…
Paid courses in smart contract security are really setting a bad precedent for the industry. Ya'll really be selling people on the idea that they can make a lot of money when the reality is that only very few will. Don't be greedy when the field is already so lucrative.
Would you like to know what helped me give a huge step into Web3 Security?
Check it out on the forth part of learning about SC auditing
“Week 4— Blockchain trilemma, Tokens, Mastering Ethereum.”
I am creating TheBlockChainer hub website 💻
where I’m going to organize per topic all my articles. So far I’m splitting in:
🔹My journey
🔹Smart Contracts
🔹DeFi Protocols
🔹Web3 Security
🔹Roadmap
This will make it more visible and accessible for everyone to read what…
I am thrilled to share fascinating news with you! 🥁🥁
I have started collaborating with a company as their Technical Writer for Web3 Security.
@rektoff_xyz
and
@soken_team
have a fantastic team with so much to share.
And I was fortunate to get recommended by
@officer_cia
when…
Would you like to see examples how to use assembly in your smart contracts and at the same time learn some unique Gas optimization tips?
Check this out 👇
"Solidity Gas Optimization tips with assembly you haven’t heard yet!"
I've just realized I have written 38 articles in a bit more than 3 months.
They are all in The Blockchainer Hub!
However, I decided I will be integrating as well other very good resources per topic.
Here is what the Web3 Security section looks like so far...
I've gathered some relevant information about
@juiceboxETH
protocol
which might be useful to get an understanding of what the protocol is about
Also, managed to share, not much, but a bit of information about the smart contract in scope of this audit
Step forward Wardens,
@JuiceboxETH
’s audit has just begun 🤝
$24,500 USDC is up for grabs for auditors who can help secure their platform’s programmable treasury.
Start now:
Are you ready to take Smart Contract Private Audits?
Is it hard to handle?
A few weeks ago, I was given the chance to participate in a private audit together with other people from the Smart Contract Hacking course with
@RealJohnnyTime
It has been quite a priceless…
THIS IS INSANE!!
I've just uncovered 2 and potentially 3 High-risk vulnerabilities in one single function (26 SLOC)
Do you guys usually report this as three separate High-severity issues?
or would you raise one high with the right function implementation?
🔥🔥New DeFi Protocol Explained 🔥🔥
Would you like to be able to report H/M severity issues in your next audits?
For that, you really need to understand the DeFi protocols it's forked from.
Here is a walkthrough of LIQUITY PROTOCOL smart contracts.
A wise man once told me to celebrate every little win
So, I want to do two things here:
1. Celebrate that I have started my second audit in
@code4rena
2. Share the very first steps of a Smart Contract Audit and troubleshoot initial issues
My contest Audit results are 4 Highs, 7 Mediums… do you see this a lot?
How do these people find so many issues in the audit contests?
Do you know what is it that you are not doing to achieve those results?
Are you aware of what you have to focus better next time you audit…
How to start Auditing Smart Contracts with Rust?
If you have also heard of the increased popularity of Rust and you want to be advised on:
🟧 How to start on Web3 Sec with Rust
🟧 Popular chains to start with Rust
🟧 Fuzzing with Rust
🟧 Study past audit reports
and more...…
Should I quit writing articles?
I must say…
that being someone that is trying to learn enough to become a smart contract auditor
and at the same time writing articles sharing my experience and learnings,
slows down a bit my progress.
The problem is…
For those subscribed to my Newsletter, make sure to check your email because it is ready!!
"Aave-V3 — DeFi Protocol’s code explained. Part 1— Pool.sol"
Transfer ERC20 Tokens to YOURSELF and increase your balance!!!
That's one of the High-risk issues I read about in this
@code4rena
's report.
I did an overview of
@KumaProtocol
docs + analysis of their Smart Contracts
so that you can get to study this report with more context
I have amazing news to share! ⭐️⭐️⭐️⭐️
I've got my second promotion in the Smart Contract Hacking course community.
I am the first to become a Course Ambassador!
Following our progress and acknowledging the hard work is another virtue from
@RealJohnnyTime
!
Thank you!