Alireza Arjmand
@_Allarious
Followers
1K
Following
331
Media
3
Statuses
164
Head of Security Research & LSR @Spearbit @Cantinaxyz | Prev @OpenZeppelin
Canada
Joined September 2021
Weโre putting real engineering time into getting this right. If you want to follow progress or get early access, the waitlist is in the original post.
The AI security tool weโre building surfaced a high-severity vulnerability in Cosmosโ bug bounty, confirmed on HackerOne. Weโre designing it for signal > noise so organizations can prioritize real risk. The waitlist is now open.
0
0
2
Ultimate Security Games - Season 1 gallery is out! Congrats again to team Europe @Zigtur @Montyly @GalloDaSballo and @AliceAndB0b! Shoutout to the legends who brought the heat: Team Americas โ @0xleastwood @_Allarious @0xriptide @jonataspvt Team Asia โ @HickupH @banditx0x
6
11
58
Had an amazing chat with @lista_dao and @HashDit ๐
Building Securely on BNB: Practical Lessons from Hashdit, Lista and Cantina
0
1
7
Very well deserved! Congrats to team Europe!! ๐ I love this community ๐
1
0
17
I'll be competing in this ๐๐ฅ live from Argentina ๐ฆ๐ท
Mark your calendars, November 20th is Season 1 of Ultimate Security Games, live in Argentina. Watch smart contracts get hacked in real time as three teams race to be first to steal the funds. We're grateful to the sponsors who made this happen: @monad
@coinbase
@immunefi
1
0
15
Down for the challenge? Let's work together, anon ๐๐
Weโre hiring ๐ช Cantina is looking for Security Researchers to join our network and work on deeply technical smart contract and protocol audits. The ideal candidate is: โขExperienced in Solidity and EVM vulnerabilities โขCurious, rigorous, and collaborative Link below:
3
0
29
Full report isn't out yet, but it seems like the attacker can replace target address with its own. So check that your computer isn't affected.
0
0
2
Looks like one of the npm package maintainers got compromised, check your projects and stay safe out there!
Npm package maintainer got pwned and now a bunch of packages he maintains (including debug-js) have malware in them. Check your deps immediately: https://t.co/dQ8LmKf0bK
1
1
6
After 2.5 years of auditing at @OpenZeppelin I'll be joining @spearbit starting next week! Really appreciate all the opportunities I got at OZ and looking forward to the future ๐
13
1
151
Check this one out!! Alex drops amazing content again!
Recording of the Workshop on Security Research Tools - Check the chain - Decompile Contracts - Build a Critical POC (Live) Video: https://t.co/mAp6YWTW9n Slides: https://t.co/zw4yEMN5M9
1
1
6
Great write-ups by @patrickd_de! Highly recommended for anyone looking to enhance their knowledge in the field!
I normally find retweeting my own stuff pretty cringe, but it seems like lot's of you haven't seen these yet and I honestly think they're severely underrated :P https://t.co/DjqwwSxaQ7
0
0
4
Going to EthCC this year! Any suggestions on what to check out?
5
0
9
As an auditor, trust yourself and use your unique perspective and find those bugs that only you can find. There is a big bug waiting for you to be found Mr. White Hat. What are you waiting for? ๐
0
0
9
While some people might want to rush into audits, and win small prizes by finding minor bugs, focusing on learning and growing as an auditor has much more return on time investment in the long run.
1
0
7
Wondering how to build confidence? Read audit reports and solve CTF challenges. These exercises help you train your mind to find major bugs in the code. Two CTFs that have prepared me for decentralized audits are Ethernaut & Damn Vulnerable Defi.
1
0
7
So, how should audits be approached? I've always followed this - 'Learn it bottom up, break it top down'. You should understand a project just like a second language, put yourself in the shoes of the developer, and look for cracks in the architecture!
1
0
6
Due to a lack of confidence, many new auditors spend hours identifying gas optimizations and minor bugs. While this can build confidence, there are arguably more effective methods.
1
0
6
There are many tutorials on how to become an auditor, but not as many about auditor's mindset. I personally believe a common mistake many new auditors make is 'Starting Small'. ๐งต๐
6
9
49
I want to thank @code4rena and @sherlockdefi, they taught me almost everything I know about auditing! I have to give up decentralized audits for a while and focus on my tasks at hand, wish all the best to whoever chooses to participate in them.
1
0
25
I really wanted to work with an experienced team, I already did a couple audits on my own, but it gets lonely ๐
I also wanted to learn those unique skills that can only be acquired while you are working with a team of talented people, which I do think OZ has many.
1
0
12