Arrived in Buenos Aires! Me: - prev Google SWE - Blockchain Security Researcher - Socially adept - 1x Kenyan jail survivor - All around good dude - Open to work! If you’re interesting and/or building something interesting, let’s meet up! DMs are open.

Best party favor I’ve ever received — thanks @OpenZeppelin ! #devconnect

The countries with the most crypto adoption adjusted by population:

Learning a lot every time Need to spend longer in the codebase/take a 2nd and 3rd pass — missed some easy ones here Going to the jungle for the next month to get some extra focus 🇨🇷 Next goal: 4-figure payout @mellowprotocol @sherlockdefi #believeinsomETHing

10th in @symbioticfi contest. It’s good but not good enough. Gonna start trying soon.

Idk yet if I’ll make my career as a smart contract auditor However, this path offers the best technical foundation you can build in Web3, and I need to keep getting better at it Maybe some interesting opportunities will pop up at the Argentina World’s Fair HMU if you’re going

This is a simpler excerpt from my "Vulnepaedia". In it, I summarize all my missed bugs in contests. Paragraph 1: What was the issue? Paragraph 2: Why did I miss it? Paragraph 3: How will I find similar ones next time? It's amazing how much this exercise will teach you.

🏆 @debankdefi Audit Contest Results 🏆 Congrats to: 1. @ObsidianAudits - $15,957 🥇 2. @4mj3x - $1,016 🥈 3. @__katz__ - $695 🥉 $30,000 rewards ➡️ $15.8M+ paid out in rewards.

💭’s on impending ETH craze, courtesy @ethereumJoseph: 1. ETH has come a long way in throughput/composability, BUT 2. There’s a shortage of smart developers, can’t onboard talent quickly bc it’s too complex. 3. Still not secure — large hacks will be a consistent headwind.

Great feeling to be rewarded as a security researcher for the first time after finding both of the high severity issues in @Superfluid_HQ’s new locker system contest on @sherlockdefi. This was after ~2.5 months of learning and it’s only up from here!

@Superfluid_HQ @0xSimao @newspacexyz 🏆 @Superfluid_HQ Audit Contest Results 🏆 4. 0rpse - $752 4. @zxriptor - $752 5. @hopeman1102 - $578 6. Artur - $451 6. @algizsec - $451 7. @__katz__ - $451 7. @roy_ay0 - $451

Just provided liquidity to 2 protocols.

@summit_defi @EFDevcon

How could I miss the WORLD’S FAIR?

📈[GOING FORWARD] Now I know that the VanillaRegistry is quite primitive and can be used to exploit other validators. Whenever I see its usage in the future, or any validators for that matter, I will put the code under the microscope to see if ownership can be manipulated.

🚨[WHY I MISSED IT] I knew nothing about validators. If this post makes 0 sense to you, I felt the same way when first reading the bug report and had to educate myself on what off-chain validators are and how they work.

🪲[THE BUG] Off-chain validators' rewards can be front-run by spoofing a receiver in the VanillaRegistry. Pubkey is checked in VanillaRegistry before EigenLayer. If a validator is only in EigenLayer, attacker can redirect rewards by front-running and staking in VanillaRegistry.

🧵I missed a high-severity bug in a recent contest. In brief, here's the bug, how I missed it, and how I'll spot it in the future: https://t.co/yC5zGi3FfY

~7 weeks of learning smart contract security full time. Did a simulated audit on a previous contest repo. Thrilled to learn that some of my findings would have earned real money! Now I'll begin participating in the upcoming contests. report: https://t.co/2j3oohsXJI

POV: web3 security researcher trying to think of a Critical severity vulnerability in a Solidity smart contract