432 days ago i've entered Web3 Security. - I had 0 coding experience.- I wasn't math guy.- I wasn't technical nerd. Today, i finally achieve my first contest win. - Never stop believe in yourself.- Never quit.- Grind every single day. - Really love it. It's just a beginning.

Want to dive deep into Web3 Security?. Every week, I share simple security stories you can study. Under 5 minutes to read. Join me here 👇🏻.

Top 6 Questions to better understand EIP712

Want to dive deep into Web3 Security?. Every week, I share simple security tips you can use. Under 5 minutes to read. Join me here 👇🏻.

Top 7 EIP's you need to know in 2025:

Security auditing is about creativity. It isn't straightforward process. Auditors are real magicians. Understanding code can be boring . But finding bugs — Never. > Thinking out of the box.> Brainstorm sessions.> Flash cards.> Stepping outside for a reset.> Hunting bugs in your.

Want to dive deep into Web3 Security?. Every week, I share simple security tips you can use. Under 5 minutes to read. Join me here 👇🏻.

Top-7 Sentences to understand Lending-Borrowing better

Want to dive deep into Web3 Security?. Every week, I share simple security tips you can use. Under 5 minutes to read. Join me here 👇🏻.

Overall, how to spot such bugs?. Firstly, define critical callbacks. Questions like:. > What access control they have?.> Can reach them via "relayer"?. Can help auditors sniff such bugs.

Recent $1M Bug found in a Scroll. Brilliant example of the "Spoofing" vector. It happens due to upgrade. Malicious L2 message created and sent to L1 Gateway. Previosly, it was highly protected. After upgrade = no. Malicious calldata from L2 forced L1 Gateway to initiate a call,

Fake onRevert() call. In case of a cross-chain revert, msg is transmitted back to dApp. And onRevert() interface is executed with custom logic. Issue: Attacker can craft malicious onRevert() and send it directly to dApp. Basically "spoof" the revert call and trigger unintended

Here's the most overlooked pattern in a cross-chain projects. It's called "spoofing attack". Here's how it works 🧵.

Defendor is the best Web3 Security News Channel. Made from heart, for those who value their time. Subscribe below 👇.

How to structure your day as Auditor?. First 4 hours is pure gold. Real work is done here:. • Audit of the complex logic.• Study of novel attack vectors. Tasks, which require sharp concentration. Remaining 3-4 hours depends on audit stage. • Continue exploring the codebase.•.

4 ways I utilise AI as Security Auditor. • Research (Perplexity).• Protocol Analysis (Cursor).• Hack distillation (ChatGPT).• Integration's audit (Github copilot).

Golden rule of Security Audit. Personal obervations:. Once I feel drained.Once I think audit is done.Once I think I found everything.Once I don't have any new ideas. I wake up from the chair, and:. > Audit the code at a standing desk.> Go outside and think about the code. It.

Advice to myself 2 years ago:. If you want to break Defi, Blockchains projects and be good at it. You must have a balls to break your way of thinking first. Security Auditor faces challenges every day. > Complex systems.> New technologies.> Belief that there's no bugs. First of.

Want to dive deep into Web3 Security?. Every week, I share simple security tips you can use. Under 5 minutes to read. Join me here 👇🏻.

Just wrapped up 3 weeks audit of Light Client on Rust. Here’s what I learn: . - Rust.- C++.- Bitcoin, Zcash, Dogecoin.- PoW native vulnerabilities.- Merged mining .- How PoW works under the hood.- Merkle Trees Bugs on PoW.- Chain reorg . The best audits are the ones, where you.