Whitehat Bandit
@banditx0x
Followers
5K
Following
7K
Media
122
Statuses
4K
Security Researcher @OpenZeppelin Whitehat Initiate @ImmuneFi
Joined October 2018
It’s really competitive getting into an audit firm nowadays 👀.
We have manually reviewed all the applications and will be sending out 20 interview invites soon. To give an idea of the quality, the people who have made the cut have had 50+ H/M bugs in audit contests, multiple top finishes, private audit portfolio.
3
1
40
Cork protocol also had a bug bounty on Cantina with a max bounty that was <1% of funds at risk. It makes me think that the exploiter found the issue when hunting bug bounties and preferred taking $12m illegally over maybe getting a 100k bounty.
So he steals 12M, observes the whole drama AND then comments on it 😅. I’m wondering who that is now . the chance is very high we all know him.
7
2
95
All the answers to this quant interview question are wrong or incomplete. Here's how to solve it 👇. We accept any roll above 0.5 * EV_next_roll + 0.5. We can start from the final roll and work back recursively to the solve all rolls. Here's a detailed explnation 🔍:. Consider
Quant interview question:. You press a button that gives your randomly uniformly distributed number between $0 and $100K. Each time you press, you have two choices:. 1. Stop and take this amount of money.2. Try again. You can try 10 times total. When do you stop?.
10
4
62
AMM’s aren’t complex enough, let’s add another dimension.
Orbital extends concentrated liquidity to pools of three or more stables by drawing tick boundaries as orbits around the $1 equal price point. Unlike 2D concentrated AMMs, even if one stablecoin depegs to 0, an Orbital tick can still use its reserves to trade the others. 4/8
9
0
67
Which lending protocol is forked more often? Compound or Aave?.
2
1
3
Theres a common misconception that AMM spot price manipulation attacks require low liquidity pools. Swapping to an imbalanced price, doing some exploit with the manipulated price, then swapping back only costs the swap fee.
2
0
36
Uniswap V2 LP tokens are ERC4626 tokens that are comprised of 2 assets. ERC4626 tokens maintain a consistent asset/share ratio upon deposits and withdrawals. Rewards can be distributed to shareholders by increasing assets without increasing the number of shares. In Uniswap V2,.
4
1
72
One of the most well known bugs is the ERC4626 first depositor inflation attack. It's so common that it would earn $0.00 when reported in a public contest. The bug actually exploits a really cool bug pattern and understanding this pattern can be used to discover unique high.
Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining. The protocol had added explicit defenses against this style of attack, which the attack then either bypassed or used against the protocol. 🧵 1/21
2
7
87
In Uniswap V2/V3/V4, liquidity deposits need slippage protection to prevent frontrunning attacks but liquidity withdrawals don't. Reasoning below:. First let's explore why this statement is true:. Withdrawing liquidity when the pool is deviated from equilibrium gives more.
3
2
72
Also met many super smart and friendly peers, had the freedom to travel, and made > $100k in contests + bounties.
2
2
44
📈 Progression from not knowing how to code -> Lead Security Researcher at OpenZeppelin in 2 years:. Jan 2023 - started learning solidity . 3 months - Join OpenZeppelin's Apprenticeship. 9 months - Promoted to Security Researcher. 6 months - Senior SR. 6 months - Lead SR.
40
13
389
I'm going to learn ZK Auditing this year starting with zero formal maths background. Will use @RareSkills_io ZK Book, bootcamp and LLM's. I believe going from high school level maths to understanding cutting edge ZK maths/cryptography papers and bug hunting ZK circuits should.
14
4
211
I think we should airdrop $1 trillion to auditors.
0. Announcing the Trillion Dollar Security (1TS) initiative: an ecosystem-wide effort to upgrade Ethereum’s security to help bring the world onchain.
3
0
29