engn33r
@bl4ckb1rd71
Followers
2K
Following
3K
Media
222
Statuses
1K
contributing @yearnfi formerly @twynexyz web3 security @yAuditdao
Joined August 2020
in the wake of a brutal few days analyzing the yeth hack, i realized how few tools exist to see human readable storage changes inside a transaction trace. so i started building one, both as a tool and as a deep research project for myself ...
22
22
198
easily the most sophisticated defi hack i’ve seen. precision-loss pushed execution into code paths previously thought to be unreachable. enabling a bypass of the pool invariant, and later, a supply underflow. analysis was painstaking. here are some charts to help visualize.
Post-Mortem Analysis of the yETH Exploit - 1 December 2025 https://t.co/kxYTy32r8D
15
22
247
Great idea, @Montyly can even offer a seal of approval that protocols can stick on their websites😄
Most protocols spend a lot on audits and bug bounties but have zero internal security Launching https://t.co/c3v75lXHdD to highlight the ones that do Having an internal security team should be in every protocol's New Year's resolutions for 2026
2
0
5
Do you have a multisig? 💰 Did you check if it's secure? 👀 Run a 1-click check with our multisig security checker tool. It's free, no downside!
2
6
22
Señor sandia speaks. And I had nothing to do with this episode 👀
BOUNTYHUNT3RZ Episode 31: w/ @0xriptide & @DrasticWM lounge by the pool at the faena hotel in buenos aires and discuss @EFDevcon Argentina, @yAuditDAO, CTFs, security outlook, competitions, getting shafted on a juicy bug bounty, judges must be crazy, auditor profit maxxing, AI
3
0
9
I'm shocked this is the first time I'm hearing about @verifalliance - such a critical cornerstone of everything this ecosystem strives for
i love etherscan but unless im misunderstanding something, they have essentially paywalled verified contract code access for base, op, and bsc. open source contracts are a cornerstone of evm culture and this situation just goes to show the importance of @verifalliance
2
1
11
yAudit is BACK It's an annual tradition for us to rebrand, but this year is different: we're re-rebranding. We're yAudit, no longer electisec. More updates coming soon!
9
11
64
Winners and security legends: Wonderland CTF crushed by @DrasticWM @adrianromero @usmannk @juancito @blocksec
We won 1st!! @usmannk @juancito @DrasticWM & adriro . Thank you @DeFi_Wonderland for organizing. We had so much fun
1
10
60
You asked for it 🫵 Don’t be like, “oh sorry, I didn’t know” later. P.S. If you think being with a Latina requires skill, wait until you meet us, the Gringos Balkaneiros. https://t.co/1QUiBIB7nz
luma.com
You insisted, so we had to do it. Everyone's favourite event is back! Fernet, mate, vine, all of those are fine, but it's time for something divine, like sol…
7
7
54
Researched the recent Moonwell issue and found this underrated thread. Great analysis 👍
1/ On November 4th at 05:45:11 AM UTC, the Moonwell protocol was exploited via a Chainlink oracle malfunction that reported secondary market prices, leading to a $1 million loss.
1
0
10
Devconnect starter pack: - Last minute slide edits ✅ - Mate✅ - Steak dinner reservation✅
0
0
5
My big takeaway from this week's drama is that it showed the world how amazing the chads at @yearnfi are in managing risk. Impressive and underrated work - 100% guarantee it will get more attention now
172 days ago the Stream team messaged me to complain about a snarky tweet I had made about their vault code. This was the last message I sent them. Obviously they did not listen and we are in fact worse off because of it. Contrary to what many seem to feel, none of what
12
3
53
Love this from the community. Community-driven security is how we win. Big shout out to @bl4ckb1rd71 for building. Your security is only as strong as your configuration. Now's a good time for a setup check. Be Safe.
In honor of multisig security month, I'm happy to present a new tool that analyzes the security of a Safe multisig's configuration. 🛠️ Not every Safe is safe! Test it out on the example multisig addresses 👇
9
2
48
@P3b7_ @PatrickAlphaC Special shoutout to @pcaversaccio for maintaining the best multisig security script in the industry, which I guarantee is underutilized, at least until signers realize what can happen when they don't use it (RIP Bybit)
github.com
This Bash script calculates the Safe transaction hashes by retrieving transaction details from the Safe transaction service API and computing both the domain and message hashes using the EIP-712 st...
0
1
15
I'd like to thank @P3b7_ and @PatrickAlphaC for kicking off multisig security month with new alternative frontends to access a Safe multisig. And I certainly hope there will be more improvements to multisig security in the future - I sure hope this is just the start.
1
0
13
But wait, there's more! A blog post with some explanations of the different tests is now live, for users wanting a deeper dive https://t.co/mez5W53lWF Even if you don't use a multisig yourself, try out this tool on the multisigs of your favorite protocols!
1
0
7
The web app lives here https://t.co/1QRH0MgWEa There are 3 ways to use this tool: a user-friendly web app, API, and python CLI tool. They all live in the project's github repo
github.com
Multisig security research. Contribute to electisec/multisig-security development by creating an account on GitHub.
1
1
14
In honor of multisig security month, I'm happy to present a new tool that analyzes the security of a Safe multisig's configuration. 🛠️ Not every Safe is safe! Test it out on the example multisig addresses 👇
19
22
132