CrypticDefense
@crypticdefense
Followers
488
Following
2K
Media
15
Statuses
196
Security Researcher | Judge @cantinaxyz | 2x 🥇 1st place | DM for private audits
Joined May 2023
🥇1st place in the Balancer V3 contest Tough codebase to work on, as it had already undergone multiple audits. But that didn't discourage me, as I learned from past contests that there are always bugs, you just have to find them. Thank you @cantinaxyz @Balancer !
8
5
204
I'm travelling to Argentina for DevConnect + DSS soon The dog was supposed to come, but the airline I'm flying with doesn't allow dogs onboard So I sent him to a dog hotel that was recommended to me. I took him there for 1 day to adapt, so he'd already know the place before
6
1
73
Respect to the Balancer team for their speedy analysis and transparency. I can speak from first hand they take security very seriously. With such a fantastic developer team, the protocol will bounce back from this incident in no time. We SRs should be motivated to do our best.
1
1
10
Don’t sleep on @cantinaxyz 😎
1
0
9
Hot take: conditional pot contests are bad for BOTH SRs and the platform itself. Platform doesn’t listen to the client? Lose a client. Platform caters to client and downgrades issues? Lose SRs and more clients. It���s a lose-lose for both. Avoid BBCs.
We took a crack at the recent Solana contest on @code4rena with our AI audit tool and here's how it went: 2 findings confirmed as Medium by the judge after proper debate We were on-track to unlock the H/M pot and win the comp as we had the most medium findings Findings are
2
1
36
We should all call conditional pot contests by what they truly are: BBC Bug Bounty Contests. If an SR is ready to take on the BBC, don’t be surprised when escalations come hard.
2
0
12
AI is going to make audits lower quality and increase the demand for good Security Researchers. Too many new researchers are relying on AI completely to find bugs rather than understanding the code line by line manually. The worst part is since AI is catching real (mostly
6
4
78
Surprisingly, trying the Pomodoro Technique really showed me how messy and unstructured my time spent auditing was. Maybe we tend to underestimate the importance of small breaks during work sessions 🤔 I’d recommend anyone to try it 🔥 Should have listened to @0xT1MOH sooner!
5
0
20
What I love most about our security researchers is how relentless they are about chasing the next milestone. Here’s the progression: 1. 100 Rep 2. $100K earned 3. $1M earned 4. Spearbit LSR 5. Security God
6
2
60
Fun time reviewing this codebase and diving deeper into UniV4 hooks 💫 A nice welcome back to contests and a great opportunity to analyze findings of other skilled SRs 🔥
4
0
72
I failed successfully 😢 Time to ask judge to downgrade my highs to informational 👀
@_hrkrshnn Of course I could easily get a score of 100, but I was strategically aiming for 69 all along 👀 That gets you an automatic LSR position in spearbit, correct?
6
0
28
🤝
@crypticdefense @SiloFinance @cantinaxyz @cutthroat_sec @LordAlive_ @0xAbhay_Eth @hrishibhat Me congratulating you few months back and you congratulating me few months later, that too in the exact same way! Great chat to remember! 🤝
0
0
6
Seeing a lot of big numbers from recent contest results on Cantina 🎉 I’m reminded of this post from last year, and I think a lot of you should read this…especially if you aren’t seeing results. @0xFlint_ 🫡
6
5
61
For anyone blaming Uniswap or DeFi 🤦🏼♂️
@sullyfromDeets @0xSavz this is 100% a user error with setting incorrect slippage and is of absolutely no concern for anyone who uses Uniswap/any other properly implemented swap interface. Had they set their slippage to even 15% (which is completely degen), the transaction would have simply reverted
0
0
3
@sullyfromDeets @0xSavz this is 100% a user error with setting incorrect slippage and is of absolutely no concern for anyone who uses Uniswap/any other properly implemented swap interface. Had they set their slippage to even 15% (which is completely degen), the transaction would have simply reverted
4
1
38
I still think back to this post till this day. Best advice I’ve ever received as a SR, highly recommend to others follow this if you want to succeed 🔥 Forget about the money and focus on experience! (And then you will start winning) Thank you @woshilalala 🫡
Sharing some alpha. Two ways to gain the most from audit contests, based on my experience: 1. Pick contests slightly above your skill level. Try best to catch all issues, and don't stop until you're confident none are left. If in the end you still miss over half,
2
1
25
Every security researcher should try judging a contest at least once. Your respect for judges will 📈
4
3
56
And these perks are in addition to potentially becoming a millionaire. Find a bug, and your life can change forever 🔥
But wait, there's more! Winning this competition will: 🪐 Automatically grant you direct entry into Spearbit's elite researcher network. 🪐 Get you an all-expenses-paid trip to an EF event in 2025. 🪐 Grant you access to exclusive perks, like a dinner with some of the most
0
0
3
I’ll let the bugs speak for itself.
5
0
39