Absolute chad and super helpful guy who carries the lion's share of fuzzing tooling development on his shoulders.Emilio the Echidna King follow with haste @0x310f1sh.

@Montyly Actually this is Emilio, follow him with haste @0x310f1sh.

Pro tip: For being on the frontier thou must assemble the circle of wise men such as @Montyly and @emilio4995 around a perimeter table, and decree how ye shall circumvent the law of fuzzing this time.

🐝.

RT @pillheadddd: @AzFlin @GuardianAudits stands apart.

FUzz it.

9/10 That why we are doing fuzzing setup at Guardian for every single engagement. When we do fuzzing, we are building that lifecycle machine and running it as long as possible to protect the protocol.

8/10 Or with the goal to block it. Or drain it. An infinite evil machine. No restrictions, no rules, no bias, only the goal. Here where most unexpected, most 0.0001% vulnerabilities appears. From that unbiased fuzzing bot.

7/10 Now fuzzing. Full stateful fuzzing is not a randomized calldata thrown into your function. It's a bot, that lives on pretty powerful machine, which has infinite time to interact with your protocol in unrestricted ways, looking to get as much money as possible out of it.

6/10 Average auditing companies ate up all medium-high complexity vulnerabilities market, that type of audit you can get anywhere.

5/10 On the other side there are ultra-sophisticated one-of-a-kind state-of-the-art hacks, where protocol hacked went 4 steps audit and 0.001% of SRs can actually see this marginal case, if and only if they really care.

4/10 Look at the hacks happening. There are either ultra-dumb, like, latest hack return true; left in the beginning of the function, or something like require(msg.sender != owner, "Only owner can update"); type of human errors.

3/10 This all just to find something experienced auditors already uncovered? No way fuzzing is any good for you, right? Let's see.

2/10 local deployment, local deployment of integrated protocols (10s of k sloc sometimes!), make handlers, make a correct state capture, think invariants, then debug it etc etc.

1/10 Is fuzzing a worst EVM auditing tool? .The most common myth about fuzzing is that it just one of the ways to find vulnerabilities. If so, it would be the worst way to do it. Instead of going through the code from day one applying your high exp, you should do the setup, then

RT @0xOwenThurm: Guardian is where the best SRs in the world go to become the best SRs in the universe.

Share a piece of your web3 sec lore

CTO, but for a token

Been waiting for it years and years.

RT @0xOwenThurm: $200,000 total up for grabs now, show us a Crit 🫡.