Just got the first place in the bot race for the second time! 🥇📷 Realy happy with the result of my hard work. @code4rena Let's keep pushing the boundaries of automation and tech excellence! #VulnDetector #code4rena #BotRace #SmartContracts

Lesson of the day ... do not ever miss the escalation phase.

One way to speed up PoC is to load data from external sources instead of from the chain Here’s an example btw don't forget to allow Foundry to read it in foundry.toml https://t.co/cVszAoXcTq

For those serious about account abstraction in @ethereum this 4-part series authored by @agfviggiano is a must: 💡A deep dive into the main components of #ERC4337 Account Abstraction Using Alt Mempool; addressing common questions, misconceptions, and security considerations.

Security is 1% finding bugs and 99% understanding how the code works.

Ever tried to deal USDC with Foundry and seeing it revert? Well, 3 weeks ago, the support for USDC was added. Update Foundry frequently everyone! https://t.co/8Rg85vVy8m

rare footage of auditor trying to find a bug

USDC has 18 decimals instead of 6 on the following chains: - Oasys - BNB - OKX Chain - Sora - Kucoin Chain - Telos - Conflux - Bitgert

The chart on theblock website left me stunned. The surge in stolen funds between 2020 and 2023 is alarming, indicating a pressing need for heightened security measures. Employing both manual and automated scans could help mitigate the risks effectively. https://t.co/4meEjbw4yl

@ddimitrovv22 Even rounding in the right direction could be exploited (stealth donation). I very, very much encourage everyone to read this:

If you're auditing a protocol that uses Compound V3, you should read these papers! @RareSkills_io 🫡 1. The Architecture of the Compound V3 Smart Contract Link: https://t.co/48SBfX0OQt 2. DeFi Interest Rate Indexes Link: https://t.co/LqqLaz4fZc 3. Understanding Collateral,

Recommended Read 🧐 The following comprehensive article on "Exchange Rate Manipulation in ERC4626 Vaults" from @eulerfinance co-authored with the legendary @alcueca https://t.co/KtLXqxzy6v

"There's plenty for everyone." That’s my mantra for sharing everything that worked out for me so far. I didn’t just scale from $0 to +300K by gatekeeping knowledge. I honestly believe none of my success would be here if I hadn't shared my ups and downs. By putting myself in

3 mandatory checklists to go through before doing a smart contract security audit on your codebase: 1. The Solcurity Standard - https://t.co/RsJx0M5CuA 2. Weird ERC20 tokens list - https://t.co/BH0R6wP6kS 3. Solodit aggregated checklists -

Alpha alert: Speed boost I've been using this for years, and I know some others have their own ways with macros, but lots just copy-paste the tags. This is how I write the audit tags and other things (cmd + a number). Do Cmd+Shift+P, open keyboard shortcuts (JSON), and add those.

Gotta recommend this extension again: https://t.co/qDKg2NfY9s . With it, you can visually tell which line is fully covered, which line is partially covered, and which line isn't covered at all. Try `forge coverage --report lcov` and then use this extension to see what I mean

"Scenarios", "Flows", "State Transitions", "Stories", "Threats", "Paths", "Levers". The used word doesn't matter: our ultimate ambition should be to identify all weird/edge/unexpected cases in the time we have on a security review. These words are just helpful representations.

I've made $500k+ from SSRF vulnerabilities. Here are my tricks:

👥 Peer reviews in smart contract audits can provide invaluable insights. Different perspectives uncover different issues. #PeerReview #CollaborativeSecurity

📊 Gas optimization is important but not at the cost of security. Efficient code should also be secure code. #SmartContractDevelopment #GasOptimization

Early detection, early peace of mind - automated tools in smart contract security. #EarlyDetection #CryptoSafety