Plamen Tsanev
@p_tsanev
Followers
1K
Following
5K
Media
69
Statuses
1K
Smart Contract Security Researcher 🛡️ @Immunefi Associate All Star @CertoraInc @CyfrinUpdraft alumni
Check out my work:
Joined May 2023
Your boy has been inactive for some weeks, but he is also proud to announce he is locked in 🔒 As of the past 2 weeks, he has officially become a full-time security researcher at @CertoraInc We are in the deep end now, the skillset is expanding rapidly. It’s exciting and
22
2
166
The Certora team has been a steadfast partner from the early days. As soon as the incident surfaced they spared no efforts, jumped in and worked side by side with us. Grateful to them and to everyone supporting Balancer.
Since Monday’s @Balancer v2 exploit, we’ve worked hand in hand with their team to develop the first root-cause analysis of the issue, identify all affected and potentially vulnerable pools, and determine whether v3 was susceptible to the same attack. Our analysis breaks down
0
2
44
Since Monday’s @Balancer v2 exploit, we’ve worked hand in hand with their team to develop the first root-cause analysis of the issue, identify all affected and potentially vulnerable pools, and determine whether v3 was susceptible to the same attack. Our analysis breaks down
certora.com
Certora’s in-depth analysis of the Balancer v2 exploit — what caused it, and how v3’s redesign prevents similar hacks.
8
39
191
Balancer V3 was designed with our help to avoid theoretical incidents exactly like the one we saw yesterday in @balancer V2. We can assure you that V3 pools don't have this bug. We're working on a post-mortem that explains the exploit and lessons learned, and will share it soon.
Today, around 7:48 AM UTC, an exploit affected Balancer V2 Composable Stable Pools. Our team is working with leading security researchers to understand the issue and will share additional findings and a full post-mortem as soon as possible. Because these pools have been live
9
10
174
Do we have a security crisis due to today’s Balancer exploit? Is the defi space considered as completely high risk now? In my opinion, this is not true and I collected some facts and thoughts. This appears to be a very sophisticated exploit, not a trivial oversight. We don’t
19
11
112
🚨 Move Vulnerability Database v1.0 is LIVE! 🚨 🔹 128 Critical & High findings 🔹 77 public Move audit reports (mostly Sui) 🔹 Mediums & 76 Aptos reports coming soon 🔜 📖 Readable: https://t.co/vDkkrv8TqV 💾 Full DB: https://t.co/X2heO2fEA5
#Sui #Move
github.com
Move Vulnerability Database. Contribute to MoveMaverick/move-vulnerability-database development by creating an account on GitHub.
5
19
136
"You’re absolutely right — that was an infinite mint. My mistake."
Now in private beta: Aardvark, an agent that finds and fixes security bugs using GPT-5. https://t.co/xwtJhfDM3X
11
12
139
Another Friday night, another writing of walls of text on Telegram to the devs of the project I am auditing. What are you guys up to tonight?
0
0
2
Aave V4 fundamentally changes DeFi lending. Liquidity is no longer siloed by market, all assets now live in a unified Liquidity Hub per network. Behind @aave ’s safety are champions like Nurit, a Formal Verification researcher at Certora. Get to know her 👇
Aave V4.
2
2
33
Lido’s governance got safer with @LidoFinance’s Dual Governance, a key step toward reducing DAO risk and strengthening Ethereum staking. Behind its mechanism design review was @tomer_ganor, helping ensure the protocol’s security and robustness. Get to know one of the Certora
6
5
38
New Solidity before GTA 6 Question is, would this be more annoying for the researchers or the builders 🤔
Security researchers - PREPARE🙏 New Solidity features coming, the language is getting its biggest revamp so far in its history. Many, many changes upcoming. This also means many new attack vectors. Many new things to learn and study. Adapt or die in our fast-moving tech world🫡
1
1
13
New Solidity before GTA 6 Question is, would this be more annoying for the researchers or the builders 🤔
Security researchers - PREPARE🙏 New Solidity features coming, the language is getting its biggest revamp so far in its history. Many, many changes upcoming. This also means many new attack vectors. Many new things to learn and study. Adapt or die in our fast-moving tech world🫡
1
1
13
SRs, Whitehats, Fellow Countrymen. This is the time to lock-in. How web3sec is organized is shifting. Gone are the days of DM for audit & 30 simultaneous contests, we will miss them. But we look to a glorious new future. A future of <0.1% TVL hacks per year. Of tighter
These coming months are going to be the most important for every SR hunting on Immunefi… The Hunt Points Program is officially live today, brought to you by the @ImmunefiFdn. There are two things you need to do to join The Hunt: ➡️ Submit valid reports ➡️ Get high payouts
0
5
44
Certora Champions 🦸‍♂️ Meet Alex, one of the experts behind securing @Balancer, @KaminoFinance, @RaydiumProtocol, @fragmetric, Chainlink, Astaria, and many more.
2
6
47
We’ve been securing the Solana ecosystem since day one and we’re proud to see builders proving that you can move fast and break nothing. Big thanks to @kamino, @jito_sol, @jup_lend, @squadsprotocol, @ManifestTrade, @GlowFinanceXYZ, @fragmetric, the @SolanaFndn, and many more for
📽️DeFi has a $2B per year security problem — but what if most of those hacks were preventable? @CertoraInc is an all in one security partner securing the industry's biggest protocols. Now also trusted by @solana teams like Jito, Kamino, and Squads. Here's how @CertoraInc
0
2
17
Useful lesson in here for some web3sec CEOs whose favorite pastime is slinging mud at competitors
“If we just had fewer anons” The problem isn’t anonymity. The problem is the naïveté to believe your negative energy directed at others will hit your intended target more than yourself. Long enough timeline - you burn in the fires you cast at others.
0
1
17
Important question. We recently published an article on @SCAuditStudio together with @ihtishamSudo about the price of audits, which is a big component in decision making: https://t.co/r3e2iSlxOp
Founders have asked me multiple times if they should chose a private audit or a contest. Here are the pros and cons of each 👇 Contest: + more eyes on the code, usually results in better coverage (bugs found) - costs more - no/minimal remediation (fixes are on your own) - a lot
0
2
5
Auditors & SC devs, thank me later: Clone any verified on-chain contract into a local Foundry project with `forge clone`. [PATH] is optional - it’s just where the code will be saved. Works on any EVM chain. Great for audits, bounty hunters and reverse engineering.
20
16
149