Sec3
@sec3dev
Followers
5,337
Following
273
Media
117
Statuses
970
Full Stack Security: Protection at every step of the development cycle. Auditors of @Metaplex , @Helium , @StarAtlas , and more!
Secure your protocol 👉
Joined September 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#WeAreSeriesEP9
• 369256 Tweets
Gandhi
• 130326 Tweets
Hansi Flick
• 92322 Tweets
仮面ライダー
• 82405 Tweets
National Anthem
• 67941 Tweets
#HappyMameDay
• 57427 Tweets
#MAME22歳誰よりも輝け
• 53002 Tweets
海ちゃん
• 43693 Tweets
豆ちゃん
• 29485 Tweets
森林環境税
• 29109 Tweets
Jadue
• 24620 Tweets
サヨナラ
• 21953 Tweets
PABLO COSMIC RULER
• 20938 Tweets
State of Play
• 16711 Tweets
内田有紀
• 15946 Tweets
INTO THE DREAM SPOTTED J X W
• 12984 Tweets
#OneYearAndOnly
• 11745 Tweets
ファンミ
• 11635 Tweets
Pinned Tweet
1/ 🎉 We're super excited to announce OwLLM v1, the first Open-source web3-native Large Language Model. This groundbreaking model has been trained on millions of transaction, boasting over 100 million parameters, and is designed to be chain agnostic
#OwLLM
#opensource
13
63
119
Want to be the 1st to know if a specific
#solana
smart contract had been upgraded? Sign up a
@sec3dev
#WatchTower
account to let it watch and alert for you, plus many more...
23
24
131
Active
@solana
developers: Yes, we are looking at you! Reach out to us, still have limited space for pilot customers re the coming next version of automatic audit scanner, which covers a lot more vulnerabilities.
Please use this tool as part of your dev process. It’s automated audits!
4
13
94
15
23
139
1/ Dive Into Solana's Future with AI-Ready Data 💾!
We're excited to unveil a Solana Transaction Dataset by
@sec3dev
and
@solanafm
, generously supported by the
@SolanaFndn
👇👇👇
12
23
118
1/ We’re extremely excited to announce that
@sec3dev
has raised a $10M seed round led by
@multicoincap
, joined by
@SanctorCapital
and
@EssenceVenture
- this is in addition to our angel investor
@aeyakovenko
and
@santiagoroel
!
19
25
121
Solana is actually more secure! We elaborated the reasons in this blog:
#Solana
#Solanasecurity
9
31
101
Made our day to see more and more projects use our initial version of Soteria auto scan tool that keeps finding real issues during development. We are building a much better version, give us a follow
@soteria_bc
, and stay tuned!
@MarinadeFinance
👍
@solana
2
13
73
We were curious if the premium version of
@Soteria_bc
Auto Auditor (under development) would have caught the vulnerability if it had been applied, so we gave it a try... It did!... through Account Validation Checks, see our blog for details:
#wormholeexploit
6
18
78
1/ Why you should always validate PDA Bump Seeds?
1. PDAs are used in virtually all Solana programs.
2. PDAs can have the same seeds with multiple valid bumps.
3. PDAs can be faked by providing different bump seeds.
Check out:
#solana
#solanasecurity
3
21
56
An analysis on CashioApp Attack and how missing checks of inputs are detected within our premium Auto Auditor
2
13
49
Thanks for the shoutout at
@consensus2023
, we’re happy to support and be supported by
@Solana
🫶
2
6
45
1/ Solana programs, also known as smart contracts, can be modified and upgraded. This means that the code can be changed after it has been deployed
5
10
39
@aeyakovenko
@dumbcontract2
@0xB07DAD
@7layer_sol
@Soteria
in-house premium Auto Auditor is able to catch it, see the screenshot. Unfortunately, the public free version can not. We are working hard day and night on the premium version trying to release it to the community as soon as possible.
6
5
39
Recently,
@CharlieYouAI
disclosed a vulnerability in the
@JetProtocol
through a tweet. The vulnerability would have caused $20mn loss of funds if exploited. Jet patched it before any user was affected.
@soteria_bc
looked into it and identified something interesting. 1/
1
5
37
We added a "signature" to the
@soteria_bc
free scanner to detect this issue. At the same time, please upgrade to the latest v0.24.2 release and read about it:
If you have
@anchorlang
programs on Solana mainnet, please upgrade to the latest v0.24.2 release and read this thread.
65
196
389
2
5
34
1/ A recap of the CremaFinance incident and why you should validate all accounts. A
@sec3dev
🧵:
#Solana
#solanasecurity
#smartcontracthacking
#web3hacking
#security
3
8
37
Summary of the findings:
1. attacker got more than 5M funds from FTX and deposited them to Mango Markets.
1
6
37
The team at
@d3fenders
aims to safeguard digital assets by utilizing on-chain smart contracts to prevent malicious drainers from stealing your coins and NFT's. We'll soon begin their audit to help support their mission to increase safety and security!
12
22
32
1/ We know times can be tough right now, but
@sec3dev
supports all those continuing to
#BUIDL
on
#Solana
! From day one it's always been about helping improve
#security
for
@solana_devs
, which is why we're going to offer one (1) Launch Audit for half the cost. To qualify:
1
11
32
1/5 Have you ever wondered if someone is attacking your main-net protocols at this moment?
sec3 is announcing WatchTower, a real-time security monitor, to help deal with security post-deployment. Check out our blog for more details:
18
8
32
1/ Thanks to everyone that came out to our side event during the Taipei
@hackerhouses
! It was great catching up with old friends and forging strong relationships with new ones. Special thanks to co-sponsors
@Dappio_
for putting together a great 5 day developer conference,
1
5
27
@aeyakovenko
@solana
@armaniferrante
If you project moves fast, keeps developing, likes a tool to help securing the smart contracts 24/7, and willing to work closely with
@soteria_bc
on feedbacks and suggestions, ping us at -> get a quote -> include "pilot customer" in the message.
0
3
28
To avoid any possibility of confusion:
@soteria_bc
premium scan is a in-house development that has not been released yet. It was NOT available to any external users at the time of wormhole incident. Our experiments referred in the blog was post-event.
We were curious if the premium version of
@Soteria_bc
Auto Auditor (under development) would have caught the vulnerability if it had been applied, so we gave it a try... It did!... through Account Validation Checks, see our blog for details:
#wormholeexploit
6
18
78
2
4
25
1/ Get ready for some epic coding 💻! We're proud to support the
@solana
#GRIZZLYTHON
by giving 20 Winners Free Month of X-Ray Premium to the top hacks. Can't wait to see the innovation that comes out of this event! 🔥
1
5
26
@soteria_bc
added a scan for the Wormhole vulnerability to our free Auto Auditor, check it out from our website under the software tab.
tag
@aeyakovenko
@armaniferrante
#wormhole
2
5
25
2/ The Helium Network is a decentralized wireless network that is powered by users, and is designed to spread wireless connectivity all over the world!
2
1
25
We're extremely happy to have completed a comprehensive security audit for the
@sanctumso
's Reserve, LST, and Infinite contracts ☁️
Liquid Staking Tokens
As passionate supporters of their ambitious initiative to promote wider adoption of LSTs through their framework, we
3
6
23
This alert service by
@sec3dev
alerts transactions worth paying attention to in real-time. Please give it a follow
@sec3alerts
Open to suggestions on what you want to see.
25885.87 SOL transferred (worth $769204.55) in a transaction:
1
0
0
11
6
19
You asked and we listened! We added monthly plans to Sec3 Pro Auto Scanner: .
1
5
20
43mins to go!
New automatic auditor for solana programs is already pre-installed on all Linux systems: ‘yes 👍’
4
5
89
1
2
21
3/ Sec3 Auto Auditor covers more than 40 types of security vulnerabilities in Solana programs, produces actionable reports, and can be fully integrated with Github.
3
2
20
When we first started, the scanner covers 5 types of issues; now its coverage includes 46 types of vulnerabilities, and counting...
Sec3 Pro Scanner:
#Solana
#SolanaSecurity
28
0
21
1/🧵
A few suggestions on hack prevention:
- Validate all accounts!
BTW,
@sec3dev
X-ray is a great tool to help you making sure all accounts are validated.
#solana
#solanasecurity
4
9
21
Don't forget to sign up for
#idekCTF
, with bounties over $6000 USD
The competition has challenges from intermediate to advanced and is perfect for students and CTF veterans!
With three days until idekCTF, our prize pool has been increased to over $6000 USD with addl. $2000 in bounties for
@solana
challs through help from the
@SolanaFndn
!
Sign up to play now!
Big thanks to
@sec3dev
for developing high-quality challenges!
1
7
30
1
5
20
1/ Introducing our latest blog post: All About Anchor Account Size! This deep dive explores the difference between using std::mem::size_of & Anchor space reference for account size calculation.
3
9
20
What an amazing night! Thank you to our fellow sponsors
@orca_so
@SharkyFi
and
@ChapterX_world
and all the web3 friends that showed up!
@hackerhouses
@solana
#HackerHouseHoChiMinhCity
1
6
17
Thanks
@nik_hayes
for bringing the below info to our attention. Soteria has already extracted the "signature" of the issue and will be adding it to the next version of audit scanner. Reach out to us for pilot customer early access when we release it.
All your Solana are belong to us. We hacked wallets simulation to display a credit but make a debit in live environment.
23
83
318
2
3
17
How to analyze an attack? a case study
Warning - long 🧵 and a bit boring...
1/
2
5
17
sec3 team is so excited to provide our ongoing security service, combining sec3 X-ray scanner and launch audit on-demand, to
@UXDProtocol
, whose team truly places security first!
We have engaged in a partnership with
@sec3dev
for monthly audits of the UXD codebase for Solana.
Safety first!
4
6
36
3
5
16
We're happy to have began the audit of
@Zeebitio
's randomness, settlement, and games smart contract as they prepare for Public Mainnet Launch.
They are currently in closed alpha, please join their discord for more information ✌️
We’re delighted to announce that we're partnering with industry leading security researchers
@Sec3dev
as our smart contract auditors and advisors!
They will begin the process of auditing Zeebit’s randomness, settlement, and games smart contracts in anticipation of Public Mainnet
31
54
135
3
4
16
1/ Super excited to be seeing all the new
#Hyperdrive
projects! Remember, you can take advantage of our road to
@SolanaConf
promotion and get access to X-Ray Build for your project as long as you reach out ✌️
It’s Hyperdrive eve. Today I’m dedicating myself to retweeting every project that shares what they’ve built in this thread. Please include:
1. Name of your project
2. What it is/does
3. @ handle of your project if you have one (you should)
Good luck everyone!
143
35
226
2
2
13
Reach out to your local
@SuperteamDAO
@SuperteamUK
chapter if you want to try out access to X-Ray Essential 👀!
15
31
167
2
6
16
1/ Program derived addresses (PDAs) are widely used in Solana smart contracts, but they can be faked if their bump seeds are not validated. PDAs can have the same seeds with multiple valid bumps, which generates multiple valid PDAs. Always validate the bump seed when using a PDA
1
2
18
4/ The software package includes an upgraded and much more powerful FREE version! with much-expanded coverage and
@anchorlang
support.
2
1
17
sec3 audit team worked closely with
@Crema_Finance
on the latest Launch Audit; thanks for trusting us to secure your protocol!
Great news, our friends! Crema v2.0 has completely passed the smart contract audit by
@sec3dev
💪. New version launch is on the way. Stay tuned! 🍺
#CremaFinance
#CremaChillChillTurtles
#Solana
18
10
55
3
6
15
@sec3dev
provides Launch Audit to prepare your protocols ready for prime time - an experienced auditor team consisting of people from top CTF teams, ex world-leading e-commerce security team, and experienced
#solana
researchers. We go deep and comprehensive. BUIDL
#solanaaudit
5
3
11
1/ 🚨 We've analyzed the recent $DEI attack on
@arbitrum
and identified the root cause as a simple, yet easy-to-overlook bug in the code
2
3
16
5/ A shout out to our pilot customers and users for participating and working with us, thank you!!
1
1
15
Many protocols use swap between a pair of tokens or mint/redeem. Please pay attention to using the same rounding in both directions, which can be vulnerable to attacks. See our blog for details:
#solana
#solanasecurity
5
6
15
Security Panel - sec3 cofounder
@nick_sec3
joining folks from
@TulipProtocol
and
@HedgeLabs
to discuss best practices at Vancouver HH.
7
4
15
Working with
@BetDEXLabs
team has been a great experience and valuable,
@soteria_bc
team looks forward to continually refining the Auto Auditor with power users like you.
We are excited to announce that we are officially a part of the
@soteria_bc
Auto Auditor program. We've had a fantastic experience so far - looking forward to working with them in order to make a safer Solana for all.
8
5
58
0
3
14
In this article,
@soteria_bc
introduces the internals of some
@solana
built-in programs, and highlights some of the intricacies.
if you like these contents, please give us a follow
@soteria_bc
1
2
14
@aeyakovenko
@pencilflip
1/🧵 We just released a new sec3 Pro Auditor () version that can detect three types of ABI incompatibility issues::
- New accounts
- Immutable to mutable accounts
- Accounts re-ordering
3
3
14
We are building a few things in the Web3 security space. Looking for developers and product managers, front-end, back-end, and full-stack. DMs open or contact
@sec3
.dev
1/ Today I shared that I've made the difficult decision to reduce the size of our team at Coinbase by about 18%. The broader market downturn means that we need to be more mindful of costs as we head into a potential recession.
759
432
3K
5
1
11
We appreciate the support and congrats to these Lads on winning the hackathon! LFG!
At
@solanaciv
, we used the X-Ray scanner by
@sec3dev
to audit our open-source Rust/Anchor programs for the hackathon submission. Audits are important but also expensive. Tools like X-Ray make audits more accessible for smaller teams at early stages of their journey. We recommend!
1
6
28
0
3
12
So what exactly is X-Ray and how does it help to secure your smart contracts?
X-Ray is a static analysis tool that helps to scan your smart contracts to look for documented vulnerabilities - the Build version currently covers *50* known vulnerabilities
The full list of Sec3
15
31
167
2
4
14
We're super excited to announce that we have helped
@MonacoProtocol
, which is an open-source & decentralized liquidity network for exchange-based applications complete their Full Launch Audit of their smart contracts!
1/6 Gm - we are happy to announce that the Monaco Protocol has successfully completed a full Launch Audit by sec3!
1
7
17
1
6
13
@aeyakovenko
@solana
Always feel grateful to know someone went deep on your stuff!
We are close to the next ver. of
@soteria_bc
smart contract audit tool. Projects want to become pilot customers please contact us at - Early Adoption & Close Iterations!
1
1
13
@aeyakovenko
@armaniferrante
@solana
Yes,
@Sec3dev
Pro Scanner can detect all vulnerabilities identified in the sealevel-attacks. Thanks
@armaniferrante
for these awesome repos.
1
1
11
1/ To detect vulnerabilities in Solana or Rust Programs, you can use tools like Solana PoC Framework, , cargo-fuzz, clippy, and cargo-tarpaulin
2
6
12
@aeyakovenko
@solana
This new version addresses most of the issues captured at:
by
@armaniferrante
and more...
Aggregating a list of footguns/attacks in the solana programming model and protections provided by
@anchorlang
.
What am I missing?
20
41
192
1
1
11
The Soteria team had a discussion with Charlie shortly after. It turns out that the vulnerability has a different cause (unexpected by Charlie). In this blog, we described the findings 👇: 2/
1
0
13
1
7
12
Amazing work by the
@UXDProtocol
team!
0
2
12
🌟 We're Hiring! Machine Learning Engineer (Part-time)
Join us in shaping the future of blockchain applications with your expertise in machine learning. Dive into large models and innovative algorithms!
🛠️ What You'll Do:
- Implement cutting-edge ML models with our team.
-
2
7
12
Sec3 team (Jeff and Chris) will be at Solana Hacker House on Thursday, would love the opportunity to meet you all there.
3
1
11
1/ Besides rigorous internal code reviews and external auditing, we are frequently asked: what else should we do to keep protocol safe once it's deployed?
a 🧵
#solana
#solanasecurity
10
3
11
Thrilled to announce our collaboration with
@magicblock
, the driving force behind the Solana.Unity-SDK! This open-source integration framework empowers game studios to harness Unity's versatility, accelerating web3 game development
1/ A new partner is joining the ecosystem!✨
We are excited to team up with
@sec3dev
, leading security research, auditing, and engineering firm
We will collaborate to enhance the security of the next generation of on-chain economies and autonomous worlds!🌐
26
34
104
2
4
11
.
@vibes8760
educating developers on how to think like an auditor at Taipei 🇹🇼
@hackerhouses
!
0
3
12
We recently completed an Ice Cold audit for a very exciting project 😉
Check out our Substack for the details, including a crucial lesson for builders in Web3 🧊
2
5
12