Sock
@sockdrawermoney
Followers
2,606
Following
4,651
Media
121
Statuses
1,943
@code4rena cofounder. scaling smart contract security and rooting for everyone in the arena
PST but insomnia
Joined February 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
seokjin
• 1051459 Tweets
コロンブス
• 228125 Tweets
DAOUOFFROAD NEW SERIES
• 176041 Tweets
Super Tuna
• 135119 Tweets
THANK YOU JIN
• 90557 Tweets
WE LOVE YOU JIN
• 76227 Tweets
#LISAxTeaser1
• 72576 Tweets
ROCKSTAR X LISA
• 71390 Tweets
ジンくん
• 45738 Tweets
9Days Left Kabir Prakat Diwas
• 44309 Tweets
#ダンジョン飯
• 41839 Tweets
VLOG 1 WITH BUILD
• 40018 Tweets
Eat Jin
• 38759 Tweets
#素のまんま
• 37288 Tweets
STELL 1N THE ROOM
• 29373 Tweets
#THE夜会
• 28606 Tweets
Francesca
• 24945 Tweets
Marseille
• 23948 Tweets
Benedict
• 22018 Tweets
De Zerbi
• 22014 Tweets
Quatennens
• 20838 Tweets
SOUL'd OUT
• 20503 Tweets
Santo Antônio
• 17320 Tweets
Eloise
• 15387 Tweets
michaela
• 14099 Tweets
#حنا_خدام_الحرم
• 10310 Tweets
I don’t normally make personal asks of the
@code4rena
community, but I have a big one to make.
I’ve really pushed the C4 team so hard this year and especially this quarter. It’s been a wild last couple months. There’s so much stuff happening behind the scenes to get ready for an…
6
13
150
Average days to awarding on
@Code4rena
over the last 22 months.
Getting faster all the time. Our judges and CAs kick ass.
@cloudellie
and
@itsmetechjay
just keep driving things faster.
Looking forward to seeing these numbers after the optimizations
@0xtotem
’s work has added.
11
7
88
If you want to get really good at something, do it competitively.
Be uncomfortable. Allow yourself to make mistakes. Measure your growth. Study what the best do.
That’s why
@code4rena
works and has helped grow scores of top tier auditors and bounty hunters.
8
14
106
so many audits
5
9
108
This is 100% why
@code4rena
didn’t drop lows even after competitors created marketing narrative that they only focus on serious issues.
Not allowing low-severity issues in a competitive audit is a convenience to the platform, NOT an improvement of security outcomes for customers
Sunday reflection: contest that won't pay for low/info findings and why I think they shouldn't do that.
Context: I'm participating in a contest that follows this rule. Unfortunately, I discovered it only once I had already submitted some of them (totally my fault to not have…
18
3
52
2
6
67
@trust__90
Main thing the world is full of is untapped talent :)
Names we don’t know today will be leaders tomorrow.
I’m excited for the opportunities people are getting who’ve been overlooked cos they had to claw over piles of bodies to drink at the awards fountain.
3
8
89
Why did I stop worrying about competitive audit surges?
Based on past experience, several things happen:
4
14
70
why are you like this
new
@zellic_io
pitch??? - Best in Crypto Security Audits with Over 100B in TVL Secured as endorsed by
@SpearbitDAO
5
3
66
9
1
74
When web3 exploits happen, quick coordination among good actors is essential.
SEAL 911 is a collaborative initiative by the web3 security community designed to provide support for incident response.
Please bookmark and share:
3
15
71
🌶️ The DSS venue and the industry is full of auditors who made their name competing on
@code4rena
.
Logically incongruent when people imply that those without a name aren’t good auditors when C4 has been one of the primary talent pipelines for the field for >2 years
#DSSspice
3
8
65
more like xuwinner amirite
congrats
@xuwinniexu
and everyone who competed!
Awards have been announced for the $1.1m USDC
@zksync
Era audit 🎉 🎉
Top 5:
🥇 xuwinnie - $502,041.99 USDC
🥈 ChainLight - $157,696.85 USDC
🥉 Audittens - $140,480.81 USDC
🏅 minhtrng - $38,573.19 USDC
🏅 erebus - $25,342.88 USDC
Read more at:
27
44
402
3
4
62
🌶️ Audits in general simply aren’t designed to find all bugs, but in web3 we NEED to find more bugs faster than traditional methods and keep them out of deployed contracts.
That’s what
@code4rena
’s been incentivizing for two and a half years and 231 audits.
#DSSspice
3
5
56
I never worry about auditor churn on
@Code4rena
.
Why?
I believe 95% of people who get exceptionally good at pure bug-finding won’t do it at that level indefinitely.
Great talent always seeks higher leverage, more meaningful impact. Bug-finding is security expert table stakes.
In the beginning, I dreamed of being constantly booked with solo and team audits. Now, I dream of getting free from any engagements and not doing any audits for a few months. Neither is easy to achieve.
6
1
92
5
1
53
“Scamming the judge” is what
@GalloDaSballo
calls it.
@code4rena
just invested $90k in three Supreme Court Judges meticulously standardizing rules to cover these scenarios based on past case law.
Take a look at their extensive work:
Audit Contests Alpha: Audit contests are a game of reporting and negotiating for medium-severity findings.
Highs are usually black and white and rarely solos, but almost all of the top researchers' findings that I've read are very nuanced and in places that no one even looks at.…
14
7
135
6
5
50
my 2023 ethereum wrapped
0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
5
3
47
I’m lucky to call Tré a mentor and friend.
@Code4rena
is better because of him. I’ve spent many insomniac chats hearing his insight about how C4 can better serve customers.
He’s the best—wise, honest, extremely hardworking, & cares about customers and his teammates as people.
Today marks my 2 year anniversary at
@code4rena
I will be eternally grateful to
@sockdrawermoney
and
@_ninek
especially for taking a chance on me, and giving me the platform to thrive through their leadership style.
Also extremely grateful to be able to work with people like…
12
2
125
1
1
44
Kudos go to
@CloudEllie1
@itsmetechjay
and the
@code4rena
civics team. This is what they’re always optimizing for, but it’s mostly thankless work.
No one praises trains for running on time. But if you’re a train, it’s is your
#2
job behind moving people from point A to B.
@0xKaden
Best experience and most reasonable rules by far is at
@code4rena
. The rest decent but have got some work cut out for them. Not gonna go into details here. Just my two cents.
1
1
24
3
1
43
"may contain logical deficiencies" was my nickname in high school
1
0
42
This is a fantastic product.
@gasbot_xyz
gets you gas where you need it from the balance where you have it.
From a
@code4rena
security legend, no less.
Hear ye! Hear ye! Quick announcement for
@gasbot_xyz
📜
We're reducing the Gasbot fee to FREE from now until the end of ETHDenver (March 3rd). Test it out without any fees and see if you like it ⛽
1
6
39
2
4
43
so the first billion dollar competitive audit will apparently be sponsored by ChaseChain
Ridiculous cyber security numbers from JPMorgan just dropped
• Spends $15 billion annually on IT defense
• Experiences 45 billion hacker attempts per day
• Carries 62,000 tech specialists to protect system
They're making those hackers work for it
41
91
955
4
4
43
Having worked alongside
@trust__90
for the better part of the last year through C4, I believe very strongly:
1. his actions were in good faith
AND
2. he will personally help make the space better in terms of processes because of this incident.
People are saying all kinds of terrible things while being uninformed so allow me to share more details.
I've initiated coordination privately with Immunefi officials 3 hours before the white-hack. 90 minutes later, I realized the asset is currently used by the frontend and…
76
76
722
1
2
42
Want to know how accessible indexes make DeFi? My 9 year-old put his birthday money into
@PieDAO_DeFi
and keeps looking at its performance.
3
7
38
We’re installing flood lights in the Dark Forest.
Intel coordination is going to make it much harder to be a bad actor.
Thanks for your leadership,
@samczsun
Today, we're launching the latest
@_SEAL_Org
initiative, and it's going to change crypto security forever. It's called SEAL-ISAC, and this is why we need it
79
206
865
0
5
40
Happy Valentine’s Day to all of web3, thanks to the leadership of
@samczsun
who has turned competitors into collaborators to better secure our ecosystem.
Before
@_SEAL_Org
, web3 security community coordination looked more like this:
1
8
39
Gonna go out on a limb and say I may have the best views of anyone on this Twitter space today 🏔️
See y’all soon!
🎉 Excited to host our 1st Security GigaSpace!
🧐 What: The Future of Web3 Security Reviews
⏰ When: 1430 UTC, Friday, 18th August
🔗 Where:
🧠 Who:
@GNSPS
@_hrkrshnn
@jack__sanford
@Montyly
@ethzed
@MitchellAmador
@sockdrawermoney
&
@0xRajeev
(moderator)
2
38
118
1
0
39
Seriously
@0xtotem
is a gem.
It’s been a blast working with him and seeing all the great ideas he has come to light at
@code4rena
.
- AI deduplication
- audit docs bot
- what’s next?
2
3
36
Sorry, but S-tier is being married to your cofounder so you’re never alone in whatever keeps you up at night and always having your most brilliant collaborator and advisor ready to talk through ideas and problems.
AOL Keyword:
#OddlySpecificHumblebrag
being single is one of the best competitive advantages as a startup founder
406
272
4K
3
1
37
A friend of mine suggested that I clarify the nature of the danger of woke AI, especially forced diversity.
If an AI is programmed to push for diversity at all costs, as Google Gemini was, then it will do whatever it can to cause that outcome, potentially even killing people.
13K
34K
169K
7
0
35
The sweetest and kindest people I’ve met in the crypto/web3 space are security auditors. I consider it a privilege to get to work alongside them in
@code4rena
.
0
2
33
@zachobront
Always good advice to follow what you’re fascinated by! Best long term investment is aligning what you do with what you actually *want* to do.
So, alternatively: *If you’re interested in ZKPs* it’s a v cool opportunity to audit AND learn.
(2/3 of scope’s .sol anyway)
1
2
31
I super love open data but pls be careful with charts based on lagging intel.
Same chart now shows July with >270 different
@code4rena
wardens finding valid high quality bugs that bots couldn't find.
SorrynotSorry to say competition remains pretty fierce on c4 :)
5
2
27
Just want to underscore in the context of pointing this out that I have mad respect and gratitude for folks who build and contribute things like
@0xSulpiride
’s
@AuditCrew
,
@GalloDaSballo
’s , and
@hansfriese
’s
@SoloditOfficial
Yes, C4 could have…
I super love open data but pls be careful with charts based on lagging intel.
Same chart now shows July with >270 different
@code4rena
wardens finding valid high quality bugs that bots couldn't find.
SorrynotSorry to say competition remains pretty fierce on c4 :)
5
2
27
3
2
31
Instantly would vote for Alex himself based on his enormous contribution to the space as a whole.
1
0
29
Everyone's focused on what returns you can get in the upcoming bull market, but be sure to manage a portion of your investment portfolio in mind of long-term value.
A 2003 vintage proprietary Nikon USB adapter graded as Flawless could pay your grandchildren's tuition someday.
0
2
29
Horrific to see. Sending hopes for safety and peace for our friends in Israel.
2
1
27
@thebensams
@0xcuriousapple
@alpeh_v
“Defenders think in lists.
Attackers think in graphs.
As long as this is true, attackers win.”
—
@JohnLaTwC
1
1
28
This retweet is an endorsement
1
0
26
Never ask:
- a woman her age
- a man his salary
- the Baha Men who let the dogs out
2
0
26
Thank you
@zachxbt
@samczsun
@FrankieIsLost
@caitlinxyz
and all who assisted in resolving this swiftly and significantly minimizing the impact.
For 69 minutes on Monday, this account was hijacked via sim swap and used to send a phishing link.
We hold Code4rena to high security standards: we have policies in place requiring 2FA on all staff accounts.
Unfortunately, access control for Twitter was missed based on…
11
5
76
0
0
26
Real ones already know
@aramas95
is an S-tier marketer, C4 staff member, and teammate.
But she also had *literally under one minute* response time to Monday’s simswap incident. Living out a show-don’t-tell example of our principle that *everyone* is on the security team.
1
2
25
Man. The dark mode in
@rainbowdotme
makes me want to open the app just to look at all these gorgeous ugly charts.
0
2
25
Personal vulnerability disclosure:
I made a stupid comment in a 3am tweet which came off as flippant and passive aggressively critical of a c4 customer.
This is against my principles and beliefs about security being a constant process and shame undermining security outcomes.
0
1
25
Hi. This is my alt account. I’m looking for interesting, thoughtful people in the DeFi space. I love DAOs and coops and long scrolls on the tweets.
0
0
7
🌶️ Bottom line when comparing competitive vs trad audits:
“More auditors, more issues found” is how
@banescusebi
put it in 2021 ethcc talk—but doesn’t have to mean mo money, mo audits.
@code4rena
gives you more brains per dollar in a code review
scheduled on demand.
#DSSspice
We like our panels spicy 🌶️ 🌶️
Join the debate between conventional and community audits 🔥 🔥
Moderated by
@0xRajeev
and the fearless panelists
@GNSPS
@_hrkrshnn
@jack__sanford
@Montyly
@ethzed
@mitchellamador
@sockdrawermoney
Tune in at 15:25 CET
4
8
43
2
0
23
Been checking out
@farcaster_xyz
and I'm a fan.
I have some invites. DM me if you'd like one.
11
1
22
@shunduquar
Builder team would’ve prolly been able to ship this like a year ago if they weren’t having to clean up my slammed-together JSON / CSV and awkward GitHub-as-database ball of mud architecture while still making everything keep working lol
1
0
21
“This is the true joy in life, being used for a purpose recognized by yourself as a mighty one.
Being a force of nature instead of a feverish, selfish little clod of ailments and grievances, complaining that the world will not devote itself to making you happy.
I am of the…
2
1
20
@0xKaden
I have had three years of unpleasant experiences with competitive audits and three years of incandescent joy.
0
0
22
WOW. In November’s
@feiprotocol
@code4rena
contest, 21 wardens competed and NO high or medium severity issues were found—that’s never happened even with a half-dozen wardens competing. Just seriously wow. Hats off to the Fei team,
@joey__santoro
.
0
1
21
iykyk
@CloudEllie1
is the goat
It feels emotional tbh, seeing all of these incredible auditors whose careers have been boosted by C4 in this lineup.
One of my favorite things about C4 is how we've built -- and are continuing to build -- a platform where talented people get opportunities based on performance.
6
5
63
0
0
21
if you love productivity, wait ’til you hear about naps
If you enjoyed the Pomodoro Technique, go read about Circadian and Ultradian rhythm
2
0
22
4
2
21
@pashovkrum
@CharlesWangP
Yeah, C4 makes it pretty hard for common exploits to get through.
It’s just untenable to expect any single auditor to find everything, but the average auditor can miss 60% of common HMs in C4 and the diversity of perspectives / volume of auditors makes for a fat safety net.
0
1
21
@CharlesWangP
Code4rena was born in the height of the bull market *because* demand pushed trad audit timelines out 3-6 months.
Legends and fortunes were made because there were only 8-15 wardens per competitive audit that first year.
Surges just bring in more wardens to fuel the next surge.
1
0
21
🌶️ There’s poor allocation of security budgets cos of immaturity of the space + high stakes
Success as an industry looks like projects spending LESS on audits
/ bounties BECAUSE they invest MORE in process / consulting / dev education / architecture review early on
#DSSspice
1
1
21
@hake_stake
That’s very kind of you.
My contribution is less from me *personally* and more me being a “human insight aggregator” that’s resulted from prioritizing building high-trust, high-candor relationships with a ton of amazing people I’m constantly learning from.
2
1
21
Yes. The idea that humans will ever run out of work is kind of hilarious. We’ll just keep inventing more todos.
Just as much as AI has the potential to eliminate jobs if also has the potential to turn every person into Da Vinci who creates whole worlds of new work to be done.
What the “AI will only destroy jobs” pundits don’t understand: Higher IPP “Ingenuity Per Person” leads to hiring more people as companies become more ambitious.
Amidst time with customers, journalists, and industry analysts discussing the implications of AI, a common stream of…
20
38
207
1
0
19
Yes. Often, HMs = Ls + creativity
Tonnnns of evidence in
@code4rena
results for this☝️
Also why you want many unique perspectives involved in auditing your code.
If you got an audit done for your project - fix ALL the vulnerabilities not only the high/medium ones
Just because the auditor marked a vulnerability as Low doesn't mean it is not important
It may mean that he just didn't know how to exploit it but a blackhat could know🤷♂️
8
3
28
1
2
19
Thank you,
@trailofbits
<3
Today we’re releasing weAudit, the VSCode extension we use during secure code reviews to collaboratively take notes and highlight code regions.
17
159
581
1
0
18
@pashovkrum
I absolutely respect the intent but I don’t super love it as a policy because it effectively implies auditors bear liability for vulnerabilities.
You are responsible for what you deploy.
Good faith teams know this and rely on rigorous review, but don’t look to pass the buck.
0
0
18
the
@ArcInternet
's live easel feature is so nice for throwing together a quick dashboard from multiple sites.
also: $canto tvl keeps climbing 📈
1
0
18
@cmichelio
In all seriousness, my theory is the incentive to identify the highest arguable impact for a given issue leads to much better security outcomes, which is the ultimate goal.
1
0
18
Excellent work,
@joranhonig
!
I think my colleague
@0xtotem
put it best:
Who would have hired
@xuwinniexu
for
@zksync
’s fall audit in the first place?
Invite a ton of top wardens AND Chainlight and you still have a markedly thinner audit without winnie.
Data = Beautiful
I've been diving in and doing data analytics on audit contest data, finding all sorts of interesting things.
Continue reading for a tl;dr on my research up to now:
👇 🧵
9
25
100
0
0
17
There’s a lot I love about
@rainbowdotme
but my absolute favorite feature is that they don’t use red for negative 24h. Second favorite feature is the ability to hide balances that make you feel a bit ill when you look at them. Mental health features A++++
1
3
17
Yessss
@PoolTogether_
is one of the use cases that I see helps people unfamiliar with DeFi to “get it”
tl;dr prize savings is still the most compelling and slept on use case to bring DeFi mainstream
Read the full paper here:
2
5
54
0
1
17
I joined but I am still old
Not financial advice: idk if I am a security or a commodity or a currency or a secret fourth thing
Some codes:
ft-1hn84f4a
ft-mzl0o1y4
ft-gg28lo8u
ft-74kbor6p
ft-otktkz34
ft-p1x2e7q3
ft-qqswqgm6
ft-09bcydm3
ft-twv4qww0
4
0
16
🌶️ We need to drive down the price of known bugs and make complex bugs cost less than 10% of user funds so we can solve harder problems.
Pushing things this direction is one of
@code4rena
’s key contributions to the space. We’re gonna go ahead and keep doing that.
#DSSspice
1
3
17
security is the most inherently human among all tech domains.
fear and shame are the two most visceral human emotions and almost everything in security is dominated by the interplay of these two in one way or another.
3
2
17
@colleenklein
Out of curiosity, have you sent letters articulating this viewpoint to progressive dems? Or are you part of any lobbying groups? This message is so smart, compelling, and clear. Thank you.
1
0
16
Still waiting for
@0xzak
to get his glasses but I have to say they look great on
@scott_lew_is
1
0
14
let’s, as the kids say, fg
I've been looking forward to sharing this news for a long time!
@NascentSecurity
is a new type of security team incubated by
@nascentxyz
It does NOT do:
❌ portfolio services
❌ private bookings
It DOES do:
✅ public competitions (e.g.
@code4rena
@immunefi
)
✅ public goods
18
11
197
2
1
17
@KoolexC
@code4rena
The competitive audit model and formula was designed by C4 cofounder
@scott_lew_is
, one of the best mechanism designers in crypto :)
2
0
16
@jacksondame
Our 16yo son is a very web native creator (has a YT channel with 2000 subscribers and a bunch of projects earning Roblox $) and he doesn’t think the NFT criticism is valid BUT won’t touch it because creators in his world who do get punished by mobs.
2
0
15
I think the world of
@0xleastwood
. Looking forward to watching this
Is having an auditing process overrated?
Tune in to brake the mould with
@0xleastwood
, an LSR at
@SpearbitDAO
, and top
@code4rena
warden who has no auditing process and just follows his curiosity.
Follow
@web3sec_news
to get exclusive summaries of this podcast 🗒️
Link for…
6
7
80
2
0
15
imo 10% of **user funds** as the presumptive default commonly advocated as the golden rule by security researchers is primarily an indicator of the immaturity of the overall space
send ransom bounties to zero*
———
* by building better processes, tools, education, and incentives
Do we agree offering a 10% bounty AFTER the hack has happened is probably a wrong precedent?
How many Immunefi critical reports are paid at ~10% amount in risk? Perhaps we may need to reconsider the incentives if you can turn whitehat anyway
5
0
19
2
2
14
@blessThisMoney
@TheBirdHouseNFT
Great way to kick off that run. A heck of a buy. You got some other nice birds, too. Come by the discord and say hi. Good people.
0
4
14
just found this video from May 17, 2011
that one time
@evilpacket
hacked mtgox... like a month before __the__ BTC hack.
6
1
12
🌶️ Collaboration is valuable.
Diversity is more valuable.
(🤫 Psst: teams compete on
@code4rena
, too.)
#DSSspice
0
1
14