Cyfrin launches this course and a week later, GMX V1 gets hacked. Someone really studied how GMX works for the past two weeks.

Zero-knowledge proofs definition:. I know that you know that I know what I know, but you don't know what I know.

Is learning NOIR the alpha?.

Is the world giving me a sign?

New pasta just dropped:. "$0.1bn is not a lot of money".

RT @abarbatei: Meet a lot of good people over the weekend at @ETHBucharest_. From builders to devs and security folks, it has been my pleas….

RT @NethermindSec: 🛡️ Blockchain security is evolving—and so are the risks. At @ETHBucharest_ tomorrow, we’re diving into two critical fro….

RT @leefileegen: had the pleasure of working with @xKeywordx via @NethermindSec @NethermindEth .- great writer.- breaks down complex concep….

RT @NethermindEth: 📢Nethermind is bringing our expertise in ZK Rollups and Web 3 security to @ETHBucharest_ tomorrow on April 4th!📅. Join u….

This was an insightful competition. I'm pleased with the result, but at the same time mad at myself for missing some bugs. This audit had some gigabrain findings from @0xSimao . The grind continues! 🚀🔥 💪.

Who said the escalation phase during contests isn't fun?

The AI Audit Agents are becoming better and better. If you want to test out Nethermind's AA, here's the link

Wow, congrats!.

Why do I say this???.Because if you are just getting into Web3 Security today, you will literally have a MUCH HARDER TIME to "MAKE IT". Does this mean you should give up or that you don't have the skills?.Absolutely not. It's just that the environment is harder. Keep grinding.

Check out the public report. These two "issues" were deemed valid Mediums in this contest. [M-02] Return values of ERC20 transfer and transferFrom are unchecked.[M-07] Using transferFrom on ERC721 tokens.

In today's public competitive landscape this is not even considered anymore, this would be "at best" a design choice to avoid the potential DoS. No one takes you seriously if you submit this "finding" today, yet someone got paid a "Solo Mid" for this finding back in 2021.

- Weird ERC20s are usually out of scope.- A lot of "known issues/design choice" invalidations.- Borderline Mediums usually get downgraded to Low severity. Don't take my word for it, check this report where someone got awarded a valid Medium on C4 for this.

Web3 security public competitions in 2021:. - Using transferFrom instead of safeTransferFrom == valid Medium on Code4rena. Web3 security public competitions in 2025:. - Admins never make mistakes even if the code is wrong and they could theoretically make them.

I worked at Chainstack for over a year and I can confirm that NOTHING beats their pricing model, and quality :).

This sums up "the trenches" pretty well.