Here is the bug writeup of my 50,000 USDC bounty on @cantinaxyz This is supposed to be one of my many articles on BBP. If this original article post gets 100 reposts, I will publish a step-by-step playbook for SRs transitioning from audit contests to BBPs and how to succeed in

How to save your Web3 Sec Career from AI? Its quite simple. Learn and gain expertise in niche skills in demand. The more niche a web3 Sec skill is, the worse the training data exists for it in AI. For example, I was writing an Article on the Move Language recently. Most of the

People at DevConnect had been asking me how I was able to secure 103% of the H/M pot (65,000 USDC) in the USDaf Contest on Cantina which was a Liquity v2 Fork and how did I spot a vulnerability that every single person missed. There are a multitude of reasons for this. I can

Our Lead Security Research @zerocipher002 gave a talk on Move Security in @summit_defi This talk focused around on building a solid audit mindset for Move Contracts. The speaker used their own real-world Move Security experience in discussing solid approaches related to Move

Top 3 Hardest things in life: 1. Trying to get a girlfriend. 2. Preventing the protocol from lowballing your critical finding. 3. Trying to buy and recharge a sim card as a tourist in Buenos Aires Argentina.

Will be Landing in Buenos Aires for @EFDevcon Devconnect / DSS in the next 2 days. I’ll be speaking about Move Security at @summit_defi from the angle of real world exploits. If you are building DeFi / CDPs / anything on Aptos or Sui and want a security brain to stress-test

How to know that you are ready for BBP for a person who typically competes on competitions: 1. You have secured 3 top 3s on competitions that are >60k USD. 2. You have found solo highs in competitions. 3. You chose relatively complex protocols for your competitions. 4. You have

Our Lead Security Researcher would be speaking on Move Security in DSS. The VulSight team would be present at @EFDevcon Buenos Aires for the entire devconnect week. Feel free to connect with us.

Well attacks like balancer v2 solidify my such viewpoints even more.

Today I announce the next step in my career. Reply "Plumbing" to enroll.

If your AI tool is so good that it can detect the balancer vulnerability, why didn't it detect it before the hack?

Thank you @monad and @SuiNetwork Lambo soon.

SUI blockchain launched in 2023. You didn't hear much about covid after 2023. Coincidence? I think not.

Here is a very simple Alfa that could 10x the earnings of any person struggling in Web3 Security Competitions: Before even auditing the code, understand the code so deeply such that you are able to implement it from scratch if needed. Resist any urge to analyze any part of the

If you as an SR would need to choose one particular tech to master for the maximum +EV from one of these which would it be and why? 1. ZK 2. Move 3. Rust for Solana 4. Infra

It was great meeting you. Definitely shared some very interesting ideas.

More Alfa on Move. If the articles gets 40 reposts. I will do a Part 3 of this article.

Web3 Security has to evolve and be better. I would not be comfortable putting even a quarter of my life savings in a defi protocol after the stuff that I have seen in my Web3 Security career.

If you want to make good payouts in BBPs and Contests. Having good Security Research Skills is only 50% of the work. You most of the time need very good negotiating and arguing skills to get either prevent your bugs from getting invalidated or get them a reasonable payout.

Here is my personal Top 4 tips for anyone transitioning from Audit Contests to BBP. 1. Hunt mainly for criticals and highs. Mediums are not usually worth it in BBP. 2. Audit both the on-chain state of the smart contracts as well as the contracts in the GitHub repo. 3. Think of