So I just realized, I just spent 7 weeks straight auditing, from the Benqi: Ignite, right into Zaros and directly into RAAC, all on @codehawks. A couple of evenings out, but i sat down every day, researched and discovered. And I felt how I improved

The 2025 Pashov Audit Group security researcher internship program is now official. This is not for 1st day beginners - real projects, real audits, pure practice. Like/RT this post, then apply in the form in first comment for a chance to join us🫡

I am super unhappy with my performance here and somehow surprised that I managed to enter the Top10.. Anyway, lessons learnt, but at least 2 low density findings, next stop RAAC where I expect more from. Thanks to Cyfrin CodeHawks for this contest and big congrats to all the others!

One of the actual positive things in auditing seems to be, if you are not afraid of math, and just crunch the numbers/formulas. In an earlier life I studied physics, which came in handy in the Zaros contest, math related findings paid well in that one

Just imagine, you catch a typo and earn 5k usd.. welcome to web3 security research

My second top 5 finish this time on Cantina 🪐 , this time with my first solo finding. While overall still quite unhappy, since I missed a lot of stuff, I learnt a lot in this contest and have good ideas how to better approach code bases in the future.

I am waiting for the day on which I report a reentrancy and get the answer from a protocol, that this is indeed intended design, so the issue is informational at best and judges go with it.

A huge thank you to Monad and Cantina 🪐 and congrats to everyone else elected!

2025 was quite a ride, after 3 months of learning solidity, 2025 marked my first year in web3 sec, and it was an amazing ride, learnt a lot, made a bit of money and managed two top 5 finishes. Now 2026 resolution: post more on X and allocate more time!

Bug Bounty Contests are an underrated concept and quite a lot of fun to participate in, are there any platforms who host this sort of competition on a regular basis?

As a first step towards my resolution to allocate more time into web3 sec I today finished the first step. One of my incomes is building simple websites and I started integrating AGENTS.md files into projects so clients can start maintaining easy changes themselves.

Currently looking over the flyingtulip.com code base on SHERLOCK and one thing catches the eye: Simplicity through separation of responsibilities. Different contracts handle different state and validate in order during function execution. Easy to understand, hard to break

Just to flip the current Script: In some contest a while ago I found a bug which: a) AI didn't b) even seeing the PoC, could not identify the root cause accurately Yes, the finding was real, and became a valid solo. Hari how can I improve my AI on that?

Seems like a new place to hangout!

If you spent 2 days in a contest chasing an idea and are left empty handed, feelsbadman

If you report this in a comp: Info, owner can just redeploy 👀