The best audit portfolio out there by far just dropped. Props to the SHERLOCK team for an amazing job 🫡

Another one🫡

It seems Convergence was just exploited (w/ ~$210k loss) to mint 58m $CVG (58,718,395.05681812), which are swapped to 60 WETH and 15.9k crvFRAX. The bug is part of the CvxRewardDistributor contract, which does not validate the (untrusted) user input to claim rewards. Here

Accurate af

I'm incredibly bullish on Web3 security. The good guys have massive advantages over the bad guys. Black hat: learn alone, hunt alone, validate alone, trust no one. Auditors: learn with peers, hunt on teams, use sounding boards, see missed bugs quickly.

Today, Blackthorn emerges from stealth. The most exceptional protocols deserve to work with the most elite auditors. Blackthorn's 10 founding auditors have won over 120 audit contests. Blackthorn's limited protocol members represent $160Bn of TVL.

Super excited for this new chapter! Thrilled to work alongside the top researchers and looking forward to setting a new standard in the industry🫡

Had the pleasure of judging this one! This is a pretty simple bug, yet only 2 researchers found it during the competition. Conclusion: don't overlook the fundamentals.

Time to level up my note-taking game. Thanks a lot Blackthorn SHERLOCK , happy to be part of such a cracked team!🙏🏻 2025 will definitely be an incredible year🔥

x.com/i/article/1919…

After 4 years in DeFi, deploying dozens of smart contracts & securing over $1B: We've now open-sourced our handbook, with ALL our best practices, from onboarding guides to security processes Our goal: Help raise the ecosystem's standard handbook.defi.sucks Read below 🧵

If you're serious about smart contract security you definitely need to apply for the fellowship. Great opportunity to work together with a cracked team!

Looking forward to this! Apply to have the opportunity to take your security skills to the next level🚀

Why Web3 security is broken (2025 edition): The state of Web3 security is in disrepair—and the cracks are no longer ignorable. Over the past weeks, multiple protocols have suffered major exploits. They were protocols audited by several firms, including names that i personally

💾 Just launched EVM-Storage codes! Visualize, compare, and analyze Ethereum smart contract storage layouts with this online tool powered by OpenZeppelin upgrades module and sourcify.eth. - Upload or load Solidity files from Sourcify. - In-browser compilation. - Supports

Nice explainer to a solo medium I found in SHERLOCK's Plaza contest🤝

Had a blast sharing my experience with Block 7 fellows! It was a great opportunity to share my story, how I approach audits and tips and tricks to find solo issues. A big thank you to the best fruit out there watermelon and the Electi team for having me!🤝

x.com/i/article/1937…

This shouldn’t be a hot take, but I’ll say it anyway — the worse audit contests get, the more hacks we’ll see. 1. Fewer eyes are reviewing codes before they go live. 2. We’ve trained so many skilled hackers and failed to create enough legitimate opportunities for them. Guess

Will be attending ETHCC this year☀️ My goal is to meet as many fellow researchers as possible, so shoot me a DM if you’ll be there and let’s meet! Looking forward to chatting about security and the current state of the space🤝