DKG (Distributed Key Generation) is one of the most underrated pieces of crypto infrastructure right now 👀 For years systems relied on a single entity holding a private key which basically meant one weak point could break everything. DKG flips that model. Instead of one party

Spot the Bug 🧠 Contract initialization What’s the issue in this code?👇

1/7 Introducing CairoQuest! A gamified platform that teaches you Cairo programming through dungeon quests 28 lessons. 140 exercises. Zero to dApp deployer. CairoLang Built on Starknet (Privacy arc) 🥷. Powered by @StarkZap. 🔗 cairo-quest.vercel.app

❗️Important note to Solidity devs and auditors: If you are using/reviewing Solidity versions 0.8.28 - 0.8.33, you can't trust `delete` on transient storage. > The compiler has a Yul helper name collision - storage_set_to_zero_t_{type} doesn't distinguish persistent vs

Spot the Bug #8 — Spot the front-running vulnerability. The attack requires watching the mempool and one pending transaction. Walk me through the exact attack sequence 👇

Does anyone have a list of good EVM contract audits? Looking for some free/automatic initially before I pay for a real audit. I already used SolidityGuard by YQ and it is absolutely incredible. But I want a couple more.

things i wish someone told me before doing bug bounties a valid bug can still pay almost nothing. i found a real logic error ... wrong function called, clean poc, undeniable code mistake. but the feature it affected was disabled on mainnet (parameter set to zero). bug was

🤯🚨DRIFT HACK TLDR: > This wasn't a random exploit - it was a 6-month coordinated intelligence operation > A fake quant trading firm built real relationships with Drift contributors at conferences across multiple countries > They deposited $1M real capital to build trust and

Built an open-source real-time Solana indexer in Rust 🦀 → Streams ~3,000+ txns/sec via gRPC → Parses + filters in real-time → Batch inserts (50 tx / 500ms) for high throughput → Detects whale moves 🐋 → Tracks memos + failed txns → Async workers + backpressure (mpsc

Spot the Bug — Two vulnerabilities. Find both. Hint: one is about gas and control. The other is about arithmetic precision. Drop both answers and explain below 👇

Spot The Bug Challenge #3 - Difficulty: Medium - Protocol: Staking - Target Issue: Medium Severity (incorrect reward accumulation) This is a simple staking contract. The snipped code shows the logic for updating the rewards internal function and the change of the mintRate

The audit industry has a blind spot. We obsess over Logic and Arithmetic vulnerabilities. Meanwhile, protocols go live with a 2-of-3 multisig, no timelock on setOwner(), and signing keys on a Metamask hot wallet. Smart contract audit: passed. Protocol: one phishing email away

5 Oracle bugs - 3 common ones, that are present in almost every codebase - 2 so rare you won't find them paragraph.com/@0x3b/oracle-b…

🚨 YESTERDAY | Denaria Finance a DeFi perpetuals protocol on Linea was exploited for ~$165K. Root cause: realizePnL() used AMM curve price instead of oracle spot price - a bug possibly introduced by a post-audit code change. UI paused. Attacker contacted with bounty offer.

x.com/i/article/2039…

x.com/i/article/2041…

SPOT THE BUG #10 — Merkle airdrop claim. What is the vulnerability? Hint: Who is the function caller? Is msg.sender relevant here? What attack does this enable? Everyone should give it a try for todays challenge. Answer in 24 hours in comment section 👇

The Smart Contract Security Checklist Every Beginner Needs Don’t know where to start auditing? Start here. Let's dive in 🧵

Very underrated way to find bugs that I don't see anyone talking about. It's a really good practice if you are new as it forces you to look at everything in deep.