$7.2mm stolen from burgerswap because of a silly modification in the source code. The swap function is supposed to verify x*y >= k which basically verifies that the contract got enough input tokens required to do the swap 🧵👇

A great research by Decurity : - Most incidents happened >90 days - "The project is live for months" is not an excuse to not do audits - The fastest hack - 10mins after deployment - One clear trend: hackers are getting faster Full report time-to-hack.decurity.io

Not all SRs wear capes - some verify math libraries. Gustavo is verifying ABDK 64.64 using Echidna's new symbolic execution options 🦔 github.com/gustavo-grieco…

...132 findings and still counting. Thank you Code4rena, SHERLOCK, Cantina 🪐, Hats.Finance 🦇🔊, Cyfrin CodeHawks, Lanre Bayode, pashov, Jack Sanford 🛡️ , Patrick Collins for creating opportunities and support to make this possible. Thank you💯. ...we aren't done yet 📌

I’m playing a long term game. Soon🚀

The difference between small and big codebases is not complexity, it's discipline. You could have multiple modules speaking to each other which are not as complex as a small system, but if you get scared simply by code volume, you are done for. Lock in.

All web3 security researchers should read this 10/10 report on all web3 security incidents in 2024 and stats around them. Great job by ChainLight. Read below👇 drive.google.com/file/d/1G3obul…

x.com/i/article/1965…

I started learning Rust about 6 months ago. Along the way, I realized something important — I’m not one of those gigabrains who can pick up a new language during a contest and immediately start finding bugs on it. Personally, I need to feel almost fully confident in the

This is a very inexperienced statement, even the best developers cannot audit their codes, there are edge cases you can never think of cuz you wrote the l code, why do you think big companies go through rounds of auditing. I didn't know people still think like this in web3

Even top-tier developers who prioritize security and undergo multiple audits can still have their code compromised by a lone hacker in a basement. No project that manages user funds should ever go live without a thorough audit by reputable white-hats or security professionals.

x.com/i/article/1966…

“Hey phil, how can I win the entire prize pot of a competition?” I don’t know, I have never done that. But my friend Zero Cipher has, and this article highlights how:

Meet our cohort V Onsite students.🚀🔥

x.com/i/article/1968…

From here... ... to there. Check out how I find ways to break smart contracts: x.com/philbugcatcher…

I get tired super easily. However, that forced me to improve my sleeping habits. Over the years I've done a ton of research around sleep. Below are the most impactful insights I discovered. --- Some backstory (skip if you want just the tips). Over the years I've developed

Protect this man at all costs

Every Auditor must know Solana in 2025 Top 3 Resources to learn Solana. 🏴Blueshift Solana 🔗blueshift.gg 🏴 Solana Tutorial by RareSkills 🔗 rareskills.io/solana-tutorial 🏴 Awesome Solana Security 🔗 github.com/0xMacro/awesom…