🚨Reset Password Vulnerabilities Testing Method🚨 📥Download PDF scarlet-ianthe-20.tiiny.site credit: Abhishek #bugbountytips #penetrationtesting #password

To those seeking roadmaps: In security research, if you can't teach yourself, you're a liability. If you are asking somebody on the internet to spend their time teaching you simple things that you can learn with an easy search... You'll always be considered a liability

Today I spent some time digging into EigenLayer! 📖 Sharing the top 2 videos that really tackled all my questions. youtube.com/watch?v=5r0Soo…

ℹ️ Sending payload within the URL/URI itself can also trigger SQL injection. So don't just focus on the parameters. #SQLInjection #bugbounty

No impact you said? 🤔 Here is a unique medium from a recent contest on Code4rena: code4rena.com/reports/2024-0…

PRO TIP for solidity auditors: Read and analyze the bugfix reviews from Immunefi's Medium profile. Make effort to understand the vulnerability in depth. How the Whitehat found this? What was the clue that helped him spot the vulnerability? Do that often. Thank me later✌️

Looking for a great tool to put in your web3 toolkit? Swiss-knife.xyz has a calldata encoder/decoder, storage slot search engine and more. Shoutout to @bytes032.xyz, as I found the tool a while ago thanks to him.

Every auditor needs this tool in his toolkit. CodeSlaw is a search engine, that will search your keyword on Ethereum, Polygon, Arbitrum and more. This can be an incredibly helpful tool for bug hunters especially, as a bug in one codebase can usually be found in others as well.

If you are a web3 developer or auditor and have a hard time with other DeFi project integrations, be sure to check here: officercia.mirror.xyz/Uc1sf64yUCb0uo… Everything thanks to Vladimir S. | Officer's Notes 😉

I remember spending nearly an hour staring at this function of @ZivoeFinance thinking about what would happen if the token decimals were < 18 but I couldn't find anything. If I had thought of 0 input amount, I could have found this bug. Stupid me 🥲 github.com/sherlock-audit…

❗️Using multiple oracle sources is a double-edged sword. I've seen quite a few scenarios that can easily put the protocol in a bad state. Here is a great article comparing 2 of the most commonly used price feeds: smartcontentpublication.medium.com/twap-oracles-v…

Article explaining the problem in detail: rareskills.io/post/merkle-tr…

This alpha is so good that I was wondering whether to share it or not 🤫 Why you should always pay attention when you see that a protocol is using "Solady-SafeTransferLib", instead of OZ implementation: solodit.xyz/issues/m-02-cr…

Parsely provided a spot-on answer. This specific bug earned the Egis team $2,200. The issue is related to the behavior of the try-catch block in Solidity. It may not always catch the revert as expected, as shown in the following example.

Checklist for auditing protocols on multiple chains 20 observations and tips to help you find more bugs. shout-out to juancito 👇 github.com/0xJuancito/mul…

(1/9) In light of the upcoming Maker is now Sky audit on SHERLOCK, I want to share some interesting findings that I found in past contests. Let’s dive into it 👇

Can you find the bug in this 𝘀𝗨𝗦𝗗𝗲 function? I was looking at the implementation of the 𝘀𝗨𝗦𝗗𝗲 token (the staked version of the Ethena stablecoin) and came across a bug @0x_m4k2 told me about a while ago. Let me explain...

Step-by-Step guide to make custom auditing tags Do you want to know how they are made ? ❗️It would take you 1 minute to set it up!❗️

If you are Solidity Dev/Auditor, BOOKMARK this ✅ Here you will find the best articles: 1. rareskills.io/blog 2. immunefi.medium.com 3. dacian.me 4. mixbytes.io/blog