🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

⚠️ Over the past 48 hours I’ve explored a novel gas griefing attack that was previously undocumented ⚠️ In this 🧵 we’ll cover the current idea of gas griefing and then explore this new (IMO more fitting) "gas griefing" exploit. Strap in! ⛽ 💨

Whenever you start a new audit everything feels crazy complex, almost scary. You think you'd never understand what the code does. Then you put in 10-15-20 hours of focused reading and digging and you can implement most of the complex features yourself, in a secure manner

Developer resources for Solana are scattered you say? How about an indexed encyclopedia of everything you ever wanted to know to get building? github.com/SolanaNatives/…

In search of a practical example? Don't worry, I have one for you. Check out this issue from a Code4rena contest github.com/sherlock-audit…

1/43 How I went from charging just $50 down to $50,000+ per Smart Contract audit. The ultimate guide to "making it" as a Smart Contract auditor so you can do it too.👇 🧵

This research paper is a real treat github.com/ZhangZhuoSJTU/… 🍩 The researches have studied 516 smart contract bugs and exploits, along with Code4rena reports, in years 2021-22 to categorize and analyze them. Some interesting tidbits that stood out: 🧵

Reminder if you want to learn about solidity security - check out my repo below: 13/100 vulns explained so far. Diving into more complex topics soon as well. Also revamping Days 1-10 to include more detail soon - (see Days 11-13 for a reference) github.com/obheda12/Solid…

In search of a practical example? Don't worry, I have one for you. Check out this issue from a SHERLOCK contest github.com/sherlock-audit…

This might be the single best repository to learn about smart contract hacks that happened in the DeFi ecosystem so far and even reproduce them using Foundry. Close to 200 hacks/incidents are listed here. 10x SunSec github.com/SunWeb3Sec/DeF…

This is part-2 of the Galaxy's research papers on MEV. I just learned in-depth about what are MEV-Boost, Searchers, Builders, Relays, Validators & PBS (proposer-builder separation). Best advanced MEV post I have read, an hour an a half well spent🙏 galaxy.com/research/white…

I've just released Decently Safe DeFi - a wargame to learn offensive security of DeFi smart contracts. The challenges are modelled after near-misses of critical bugs in production smart contracts. Check it out here! 👉 decentlysafedefi.xyz/me/

Web2 CEO who built a $200 billion market cap entity when visit 🇮🇳: - Meeting with PM - Meeting with CM - Meeting with FM -Meeting with team - Press conference - Visits stores - Remain in security Web3 Guy (vitalik.eth) : - No meetings - No Agenda - Only Dosa!

Proxies in smart contracts thread:✍️🧵 We'll go with diagrams one by one over: 1⃣ Eternal Storage Proxy 2⃣ Transparent Upgradeable Proxy 3⃣ UUPS 4⃣ Minimal Proxies / Clones 5⃣ Beacon Proxies 👇

You’re joking if you think the best path forward is to onboard more auditors. Whitehats are scrappy, unlike most auditors. If you wanna be scrappy, learn to do what’s difficult and don’t be focused on the same shitty vulnerabilities as everyone else. Even if there is a market for

Jeffrey Scholz The best sort of tech to learn is tech with a lack of good materials to learn from. If there’s 100 easy tutorials, 10,000 people already beat you to it. Learn the stuff with good tutorials, then keep pushing until you find stuff that seems impossible to learn. Then learn it.

Anything is possible with enough determination. There will be times when you think you can’t do it. You’ll feel demotivated and confused. Everyone was there at some point. Here’s another success story. All props to him, he put in the hard work and is now seeing the results.

this cosmos thing is pretty cool the docs seem to be the best place to learn, very in-depth will post interesting resource if I find them docs.cosmos.network/v0.52/learn

For new SRs deciding what to learn or specialize in: Getting into Rust and thinking competition in audit contests would be easier - NGMI. Always assume that the competition is top-tier. Note that Rust is not the easiest first language. So the competition you'll need to worry

1. Aptos 2. Sui 3. Solana 4. Polkadot

Top 5 🏅 In My First Audit Contest. Happy for securing the Pump Science protocol on Code4rena