Kicked from Immunefi for not paying? Hold my beer.

this is precisely how I stopped actively hunting on Immunefi and started on C4 mid 2023. I feel you bro 🥺 To me it still serves well as an alternative to emails: randomly found a bug? That’s the way to tell the project

21 contests running simultaneously: 6 of these have 6-figure pots, one has 7 figures (source dailywarden.com); this without considering bug bounty programs. Can protocols putting less than $50k on the table for a public contest really expect decent coverage in return?

anyone using @solana/web3.js, versions 1.95.6 and 1.95.7 are compromised with a secret stealer leaking private keys. if you or your product are using these versions, upgrade to 1.95.8 (1.95.5 is unaffected) if you run a service that can blacklist addresses, do your thing with

Bye bye Week in Ethereum News we’ll miss you 😢

Introducing Zenith: an auditing firm that delivers good, affordable audits ASAP. Teams want to ship this week, not next month. And without critical bugs. We pick a team of top auditors and manage the audit. It's hassle-free. No more waiting: we can start at a moment's notice.

What is the #1 code quality measure? It's BORING. Below is one of my bookmarks from well before I started my security research journey. Yet, I find it even more relevant to this field. youtu.be/5TJiTSWktLU?fe…

From pentesting to Web3 security, he addresses threats like phishing, fake interviews, and stolen private keys. With a focus on eliminating single points of failure, souilos prioritizes risks that could shut down an entire company or protocol. His mission: protect

On January 27h, Code4rena will introduce the Chainlink contest awards. And you'll see why 1987 won't be like "1987".

“Multiply it by infinity and take it to the depths of forever, and you will still have barely a glimpse of what I’m talking about.” - SR escalating their finding

Certora is now open source! What’s your excuse now for not securing your protocol, anon?

The best time to start writing searchable notes about design and gotchas of the protocols I work on was a couple of years ago. The second best time is now 🎧bountyhunt3rz podcast

👀 Hacker mindset but white hat, passionate, dedicated, attention to detail, you wanna work with us? ➡️📩pablito.eth 🦇🔊 ♢ opsek

BOUNTYHUNT3RZ Episode 12: w/ Tigran Piliposyan riptide Bringing out the AUDITOOOR We discuss how auditors and bounty hunters differ, hexens audit model, what the Certora prover actually does, what devs should do prior to deploying, RED FLAGS to look for when looking at a

Straight to bookmarks 💯

Code4rena will run audit contests for free, as public goods. 100% of funds from sponsors will go directly to auditors and judges. We won't take any cut. Why? 1. Competitions are commodities. They're CRUD apps. Why should builders pay premium for a website just to submit bugs?

You can measure how vulnerable the code is after a contest. This can help: - Projects and users to estimate hack risk - Bug hunters to scope targets - Ecosystem to track what works best - Platforms to manage reputation risk TL;DR: More solo findings -> more hidden bugs. This