This is the MOST ALPHA research paper about smart contract security EVER. 🧵 THEORY: They examined 516 smart contract security bugs & exploits. FACTS: They applied the THEORY in Code4rena contests & bug bounties and received a total prize of $102k 🤯 github.com/ZhangZhuoSJTU/…

Block 16964664: A user managed to drain five MEV bots by exploiting a bug in mev-boost-relay. Here's the block: etherscan.io/block/16964664 Here's the user: etherscan.io/address/0x3c98… Here's the patch: github.com/flashbots/mev-… Here's the longer explanation:

When you feel anxious about that part of the codebase you barely understand. Continue and push yourself. Don't underestimate the fact others felt the same way when encountering it and many will give up. However, those who don't will be the ones to yield a solo finding.

Tonight & tomorrow's reading list (links in comments): 1. "Time, slots, and the ordering of events in Ethereum Proof-of-Stake" by Paradigm 2. "Common fork bugs" by yAcademy 3. "Lending/Borrowing DeFi Attacks" by Dacian 4. "Immunefi-bug-bounty-writeups-list" by sayan

The Immunefi Vaults System v1 is now live. Projects who want to boost trust with whitehats to get more high-quality bug reports can now deposit assets into their own secure, sovereign vault. Signing up for a vault is free, easy, and quick. Let's go. immunefi.com/vaults?utm_sou…

Here's a thread of all our critical finding breakdowns thus far. We make these breakdowns because we believe in elevating the standard for web3 security education Roadmaps, find-the-bugs, or the 100th explanation of reentrancy won't get us where we need to be Let's get it 🫡🧵

Last year I found a Critical vulnerability which could steal $40M from Perpetual Protocol (=ↀωↀ=). The team was dishonest about the bug severity and rewarded $30k. The experience was devastating and made me give up on web3 security for several months. Writeup: securitybandit.com/2023/02/07/bad…

◀ Vulnerabilities Visualized - Exploit Walkthrough ▶ Primitive ™ - Double Fees on Swap (Critical) {FIXED} In just 1 minute: Level up your attacker mindset by following along the visualized logic of some of the best security researchers in the game. Full breakdown below ⬇️