Most web3 security newbies are bombarding projects with invalid bug reports. We have upsold the 'web3 bug hunter' dream so much that - report triaging is a business offering now and, - bug triager is a job title

Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining. The protocol had added explicit defenses against this style of attack, which the attack then either bypassed or used against the protocol. 🧵 1/21

It took just 3 weeks for the top 3 guys to earn $800K But it also took exceptional talent and years of hard work to find critical bugs that hundreds of other competitors missed Kudos to all the winners Fortunately I also found two medium severity bugs in this contest 🙏

Bugs always get missed Be motivated by this as a bug hunter, be humbled by this as an auditor

In the recent ZkSync contest on Code4rena the top guy made half a million dollars while the low rankers made less than 100 bucks The web3 security space is crazy There are no minimum or maximum wages Just bring your skills on the table, deliver results and earn payouts 🚀🚀

Everyone is competing in Solidity based audit contests But $280,000 are up for grabs right now for non-solidity smart contract audits $100K Cairo contest on Code4rena $80K Rust contest on Hats.Finance 🦇🔊 $50K Rust contest on Cantina 🪐 $50K Rust contest on Secure3 🔜 Token2049 🇸🇬 LG anon.

Slots booked 🔒 See you there Euler Labs🛢️🇬🇧

New post, new bug analysis! 🔍 Exploitable flaw found in Ondo’s lending protocol! Learn how an attacker can drain funds of initial depositors from the freshly deployed CToken contract. Our team member, Akshay Srivastav, uncovered a unique vulnerability in the CToken contract

C4 just launched their Pro League🏆🏆 Top tier auditors collaborating to secure your protocol. You cannot ask for anything better. I am happy to be a part of it. Let's go chads🚀🚀

This was handed out for the press TL;DR seems to be: - Tool was used by criminals - Alexey did not do anything to stop it - Tool has no legitimate non criminal use - accuse him of criminal intent & arrogance - 64 months imprisonment - steal his car & crypto since he is so bad

WazirX has been hacked for $230 millions It seems their multisig wallet was upgraded to a malicious implementation which simply lets the attacker pull out all ETH and ERC20 funds from the multisig

Official LiFi statement about the $10M attack “The incident was caused by an individual human error in overseeing the deployment process” Web3 industry needs to figure out secure deployment and upgrade standards for decentralised protocols

Officially a SR at Spearbit

A huge congratulations to you, so happy to have you on board helping make the industry more secure!