Schedule some time every day/week to read all those X bookmarks before they become outdated

When you find a crit on the last day of an audit

Some people think the hacker extorted GMX. It could be true. But remember that bug hunters often get downplayed. This guy was tired of it and wanted to secure a fair bounty that would otherwise be classified as Medium because part of the bug was offchain.

AI won't replace you. A version of you who knows how to use AI will replace the version who doesn't.

I'm trying ENVIO and it is just lightyears better than TheGraph. Blazing fast, super easy to get started, great docs, great local testing framework and great deployment process. RIP TheGraph. Thanks Paul Razvan Berg for the recommendation.

Even if you don't implement invariant tests as part of your audits, you MUST think in invariant terms. Force yourself to think about system properties to be beyond line by line auditing.

Business logic errors will be the last category to be automated because of being project-specific.

This is so true for any aspect of life that compounds. Sports, knowledge, learning a new skill, programming, auditing... Perhaps we should measure our progress in a log scale

This is one of the most frightening attacks I've seen. To see if your proxy is currently hijacked, paste a tx hash to your contract into Tenderly TX simulator, and see if delegates twice to reach your impl contract (more details in the article). Legendary work by

Shill me your best Rust-based cli (for Linux)

Try F11 before ADHD medication

Every single article I've read from RareSkills was a good investment of my time. Truly impressive and inspiring. Very rarely we see such high quality/quantity ratio. Very Rare.

Audits are really expensive, but you already knew that? Yet you still do nothing to minimize the cost of your audits... You're throwing money at the problem and hoping it'll magically solve everything... A lot of elite teams do a simple trick that saves them thousands and it's

I wish I had known this audit hack earlier: Type `ctrl + shift + <` in VScode to jump between function declarations. It also tells you if it is a view/internal/public/pure function with a small icon. Note: it requires the Solidity Visual Developer extension by Consensys Diligence,

Legendary stats of a legendary engineer. Looking forward to seeing what you do next

Here is one of the latest audits I've done, for Macro Millions. The most interesting issue is [C1]. Not because it is critical, but because it is a small edge case magnified to the point of breaking the entire protocol. The team response was great, and they fixed all essential