Hey security researchers, you are not helping the industry advance if your first instinct after a security incident is to push the company under the bus. There are so many bad takes, like the one about the bounty amount, which wouldn't even have prevented the incident. It is

For some reason, this issue appears a lot more than you think it would Here's a puzzle: In an ERC4626 vault, 40% of rewards are taken as treasury fees If the vault holds (50 tokens, 100 shares) and receives 50 tokens as rewards, how many shares do you mint to the treasury?

To demonstrate BurraSec's expertise, we’re offering a free full-day security review/consultation for projects integrating with LayerZero or Arbitrum—whether you’re already deployed or still in development. We’ll thoroughly review: LayerZero: Configuration (DVNs, Executor, and

Security’s about to get pumped up. The biggest Solana competition in history has landed in the Cantina 🪐 pump.fun just dropped a massive $2,010,000 prize pool to help secure PumpSwap, their new DEX. 💰 $2,010,000 USDC 📅 Live now - April 4th 🔗 Below

she's a 10 but doesn't have a cantina bug bounty set up

Synthetics Implemented Right SIR (🦍^🎩) has been hacked for $355k This is a clever attack. In the vulnerable contract Vault (etherscan.io/address/0xb91a…) there is a uniswapV3SwapCallback function that uses transient storage to verify the caller. Specifically, it loads an address

March was absolutely massive: over $2.7M in new competition opportunities and 4K findings across Cantina competitions and reviews. 🪐 Plus double the number of new users joining the community, which we love to see!

How to succeed as an independent security researcher: 1. Choose one goal for the next 12 months: focus on either learning or earning. This will provide clarity and enable you to get what you want. 2. Play the long game: One week's winnings or a single audit doesn't define you,

I'm looking for an Account Manager or Director of Account Management. The ideal candidate is: - Obsessed with retaining customers and finding new opportunities with them. - Willing to work hard at a fast-moving, customer-obsessed startup. Link below to apply:

For all Web3 auditors, especially those just starting out: This is a must playlist if you want to become a bug-finding machine. Owen’s way of teaching and explaining is hands down my favourite - and I’ve watched a lot of similar content. Highly recommended. 🔥

After intense months of non-stop reviews in Spearbit and competitions in Cantina 🪐 , I'm taking a well-deserved break to recharge. 🔋 I'm going to summarize my recent speed hacking experience. While the results weren't “great”, I learned a lot from it 👀

I also had to make one 😁😁

Solana Security? Check. 🪐 On April 23, our elite researcher m4rio is leading a virtual session hosted by solboston and Helius as part of their Co-Hackathon day. From real-world exploits to common pitfalls, learn how to ship safer Solana programs. 🔗 RSVP below:

Next webinar on Multisig Security on May 19th @ 8PM CEST 🗓️ Featuring: • Mudit Gupta, CISO Polygon • Tay 💖, Security @Metamask Moderated by Fredrik Svantes, Protocol Security Lead at Ethereum Foundation What should we ask them? Mark your calendar and register below ⬇️

If you tried Cantina for code reviews a year ago and haven't tried it now, you totally should. We've been consistently shipping, and I genuinely think we've the best code review platform in the world. We set out to build GitHub for security researchers, and we've done that!

We've seen the gap, and so we're closing it. @Spearbit and Cantina are now united, combining elite security expertise with scalable infrastructure to deliver end-to-end security for blockchain organizations and financial services. Full details below.

A security career doesn’t begin with a job offer. It begins with consistency and the decision to keep showing up - even when no one’s watching. Many have created successful careers from scratch. That’s what the Cantina Fellowship is built for. Let’s explore how it works.