Theft is theft and theft should not be rewarded. However, protocols must reply to whitehats honestly and rapidly and must avoid being greedy. Make whitehat hacking and bug reporting a more rewarding and hassle free experience so less hackers choose the blackhat route.

Lack of contests got platforms bored and fighting each other. At the end of the day, all the platforms lack certain things, none is perfect and they all can be better either through communicating with each other or giving valid criticism. Otherwise: 🍿

Good read overall even though some parts feel cherry picked. As someone that has been in the competitive auditing contests and private audits scene, the value private audits and contests provide are not 1:1 and their findings shouldn't be compared as such. In order to understand

Who else is going? Let's meet up!

hey SRs, be aware this guy is writing that they want a security audit then sending an NDA to sign and asking for a call to go over the details they send a Microsoft Teams link, but of course, not the official one, and you can't join the meeting from the browser so you need to

0. Announcing the Trillion Dollar Security (1TS) initiative: an ecosystem-wide effort to upgrade Ethereum’s security to help bring the world onchain.

Need productive activities for my free time, does anyone have book recommendations to become better in one of these: -Maths, Cryptography, ZK -Coding/Auditing -Blockchain -Economy Or shall I start hunting on Immunefi finally?

Keep securing, keep developing, keep contributing.

I will never blame auditors on missing bugs as shit happens and everyone can miss bugs. But if bugs are being missed due to the design of the platform, the audit scopes are being hidden from the public and things are handled behind closed doors, it looks really bad. It feels

According to Coinbase, Cypherpunk is when you: Sponsor US Military Take no responsibility for getting private user data leaked Freeze peoples accounts whenever you feel like.

Just got a confirmed bug on Immunefi immunefi.com/s/ss/?severity… BUT..It wasn't a smooth ride. Not at all. Constantly got ignored by Immunefi. Questions were left unanswered. Mediation was concluded with 0 explanation to me. Not a good start for me. Hope the next one will be better.

I wasted my time reading this nonsense. I'm only sharing it to spread awareness about this company that must be avoided.

Hot takes that I think shouldn’t be hot, and should be “the default” 1. The contest platform is ultimately responsible for the payout. It is the contest platform that promises payout, so if a platform doesn’t pay out, no matter the drama, it is the platform’s fault. 2. The

"Funny how confidentiality never seems to prevent marketing materials from advertising security expertise, but suddenly kicks in when it's time to show the actual work." Preach transperancy, remove trust.

Legend Ulaş Anıl

Congratulations to Ulaş Anıl, one of our expert auditors, for earning a $150,000 bug bounty for a critical vulnerability report on Immunefi. Our team lives and breathes security. This kind of work happens behind the scenes every day through audits, deep research, and

You know where to go if you want me to break your protocol and help you fix it.

Owen | Guardian Auditors and audit firms have it hard. The ONLY acceptable minimum output of any audit should be NO Criticals. The project’s life can go on with tens of Mediums unnoticed, and a bunch of Highs. It may be somehow painful, but solvable with upgradeable contracts, or cutting a