Around a year ago I started web3sec and it changed my life. My story. I first learned about auditing and the world of web3sec in 2022 from pashov's Bulgarian discord server. At the time I was getting ready to change jobs and I was studying NodeJS hard, preparing a

I've surpassed $200k worth of angel investments into web3 startups. Company valuation average is ~$60M, might be a bit late to the party on most, but can still go big with some. ~3 years to fully vest all of my tokens, let's see if I lose everything or become a legendary angel✌️

Looks like a great tech course/hackaton/accelerator related to UniswapV4 Hooks is coming. If I was currently a Solidity dev, I'd put a huge effort to get into this. I bet V4 Hooks will be crazy popular very soon, both for devs and auditors Link👇 atrium.academy/uniswap

Current stats for active contests on security contest platforms, sorted by monetary rewards size: 1. Cantina - 2 contests, ~$245k 2. Immunefi - 4 contests, ~$240k 3. Sherlock - 3 contests, ~$170k 4. Code4rena - 3 contests, ~$110k 5. Hats - 1 contest, ~$65k (excludes Euler CTF)

🫡Feels good to be an angel investor and security services provider to BOB 🛬 🇰🇷 Great team, wish them only success and full security🤝

This might be the best free place to follow crypto investment and funding rounds. Just today over $30M raised in crypto. Almost every crypto project raising funds needs security services✌️ cryptorank.io/funding-rounds

The more you focus on security research and finding vulnerabilities instead of choosing/arguing severity, the better auditor you'd be. Time is the most scarce resource in web3 security, spend yours wisely - it can make all the difference for you and the protocols you audit✌️

Not many know this, but I was also the guy who asked in DMs how to be a better security researcher, begging to get mentored. It's the 1st step of the hustle, the secret is to not quit - if people say "ping back in 6 months with your results", you should come back with progress✌️

Another banger by RareSkills, this time on safe upgradeability in smart contracts OpenZeppelin's Foundry plugin. It explains how & why to use it and all checks that it does. I personally wouldn't write upgradeable contracts without this✌️ rareskills.io/post/openzeppe…

The serious/big web3 security companies consistently do 20-25 audits per month in 2024. This shows serious demand for security audits. It's an industry on an uptrend, but it's almost all service based - not many products making it yet, so not always a great fit for fundraising.

AMA

Wrote my 15th angel investing check yesterday. First time a company under $10M FDV - possibly because of the market? Investing is a game of beating your personal cognitive biases, making it fun. It's also the rare type of a long-term iterative non-zero sum one, worth playing.

Solidity compiler version 0.8.27 is out! Looks like we have support for `require(bool, Error)` now even without using via-IR pipeline. Also, "transient" state variables are now a thing✌️

x.com/i/article/1831…

The question I've been asked more than "how to become a web3 auditor" is "is it too late to become a web3 auditor". Answering as a person who has web3 security 24/7/365 on his mind: you are not just not late, but you are very early. Still, don't waste time - get to it today✌️