I haven't done a solo smart contract security audit in more than 4 months now

I wanted to continue working solo, but I never could've audited 14 projects in a month. This is what my team in Pashov Audit Group did though. Those guys are beasts in human form & they dropped this - 👑

I like Solidity Custom Errors much better than `require` statements with revert strings

How to create good content? By following your curiosity and practicing your craft.

Read a lot of articles/blog posts (>=2 per day) and do a lot of auditing - trust me, you will have a lot of valuable alpha to share - you just need to format and post it

Peter | Reservoir Kofi The above is why I use a multisig (@safe) for >90% of my personal funds 🙂

M-of-N, some keys held by you (but not enough to block recovery), the rest held by other people you trust. Don't reveal who those other people are, even to each other.

Decentralize your own security.

ETH staking has more risks than stakers realise. I just read this article explaining how a bug in Geth can lead to losing 100% of your staked ETH.

Good one, it might also lead you to log new vulnerabilities as a security researcher.
labrys.io/insights/geth-…

Dragonfly Capital released 2023 Crypto Compensation Report based on 49 portfolio companies

Average Senior Web3 Engineer compensation is ~$210k salary for US-based companies and ~$180k for non-US based ones, both with roughly ~1% token grant.

Source: dccr23.dragonfly.xyz

Dragonfly Capital released 2023 Crypto Compensation Report based on 49 portfolio companies

Average Senior Web3 Engineer compensation is ~$210k salary for US-based companies and ~$180k for non-US based ones, both with roughly ~1% token grant.

Source: dccr23.dragonfly.xyz

I am yet to see someone fully dedicating his time to web3 security and not starting to provide great value for protocol teams and not getting rewarded well

It's one of the truly permissionless things in crypto, I personally wouldn't miss on this opportunity

Security audit reports are artifacts for the protocol team, not for users

How optimistic of a person do you have to be to really believe more than 1% of most protocols' users read security audit reports🤔

Between Nov 2022 (when I got fired from my web3 dev job) and Nov 2023 (when I launched Pashov Audit Group) I did full-time learning and practicing in web3 security.

Many 80-90 hour screen time weeks, many chats, tweets, findings, solo audits and dollars saved.

There was an…

The downsides of the contest model no-one tells you about is:

* countless hours of back-and-forth arguing with strangers over the Internet trying defend the uniqueness and validity of your findings, while also attacking the uniqueness and validity of others' findings since…

Between Nov 2022 (when I got fired from my web3 dev job) and Nov 2023 (when I launched Pashov Audit Group) I did full-time learning and practicing in web3 security.

Many 80-90 hour screen time weeks, many chats, tweets, findings, solo audits and dollars saved.

There was an…

Code4rena are constantly trying to innovate on the security researchers incentives front

The just announced extra pay for 'Hunters' and 'Gatherers' or those who find the most uniques (solos) and those who find the most vulnerabilities (only High and Medium severity bugs count)

Q1 2024 Pashov Audit Group total stats:

- 27 smart contract security audits
- ~23,000 nSLOC reviewed
- 23 Critical, 60 High, 106 Medium severity issues found

We are blessed to have some truly elite talent in our rankings 🫡

- How did you make your money in web3?

- I was a master negotiator in security contest vulnerability escalations, managed to get multiple solo findings through endless debates☠️

Easily the most alpha-loaded smart contract security blog post I have recently read

Absolutely a must read for all bug hunters on security audits, contests and bug bounty platforms - over 30 attack vectors here

Great work by patrickd🫡
ventral.digital/posts/2024/1/1…

I am so happy to announce that... 🥁
The All About #Solidity Book is finally out! 🚀🪂🥳

Your ultimate digital book for #Ethereum and #SmartContract development.

Available to buy online on Leanpub, you pick the price you want to pay from $20 upwards!

leanpub.com/all-about-soli……

Easily the most alpha-loaded smart contract security blog post I have recently read

Absolutely a must read for all bug hunters on security audits, contests and bug bounty platforms - over 30 attack vectors here

Great work by patrickd🫡
ventral.digital/posts/2024/1/1…

One of the smartest and highest ROI things you can do as a dev/builder is to spend 3-4 hrs per week reading similar protocols' security audit reports

You will very quickly gain deep understanding of those products, their problems, attack vectors and how to patch vulnerabilities

Was great partnering with the guys from Karak, appreciate them taking security seriously🫡