🔥Telegram İfşa

Audit Thinking Pattern - I want to share elements of a manual audit methodology i tend to follow when approaching codebases. Todays idea is centered around assumption analysis. Every line of code in a function is based on an assumption. Assumptions are what are used to write

I fully forgot about today’s tweet haha . I know you guys were waiting on it lol. I’ll be back with more interesting content tomorrow not to worry 😁

Assumption Analysis Example (Part 2) - Following on from our last conversation, i have an simplified example to display how assumption analysis can be used. Below is a snippet of a registerUser function from a contract. You might be thinking how it is possible to assume anything

Just a quick reminder to not ignore any 1 wei discrepancies in your codebase. These are not to be taken lightly. Problem is that these attacks are very hard to spot without invariant testing so make sure you get those fuzzers to work sersss

Zoom out audit methodology - This section will introduce a step further than assumption analysis. The zoom out method is based around the question: "if x happens, does this function/variable still work as intended?". Thinking about what x could be will help you discover more

Was dropping too much alpha this week so I had to chill yesterday . It is always good to take a break and have days where you relax or work less to reset for the next week and avoid burnout. The brain is like a muscle. It needs rest for it to process all the information you

Numerical Simulation For Math Functions -When performing assumption analysis on any formula or equation, it is important to simulate the formula using numbers. This will make the formula easier to understand and potentially unlock some vulnerabilities. No matter how "easy" it

Would people like some more content on other technical content or focus mainly on web3 security research ?

watch out for unbounded parameters (arrays) in functions with no access control. Worst case, DOS finding that is relatively easy to spot , best case (for whitehat lol), opens a rabbit hole that can lead to a deeper vulnerability

EIP-5095: Principal / Yield Tokens Most experienced SR's already know about principal/yield tokens but my first time coming across this took some time to get my head around so i decided to read the related EIP and i will be discussing main points to note from the EIP over the

Curiosity is the key to make it in anything you want to do. May not seem like it but the skills are worth more than the money

I’m starting to enjoy learning different languages simultaneously. It really helps to connect the dots. The fundamentals are mostly similar besides a few nuances but there’s still a lot to learn and I’m looking forward to all of it !

Knowing the right question to ask is an underrated skill

Had a pretty interesting conversation about how rust was developed. Never knew it started off as a side project lol

Knowing how to interpret documentation is an underrated skill

Love being busy and learning new things but I do miss competing . Need to solidify some core learning and improve some skills which should free up some time soon ✨

I like working on difficult things. Repetitive tasks give me brain rot

Seeing news on this balancer hacks make me upset . All SR’s and white hats need to keep improving so shit like this becomes rarer. I feel like the space has definitely evolved and is improving but it’s still not fast enough