Rappie We () have build a few convenience tools around Medusa (nothing fancy, we use it internally but happy to share): - youdusa to generate forge reproducers (crates.io/crates/youdusa) - Medusa-gen to generate the default template we use (crates.io/crates/medusa-…) -

This is an interesting result and demonstrates the value of effective benchmarking. Echidna has used PC coverage since its inception but edge coverage is a staple following AFL’s innovative approach. Sam Alws did a great job getting it over the line

Thoughts on bounty hunter life in light of this finding. To find this mainnet critical, 2 auditors spent 5 weeks doing nothing but auditing Bunni until in the 5th week they found a beautiful exploit which could drain user funds. This was psychologically "easy" because the

Chinese Vintage Double Maze Lock 🔐🇨🇳 © aigcchina

This 20-year-old pulled world's craziest crypto heist: • Stole $230M in Bitcoin • Handed out Birkin's bag to girls like candy • Blew it on private jets, Lambos, & $500K club nights But then, one screen recording from a Twitter vigilante ended it all. Here’s full story: 🧵

Sei released their new whitepaper, which describes the new Giga update. Most readers find 17 pages of deeply technical content difficult to read. So I created a review to explain what this update is about and how blockchain performance is improved at different levels. 1.

Zellic x.com/CetusProtocol/…

A hacker stole $223M from Sui yesterday. Then something unprecedented happened. Sui validators literally banned him from the network and froze his funds mid-escape. This changes everything we thought we knew about "decentralized" blockchains. Here's the wild story 🧵

Web3 security beginner mistake #9 You’re not a developer, you’re a hacker, so Don’t check if the code is written correct. Check what’s written wrong. Don’t trust the docs or comments, anything can go wrong, and often does, find what breaks, and how big it breaks.

Everything we've been told about "Code is Law" defense not standing a chance in court has been a lie. Mango Markets / Avi Eisenberg charges just been dropped by a federal charge. The same logic used to dismiss the case can be used for pretty much any permissionless DeFi

🧵 Clearing up misconceptions about the $260M Cetus hack on Sui Network ❌ NOT an oracle issue (despite what the team initially claimed) ❌ NOT about minting fake tokens (some security firms got this wrong) ✅ A math bug in a "multiplication" operation Let's explain...

🚀 Sonic $S (Sonic Labs) ranks #2 in inflows over the past 3 months — only behind @Ethereum! Bullish on $S and the momentum it's building. 📈🔥 #Sonic #DeFi

This mistake cost me $51,000. 1 year ago, I participated in a Chainlink contest. > Competition with top researchers > $235,000 contest pot > 24 days > Solid codebase Full lock-in. Zero distractions. Team audit. A lot of interesting issues were found. But only 1 Medium was

The best thing about web3 security is that anyone can learn it. The skills required: - Technical(Solidity, Rust, Move, ZKs, etc.) - can be studied by anyone. - Critical thinking - a skill that you can develop and improve. All you need is a consistent effort and patience.

Alpenglow: Solana's new consensus • 150ms finality • No vote txs • No Proof of History Everything you need to know 🧵 1/14

Before the 1979 Islamic takeover, Iran was a beautiful, open, and culturally rich country. It was modern, educated, and full of life. Today, it’s a theocracy ruled by fear and violence, where the vast majority of the population despises the Islamist government. This same regime

Bypassing insolvency checks—a classic attack vector for lending protocols—demands attention!

Insane

OMG who made this 😭😂🤣

If you are a security researcher wondering where you can chat about >latest web3 security opportunities >AI security trends >Claude Skills >latest exploits >"how do I do/become X" >etc Join the community here, it's on the uprise🫡 discord.com/invite/pashova…