holydevoti0n

Am I really doing it? I can't believe in a few months I could come this far. After my 1st 5 digits payout from @immunefi I managed to get 1st place in the CodeHaws @beanstalkmoney contest. Let's keep it up! 👨🏻‍💻

@PatrickAlphaC thanks bro🦅💪

@HolyDevoti0n Bro wtf LFG!!!

Hard work pays off. Keep pushing! 🫡

@hrkrshnn The autonomous bug hunter is as good as the ruggditional pot, a very positive contribution to the space. 🫡

Our autonomous bug hunter has already saved 11 figures' worth of funds at risk.

@0xWeb3boy @cyfrin @DevDacian Likewise ser. Thanks and keep it up with the great work 💪

@HolyDevoti0n @cyfrin @DevDacian Congratulations ser You've done a great job securing the space 🚀 Kudos

@golanger85 Glad to hear you're back, bro. Let's go! 🚀

Let’s go brother. Here’s to 2026.

@m4rio_eth Agreed. What's most disappointing is taking a closer look at the BBP policies on these(not all) platforms. Few of them(well-known) effectively back scam behavior, i.e: project can fix the issue, avoid pay, close the report, and remain on the platform.

In the last couple of weeks, I’ve been doing a bit of bug hunting in my free time. I decided it was time to get back into hunting mode for a while and wanted to see how much the experience had changed after a few years. TL;DR 1: Most projects are cooked, and unfortunately their users will suffer. TL;DR 2: Some of the bug bounty platforms are not bounty platforms. The overall experience of bug hunting is deeply flawed and broken. Projects: Most bounties opened by projects are just marketing schemes and used In the rare case that someone actually discovers a critical issue that could drain the entire protocol at the current block, but anything even slightly theoretical gets immediately closed by most projects. They simply don’t care. Platforms: The hunter experience is horrific on most platforms. Projects just list random code; it’s often unclear what is actually in scope, and the researcher has to spend a huge amount of time just setting up the codebase to start hunting. Sometimes you don’t even know whether your issue is being reviewed, no updates, no communication, nothing. Some anti-spam filters are also flawed. One idea I actually liked is charging me USDC to submit, because I’m not submitting issues just for fun, and if it ends up being closed for legit reasons, I’m okay with not getting the deposit back. On one platform, I was banned because some of my issues were considered either out of scope or “not an issue” by the project. Overall, bad experience but I did enjoyed a bit hunting on 2 platforms out of 6, but the problem with those is that they don’t have that many bounties but hope they will catch up.

@emerjux Amazing! Glad to hear it helped ser 🫡

@HolyDevoti0n Thanks a lot, this one is very helpful ;) deepwiki.com/aave/aave-v4

@PatrickAlphaC Great job! 🦅

Been a hell of a year, excited for 2026

@valuevalk well done ser 🫡

Glad to contribute to Ethereum's security 🫡

@golanger85 @CodeHawks Golden times! 🦅

When @CodeHawks ? Would like to get back in the ring 👊🏽

@golanger85 Thanks mate! 💪

Good tip sir 🥂

@DevDacian @giovannidisiena @TamayoNft @JuliusRaynaldi 🦅

Shout out @giovannidisiena @TamayoNft @JuliusRaynaldi great result on this tough audit finding: * 3 High * 6 Medium * 21 Low Protocol was a trading competition platform integrating with GMVv2 perps, @JuliusRaynaldi did a great job with formal verification!

@0xkbb u welcome ser, glad to help 🫡

@HolyDevoti0n Thanks a lot for sharing, this will save us a lot of time on figuring what the codebase is really about

@Genius_devv 🫡

@HolyDevoti0n We need more tools like this Thanks for sharing

@RealJohnnyTime thanks ser 🫡

@HolyDevoti0n Great tip!

@jaskaranan Yup. They complement each other. This one is focused on docs on a higher level with the option to interact with it.

@HolyDevoti0n ever heard of tools like solidity metrics, slither, aderyn? all of em give flowcharts and userflows similar to this

@quirksham right? we used it a lot in the old days... 😄

@HolyDevoti0n That chart is really familiar for me and you bro 😂😂 Saved for future use 💎💎

@Hcrlen @henc I'd say it is only recommended to understand the big picture(before you start doing a deep dive). Anything beyond this may cause you to waste time and trigger AI hallucination.

@HolyDevoti0n i found it few days ago, help me with aave v3 deep dive, but how often the ai hallucinate

@0xKaden @spearbit @cantinaxyz @zenith256 Impressive 🔥

✨2025 has been my best year yet✨ some numbers: - 3 bounties - 4 articles - 39 audits - 25 with @spearbit / @cantinaxyz - 2 with @zenith256 - 12 solo

Time to bump this! @immunefi ⚔