Kiki

There are tier 1 auditing firms, then there are tier 1 mediation teams. Thank you @immunefi 🙏

@CybaSecurity @abarbatei Looking forward to reading the report! 👀

Just kicked off a new audit for an extension to a complex DeFi strategy system. Good protocols don't treat audits as a one-time checkbox. Every production change deserves a security review. From first contact to audit kickoff: < 24h. Security doesn't end after the first audit.

GregoAi is getting better and better

@0xSorryNotSorry Woohoo 🎉

Man this feels awesome

@abarbatei Gold indeed! Thanks for sharing these

Old, but gold, give them a read if you haven't! x.com/CybaSecurity/s…

@0xSorryNotSorry @spenserhuang I literally read it differently thinking it was a name

@spenserhuang Btw I voted "Neither" thinking it's a name too

Which name do you like more?

If you deployed or are deploying on @megaeth dm me

@cicada_HQ Great points, appreciate the insight!

@Kiki_developer Blockchain-level attacks are rarer because they require deep consensus or networking flaws, but when they happen, the impact is catastrophic. That’s why the bounties are high and the defenses are so layered.

Seeing all of the blockchain/dlt bounty awards posted makes me think two things. 1. I really should expand beyond smart contract level security 2. How have there not been more blockchain level hacks?

1/2 Thanks @web3sec_news for the shout-out🙏 We currently provide EVM and @Stacks (Clarity) security reviews, with scope and capabilities expanding over time. x.com/web3sec_news/s…

@kamensec I was planning on making this same poll haha

How much should you pay an intern? Assume: 1. Just started few months ago 2. Can code a little but not great 3. Has done 50% of ethernaut 4. No major contest placements

Maybe I’m out of the loop but what’s wrong with an unpaid internship? And how many better options are there? - Contest are scarce and I don’t see that trend changing. - bounties can be a headache for those that are successful let alone people that are just starting out. - Contracting gigs without a network or portfolio are few and far between. Obviously if you can make any of the above three work then it’s a no brainer go do that. But if I started my career in 2026 instead of 2022 I would strongly consider an internship. The value of working through the entire lifecycle of an audit, learning from experienced auditors, building up a portfolio isn’t worthless. It’s actually pretty valuable

Excited to see a great friend and an amazing auditor start his own firm! Truly @abarbatei is one of the most thorough auditors I’ve worked with!

@mylifechangefa1 Just a medium. Not the best payout ever but best experience 😄

@Kiki_developer was it a crit?

This was the best bounty experience I’ve ever had. Not only were they quick to fix the issue and had no issue offering a very fair resolution But they were ultra responsive. Sending consistent updates on where they were at on their end and proactive in resolving any bottlenecks! The complete opposite of some other protocols I’ve dealt with where at best resolving your report is not a priority, and at worst they are actively trying to get out of resolving the report. The ones that make security a priority like the one here I’ll 100% come back to their bounty program again and again and again

@abarbatei @0xMackenzieM Hmm that’s a good question I try and air on the side of caution and just not name names regardless of good or bad. But you are right this would definitely be on the “good” side of publicity for them

@Kiki_developer can you name them? Like I get it for bad publicity, but this is very good publicity, why not? @0xMackenzieM any thoughts?

@veritas_web3 💪

@Kiki_developer Awesome. Love to hear about teams like this. More wins ser 💪

@mylifechangefa1 @immunefi 🤷‍♂️

@Kiki_developer @immunefi please brrr, chill.

I just found a bug and got paid on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@veritas_web3 @WhiteHatMage Thankfully the protocol had pretty low tvl !

@Kiki_developer @WhiteHatMage Interesting. Glad you found that vulnerability. Who knows what might have happened if you didn’t find it

Here's what you can do to secure your old assets: Add a bonus on top of the expected bounty reward for them. In your token, or vested payments, or anything of value that incentivizes good actors to check those assets. You only pay for real issues.