Angehefteter Tweet
Smart contract security pays WELL.
💰 Top auditors make $500K+ per year
💰 Bug bounties can 10x that
💰 Even “mid” auditors make six figures
BUT… Only if you actually put in the work. No shortcuts here.
English
JohnnyTime 🤓🔥
9.8K posts
JohnnyTime 🤓🔥
@RealJohnnyTime
Founder @ https://t.co/gcgrMm4Njh, JohnnyTime @ Youtube, Securing Web3 @ https://t.co/wJdpJyYcg0 & https://t.co/3d9aL8n5G8
Web3 Beigetreten Şubat 2012
1.4K Folgt12.6K Follower
The scariest part about delegatecall?
It preserves msg.sender and msg.value.
The victim thinks they're interacting with YOU.
But you're running malicious code in THEIR context.
It's identity theft for smart contracts.
smartcontractshacking.com/attacks/call-a…
English
How to steal millions in 4 steps:
1. Flash borrow 100k ETH
2. Dump on a DEX to crash price
3. Exploit a protocol reading that price
4. Repay loan, keep profit
If step 3 fails, the loan never happened. Zero risk.
smartcontractshacking.com/attacks/flash-…
English
This is really sad that @claudeai is taking the "Closed Garden" Apple approach.
GIF
dax@thdxr
opencode 1.3.0 will no longer autoload the claude max plugin we did our best to convince anthropic to support developer choice but they sent lawyers it's your right to access services however you wish but it is also their right to block whoever they want we can't maintain an official plugin so it's been removed from github and marked deprecated on npm appreciate our partners at openai, github and gitlab who are going the other direction and supporting developer freedom
English
paying the checkmark, I have been playing with AI :P
stela-dapp.xyz - starknet banana - best p2p
n4no3d.xyz - me and my wife sometimes like to print 3d shit so its basically for us, test version
apura.xyz - Primavera SQL connector: AI reports.
English
@RealJohnnyTime hehe nope, I tried a lot of them on the kam repo, but nothing :P
English
@RealJohnnyTime ur AI is looping defillama deployed addresses and simulating this for each address till exploited on fork for bounties? :P
English
That lens helps you review like an operator, not a checklist runner.
smartcontractshacking.com/tools/most-exp…
English
“Most expensive hacks” shouldn’t be consumed as shock content.
Use it as prioritization data.
During an audit, your real job is attention allocation:
- where losses cluster
- which assumptions fail repeatedly
- what attack paths carry the highest downside
English
If your goal is to get sharp at exploits, stop sampling 20 techniques at once.
Pick one technique.
Study 10 incidents.
Extract the repeated broken assumption.
Pattern recognition beats trivia every time.
English
Weekend Challenge #8: What issue would you submit if you saw this in an auditing context, Mr. Hacker?
English
If your note can’t name the exact state change, it’s not a finding yet.
smartcontractshacking.com/learn/security…
English
A safer workflow:
- Use AI for enumeration: surfaces, threat ideas, edge-case prompts
- Use humans for verification: invariants, exploitability, impact
- Require evidence for every claim: code path + state transition + attacker capability
English
AI can make auditors faster.
It can also make them confidently wrong.
English
“Just run Slither” is becoming the new “just audit harder.”
Use tools. Absolutely.
But the biggest misses still come from:
- invalid assumptions
- missing invariants
- dangerous integrations
Scanners find patterns.
Auditors find broken logic.
English
28 AI audit skill files.
9 repositories.
28 scanned safe.
0 you have to pay for.
The AI Skills Explorer is live and free.
English
If you’re starting in 2026, this roadmap is one of the few that’s practical and sequenced.
smartcontractshacking.com/learn/security…
English
The hard truth:
You don’t become audit-ready by consuming more content.
You become audit-ready with a repeatable system:
- threat model first
- invariants second
- exploit paths third
- mitigations with tradeoffs last
English