JoshJ

2025 is the year I realise my potential as a web3 security researcher, my aim is to go full time by 2026 - my current journey so far: web3 nft developer -> graduated ethical hacking degree -> web2 cyber consultant (1.5yrs in)

@arnaultwhale EtCgmj4vuEecSxKNwvPyS94dTkDyLdotZNWLSYrgj9uU

@zayed_hashimi EtCgmj4vuEecSxKNwvPyS94dTkDyLdotZNWLSYrgj9uU

Pashov Audit Group security researcher internship coming soon. Learn by doing, 100% practice. Real audits, real projects. Like/RT this post if you'd be interested in this. There will be lots of slots, I've thought of a scalable model to do this right, full announcement soon🫡

Building my knowledge day by day

There is so much to study and learn but I really want to make it happen

2025 is the year I realise my potential as a web3 security researcher, my aim is to go full time by 2026 - my current journey so far: web3 nft developer -> graduated ethical hacking degree -> web2 cyber consultant (1.5yrs in)

I cannot stress enough how important it is to go to the gym and build some muscle - lifting weights for the past 5 years has changed my life

✅ 5 things I wish I knew before starting out with web3 security: 1️⃣ Go through @PatrickAlphaC course and try to understand as much as you can of what he is saying; 2️⃣ Try contests ASAP… focus mainly on understanding the given codebase even if that seems hard; 3️⃣ Don’t let FOMO hit you and focus on one contest at a time; 4️⃣ Change means progress… try out different techniques in making your mind find vulnerabilities (e.g. asking yourself how you can break a given function); 5️⃣ Don’t skip Rust! What would you include in that list?

Things to Consider Before Reaching Out to Me or Another Security Firm for an Audit: When preparing your code for an audit—especially if you're working with a novel protocol—finalizing the following elements is crucial. These steps can drastically improve the efficiency, depth, and quality of the audit 🧵

~ Simplest path to web3 security ~ 🧵 I first heard about web3 security sometime in July/2024. Therefore, this is not an expert view, only what has worked for me so far! My path was the following: 1. Speedrun learning: I first learned how to read solidity (Jul - Aug / 2024) by speedrunning @PatrickAlphaC course 2. Audit: then, I audited 3. Feedback loop: simultaneously, I run a feedback loop where I understand the real knowledge gaps I face while auditing and study to fill them I am now repeating steps 2 and 3 and will continue to do just that for the foreseeable future It is as simple as that More on all that below:

Working to get a smart contract paper published with my old university 🤝

Live a life of self-development. Be the best version of yourself. Read books, workout, build a business, challenge yourself to talk to that one person, always walk the extra mile in whatever you do, significant or not. You can never pour from an empty cup. Develop yourself.

GM! Happy 2025 - set your goals and have a great year 🤝

my 2025 crypto developer thesis as a developer in 2025, you have 3 options - SVM - EVM - Move EVM will be by far the most competitive: Hyperliquid, Monad, Berachain, Base, Megaeth, and many new EVM L2s SVM will be predominantly Solana and a few other L2s (Eclipse and Atlas most notable) + perhaps one SVM L1 fork akin to Pythnet Move will be Sui, Aptos, and Move L2s few consequences of this: i) EVM teams will be more mobile. If their existing EVM ecosystem is not meeting their needs, they'll be able to move to a newer EVM ecosystem quickly and with little friction meaning I expect all EVM ecosystems to compete against each other hard this year — and since the dev experiences will be relatively similar, the moat will have to come from other avenues (ecosystem support, liquidity, and "community") you could also cross-deploy on multiple EVM environments of course and some will, but this becomes complex to manage and your product generally suffers in focus ii) SVM and Move will have an edge for developer stickiness and talent density because those devs won't have many options to choose from, they will have a stronger incentive to stick it out this is also why back in the day I spammed "only possible on solana" (OPOS) — the reason is that the platform can give you a head-start edge since copy/pasting EVM forks won't work in either direction iii) however, since there are many more EVM ecosystems, I would expect the EVM dev tooling to advance more rapidly, generate more data for LLMs, and overall offer a better developer experience due to the abundance of educational resources iv) at the same time, since the EVM is more mature in years, I suspect there are fewer low-hanging fruit for progress and progress might be slower, relatively v) which brings me to my main point: the SVM and Move ecosystems have an inherent technical edge in 2025 due to lessened competition, higher talent density, and stronger incentives for devs BUT, this will be entirely dependent on one key factor: how fast the SVM and Move ecosystems advance their respective developer experiences — contract-level, read-level, and core protocol-level meaning, for example, if Solana can improve its developer experience 2-5x in 2025, its growth for the year could very well be 10x relative to others but if it doesn't, this will be a huge setback — there can not be another "congestion" episode as a result, @heliuslabs will focus 100% of our efforts on improving the SVM developer experience without a single day off in 2025 — if you're curious about building on Solana or other SVM L2s, give me a shout let the dev tools arms race begin

Web3 security will explode in 2025. We are preparing ourselves for a massive year 😎

@gjaldon Competition is key 🤝

New to web3 security? A good approach is to grind contests. It's always a good learning experience to see what issues you missed and to improve your auditing process through practice. If you win consistently, you build a rep, and the opportunities come. I have somehow established myself as a Rust expert by winning all Rust contests I competed in on @sherlockdefi. Now, the past month until the next 2 months are booked with private audits: - 2x Rust Solana - 1x Solidity - 1x Move

@arsen_bt @trust__90 Well done Arsen!

Critical vulnerability in the Optimism by @trust__90 🔴 It is a novel attack vector which shows that devs must limit operations during upgrades to essential tasks only. Spending my Sunday evening on this bug felt like time well spent. Good notes, better knowledge 👇🏻

@0xFlint_ Congrats! Hard work always prevails 😎

Two years ago, I started a journey into web3 cybersecurity with a dream to follow in the footsteps of the great auditors before me. I was motivated partly by the values of freedom and decentralization that blockchain offers. Partly financially, because in this increasingly chaotic world, having means is often the best way to provide for and protect your loved ones. But mostly intellectually, by the promise of working with driven, passionate, brilliant people who want to change the world. To say goodbye to the corporate web2 world where mediocrity is the standard and doing the minimum is secretly applauded. It has been 2 years of blood, sweat and a mountain of failures. But with every setback and disappointing result, I grinded my teeth and still kept going. Because I knew I was becoming a better SR with every extra hour invested. As long as I didn't give up and kept moving forward, failing forward, I believed that some day an opportunity would come, a door would open. That day has come. I am happy and proud to announce I will be joining @certora as a Security Researcher starting 2025. Dreams will become Reality if you never give up.👊

2025 will be a massive year for us. We are looking to complete many audits and compete in competitions later in the year 🤝