RazkkyDev

Biggest payout yet from a contest. More wins coming this year for sure. Thanks @immunefi Thank you web3 #Web3Security #immunefitribe

Security researcher bpop23293 (@Ehsan1579) just scored $50,000 for a critical blockchain/dlt vulnerability disclosure. Someone stop this man, he's taking all the bounties. Pledge $IMU to him here so you can earn $IMU rewards when he finds more bugs: immunefi.com/pledge/bpop232…

🚨SADLY NOT AN APRIL FOOL'S JOKE🚨 Solana DEX Drift Protocol may have been exploited for over $270M The exploiter is swapping the stolen assets into $USDC, then bridging to #Ethereum to buy $ETH So far, they have bought 19,913 $ETH ($42.6M) $DRIFT token down ~45% CRAZY! 🤯

Kann Audits 🤝 @APTreeio We’re excited to announce our official security partnership with APTree! APTree is yield distribution layer simplifying defi and tracking yield performance across Defi yielding protocols.

If you don’t understand how things like auth, payments, or scaling work… You’re not really building products yet. You’re just writing code.

@Akintola_steve Never update internal accounting outside a transaction and raw locking. Concurrent db reads and writes is always a possibility

Things to avoid when handling payments: 1. Never assume a successful API response means money actually moved. Always verify. 2. Never skip logging failed transactions. The day a user says “I paid and nothing happened”, that log is all you have. 3. Never rely on users to report failures. They won’t, they’ll just charge back and move on. 4. Never leave a PENDING transaction hanging without resolution logic. Pending is not a final state. 5. Never go live without a reconciliation job. Money isn’t something you eyeball and hope for the best. Your payment system is only as trustworthy as how you handle failures. What else would you add?

@komforttrost @Akintola_steve How can situations like this be handled. Assuming the third party service provider returns a failed status

@Akintola_steve Never never also assume error/failed response from a money transfer means money was never moved. Why? Many reasons e.g You could call a third party to move money, they moved it but their backend caught a serialization error while returning response to you.

@felix_asan77503 @Akintola_steve I think it’s best to compress your response just once, and avoid compressing already compressed files and responses as well

@Akintola_steve Is it still necessary to do that if compression is already handled by a reverse proxy like Nginx?

Backend devs, always compress your payloads for faster responses. Make use of Brotli (or gzip), it does exactly that.

The AI security agent race continues. @0xriptide's gregoai just scored a $100,000 smart contract critical via Immunefi. Whose agent will strike next?

This shows how dangerous backend mistakes can be. Debit succeeds, credit fails money gone. That’s what happens without proper transaction handling. Always use transactions, make operations idempotent, and lock DB rows during updates to avoid race conditions under high load.

@0x0fd4 Ameen Eid Mubarak bro

Eidukum Mubaarakun!!! May Allah accept our prayers and fasting as acts of iba’adah!! Aameen 🤲

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@vollleyking @immunefi Congratulations bro

@00xSEV @immunefi Congratulations man

My biggest solo payout so far, thanks @immunefi and the project! It took me a while to get there

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

open AI is giving one month free for the chat GPT plus plan, only for a limited time.

@bbl4de_xyz @immunefi Congrats man

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

Website vs Webapp: A website is where people discover your business. They see your products, learn what you offer, and place orders. A web app is where the business runs. You manage inventory, track orders, record sales, and see how things are performing.

@Uddercover Congratulations 🎉

6th place in this one and I found the only high issue. Pretty cool. All the glory goes to Yahweh 🙇‍♂️

🚨 A Malicious Validator Can Steal 32 ETH From Users in a Single Block Finding these in Lido forks or new LSDs? Direct path to huge bounties. Liquid staking protocols have billions in TVL. One missed validator betrayal = instant $10M+ drain. A malicious validator front-runs the protocol's deposit: sends 1 ETH first with their own withdrawal credentials, then lets the protocol top-up the remaining 32 ETH. Boom — now they control the full validator and the users' funds. Credentials only set on the initial deposit. This vector has been missed in real audits. Spot it = massive Immunefi payout White hat hacking mindset: - Always ask: "What if the validator lies or races me?" - Check every deposit path for race conditions.