Byte | yoursaudit

429 posts

Byte | yoursaudit banner
Byte | yoursaudit

Byte | yoursaudit

@yoursbyte

web3security researcher | Mastering EVM | DM for audit

参加日 Temmuz 2025
217 フォロー中46 フォロワー
Byte | yoursaudit
Byte | yoursaudit@yoursbyte·
Ok this is good now
Immunefi@immunefi

We're aware of the public discussion regarding a recent bug bounty dispute. We understand the frustration that can come with these situations, for researchers and projects alike. But we don't believe public forums are the right place to evaluate vulnerability severity, debate payout amounts, or litigate the specifics of a report while a dispute is not concluded. That approach risks compromising the quality of discussion and the resolution process itself. Since mediation over payout amount was not requested, we have self-initiated mediation to examine the specifics of the report, which takes time because of the complexity involved, but we’ll take the appropriate actions after coming to a conclusion. In the meantime, we’ve paused the project to make sure that appropriate attention is given to any outstanding reports.

English
0
0
0
7
Pandit | Ξ🦇🔊
Pandit | Ξ🦇🔊@panditdhamdhere·
AI is dangerously good at smart contract security.
English
11
1
54
3.4K
International Cyber Digest
International Cyber Digest@IntCyberDigest·
❗️Meet Hellcat ransomware group operator 'Pryx' — responsible for high-profile hacks like Jaguar Land Rover, Telefonica, Schneider Electric and many more. He started doing cybercrime as a kid. He got 4 people killed and 27 injured after starting a fire by hacking into the SCADA network of Telecom Egypt. An OSINT researcher just revealed who he is and how he tracked him down.
International Cyber Digest tweet mediaInternational Cyber Digest tweet media
English
31
202
1.8K
459.2K
Aditya 🌸
Aditya 🌸@heyadixyz·
hi, i’m aditya. i’m joining the marketing team at @SuperteamNPL met @Ronak0010 in oct ‘24 at Kathmandu buildstation. he had an idea: build the home for @solana in Nepal. time to make it real now, upwards only!
English
30
5
130
5.1K
Byte | yoursaudit
Byte | yoursaudit@yoursbyte·
Let's do polymarket(will he get the total payout or not )
f4lc0n@al_f4lc0n

Here is my Immunefi profile: immunefi.com/profile/f4lc0n/ I submitted my first valid bug report on Immunefi on December 15, 2024. And, could you help me reach out to @injective ? I want to ask if I’m allowed to public my original report. Alternatively, ask them to have a technical discussion with me about exactly how many assets were impacted. They’ve never responded to my messages.

English
0
0
0
24
Piyush
Piyush@piyush784066·
as a Developer, how much RAM is enough for you? 1. 8 GB 2. 16 GB 3. 24 GB 4. 32 GB 5. 64 GB 6. 128 GB+
Piyush tweet media
English
246
28
789
84.4K
Suraj Sharma
Suraj Sharma@suraj_sharma14·
POV: You're a CS student in 2026 Professor: learn Java for 4 years Web3: here's $500 for a weekend hackathon Professor: learn data structures Web3: here's a $10K grant to build something real Professor: get a $15/hour internship Web3: here's a $5K bounty for finding one bug The choice is right there. 👀 Are you still only following the syllabus?
English
10
2
76
3.7K
curiousapple
curiousapple@0xcuriousapple·
ai this ai that i promise your ai cant even think of 70%+ scnearios fuzzer fuzzes with fuzzing remains chad for bigger codebases
English
4
0
17
1.4K
Piyush Shukla 🇮🇳
Piyush Shukla 🇮🇳@PiyushShukla__·
I noticed that many researchers have left Web3 security. There are several reasons for this. Some left because of market conditions. contests are almost dead and there isn’t much real hiring from companies. Others found Web3 security very difficult, and now there are also new risks and changes coming from AI. However, the same experienced security researchers are still here, as always. many of the same people from previous years. But junior auditors are already leaving, and new researchers are very unlikely to survive in the current environment.
English
10
2
69
5.2K
adah
adah@adahstwt·
name the programming language that made you love coding.
adah tweet media
English
470
14
376
30.5K
luckyPipewrench
luckyPipewrench@luckyPipewrench·
@RoundtableSpace Offensive tooling for AI keeps getting better. Defensive tooling for AI agents is basically nonexistent. Everyone's building smarter agents. Almost nobody is watching what those agents actually do on the network when they run.
English
1
1
2
960
0xMarioNawfal
0xMarioNawfal@RoundtableSpace·
CYBERSECURITY IS ABOUT TO CHANGE FAST. Someone just open sourced an autonomous AI red team made of multiple agents that coordinate with almost no human input.
English
84
123
895
221.1K
Essential
Essential@only01Essential·
Meanwhile @aelfblockchain have gone on another radio silence 🔕 It's tiring fr, in this space you can't find even a fund loss bug and be confident of being paid. The least you owe a researcher acting in good faith by reporting a security vulnerability is sufficient closure. Imagine reporting bugs since December last year and still begging and tagging the project to respond to you 🙃
Essential tweet media
English
3
1
13
2.7K
kaden.eth
kaden.eth@0xKaden·
claude code is the tiktok of programming
English
6
0
22
1.7K
Byte | yoursaudit
Byte | yoursaudit@yoursbyte·
We need something like proposal for bug bounty high TVL = high bug bounty
f4lc0n@al_f4lc0n

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

English
0
0
1
107
Ehsan
Ehsan@Ehsan1579·
@TheDEFIac rather lose all the 50 million in a hack than swap it and get 30k lmao.
English
1
0
4
204
Polymarket
Polymarket@Polymarket·
JUST IN: Crypto trader turns $50 million into $35k in a single swap after ignoring multiple slippage warnings.
English
749
788
13.5K
1.5M
Defimon Alerts
Defimon Alerts@DefimonAlerts·
🚨 Goose Finance - Loss $8435 (2026-03-12) Token: $EGG @ $0.00307 MC: $223K 24h Vol: $29.5K Type: Logic Error (Share Accounting Flaw) The StrategyGooseEgg vault had 3.69M EGG (~$11.3K) sitting unaccounted in the contract — not reflected in wantLockedTotal or sharesTotal. The _deposit() function calculates shares using the OLD wantLockedTotal, then calls _farm() which adds BOTH the deposit AND the unaccounted EGG to wantLockedTotal. This means the depositor's shares entitle them to a proportional claim on the unaccounted EGG. The attacker flash-swapped 10.17M EGG from two PancakeSwap pairs, deposited into pool 60 via VaultChef, then immediately withdrew — receiving 12.59M EGG back. After two deposit/withdraw cycles, the attacker converted profits to ~13.04 BNB ($8435). TX: bscscan.com/tx/0x86efdf5b4… Victim: bscscan.com/address/0x0980… (StrategyGooseEgg) CoinGecko: coingecko.com/en/coins/goose…
English
4
5
35
38.1K

ディスカバー

@panditdhamdhere @IntCyberDigest @grok @heyadixyz @SuperteamNPL @Ronak0010 @solana @piyush784066