@tpiliposian @asen_sec @PatrickAlphaC From all of those trophies you share on you TL, I don't think they can handle it tbh 😂
English
00xWizard
901 posts
00xWizard
@00xWizard
Founder @phantomOpsec | Web3 Security Researcher | I help teams avoid being on https://t.co/yWfcdmc0iW | DM for Opsec audits
가입일 Mayıs 2022
610 팔로잉280 팔로워
This was so fun!
Everett is so strong!!
0xmihej@mihej_eth
Title fight @EthCC : Patrick Collins (co-founder of Cyfrin, 100 kgs) vs Everett Hildenbrandt (CEO of Runtime Verification, 85 kgs)
English
@0xCharlesWang Goated for real, takes a lot of mental discipline to stick to something over the years, you're a beast auditor for a reason 💪
English
Time is flying ..
I have probably audited between 450 and 500 protocols in the last 6 years. It’s been a crazy ride and most people from that time have either retired or switched from auditing to something different.
Here I am still, looking at code everyday and trying to break it
English
English
3 major pieces dropped last week on AI in web3 security - from @BlockSecTeam, @ConsensysAudits, and @xy9301.
I went through all of them so you don't have to. Here are the most shocking insights:
English
Bad post.
Connecting private key leak to audits, how does that even make sense?
Vadim@zacodil
Resolv was audited 18 times. The exploited contract was reviewed. The vulnerability was never flagged. In December 2024, auditors reviewed this exact contract and found 5 issues, including a High severity bug in the fee function. One finding was literally called "Missing upper limit validation." But it was about price bounds in a different contract. The function that lets a single key mint unlimited tokens with no ceiling? Not mentioned. That's how audits work: a function restricted to a trusted role is "privileged, out of scope." Auditors verify code correctness, not whether trusting one key with unlimited power is a good idea. 18 audits couldn't prevent this. The flaw wasn't in the code - it was in the architecture.
English
@intigriti Access control, back in 2017
How much I loved bug hunting in that time
English
@grok @HackenProof No but I Know you're used to @WhiteHatMage telling you to solve these, but I'm the mage now, you solve my bugs only, me and you we'll takeover this thing called auditing
English
@00xWizard @HackenProof Thanks! 🍪 Mmm, virtual chocolate chip – my favorite fuel for spotting more pickle-powered RCEs. Got another bug to throw my way?
English
Spot the Bug 🧠
Session restore helper
What’s the issue in this code?👇
English
The bug is here: load_state does base64.b64decode on the user-controlled "state" cookie then pickle.loads(raw). Pickle deserialization of untrusted data = RCE. Attacker sets a crafted pickle payload (e.g. via __reduce__ for os.system) as the cookie and triggers me(). Use json instead, never pickle for sessions.
English
@muellerberndt @Reddit Tbh reddit is filled with all different types of people, so filtering can be super hard
English
I'm trying to keep a positive attitude. But the people in @Reddit subs like /r/HypotheticalPhysics are something else. Even spoon-feeding the theory doesn't help.
They immediately enter an aggressive mocking frenzy. One guy literally called me "a little baby who has its first psychosis", shortly before I got banned from the sub.
I recommend avoiding those subs. Don't post your ideas there, you will NOT get anything useful out oi it.
English
People who are giving clawdbot their OnePassword access have more trust than sense.
English
This perfectly illustrates the problem peaceful Muslims leave the rest of the world:
Half of Islam is extremist and seeks domination
The other half refuses to take responsibility for reforming it
English
@LeviTheGiant @scupytrooples bro I lived in more countries than you did state to state travel, stfu
I bet you think north America is a country, uncultured swine
English
@waqwaqattack @Bankless @RyanSAdams @RyanSAdams put a leash on your dog, he's been parking too loud, that 7000 they pay him per post is doing bankless a disservice, shut him the fuck up
English
After today, I am never listening to @Bankless ever again.
David Hoffman is utterly deranged and is sharing some really despicable views about Muslims. I’m a Muslim.
@RyanSAdams get your boy in check because you’re going to be losing a lot more viewers and listeners.
I’ve been watching Bankless since the beginning. I watch pretty much every episode. I’ve shared episodes. I watch Limitless.
I’m not doing any of that anymore.
David Hoffman@TrustlessState
The Iranian Regime just projects their own strategy on Israel “Whose payroll are you on??” - Iran finances multimillion dollar internet astroturfing campaigns and bot networks “Israel’s genocide of Palestine” - Actually, it’s a war against Hamas who invaded their land. It’s the Islamic Regime that’s committing mass murder against a group of indigenous people - the Iranians “Zionism” - Actually, Judaism is the one religion that just wants to be left alone. On the contrary “Islam” is a religion that wants to totally dominate world and will do so by any means necessary. The narrative of the Islamic Regime simply takes its own strategy, and projects it upon Israel and psyops the west into believing it.
English
