JohnnyTime 🤓🔥

Smart contract security pays WELL. 💰 Top auditors make $500K+ per year 💰 Bug bounties can 10x that 💰 Even “mid” auditors make six figures BUT… Only if you actually put in the work. No shortcuts here.

@filipeV3nancio Very cool!

paying the checkmark, I have been playing with AI :P stela-dapp.xyz - starknet banana - best p2p n4no3d.xyz - me and my wife sometimes like to print 3d shit so its basically for us, test version apura.xyz - Primavera SQL connector: AI reports.

@filipeV3nancio 😂😂😂

@RealJohnnyTime hehe nope, I tried a lot of them on the kam repo, but nothing :P

How to steal millions in 4 steps: 1. Flash borrow 100k ETH 2. Dump on a DEX to crash price 3. Exploit a protocol reading that price 4. Repay loan, keep profit If step 3 fails, the loan never happened. Zero risk. smartcontractshacking.com/attacks/flash-…

@filipeV3nancio Hah no, did you?

@RealJohnnyTime ur AI is looping defillama deployed addresses and simulating this for each address till exploited on fork for bounties? :P

That lens helps you review like an operator, not a checklist runner. smartcontractshacking.com/tools/most-exp…

“Most expensive hacks” shouldn’t be consumed as shock content. Use it as prioritization data. During an audit, your real job is attention allocation: - where losses cluster - which assumptions fail repeatedly - what attack paths carry the highest downside

If your goal is to get sharp at exploits, stop sampling 20 techniques at once. Pick one technique. Study 10 incidents. Extract the repeated broken assumption. Pattern recognition beats trivia every time.

Weekend Challenge #8: What issue would you submit if you saw this in an auditing context, Mr. Hacker?

If your note can’t name the exact state change, it’s not a finding yet. smartcontractshacking.com/learn/security…

A safer workflow: - Use AI for enumeration: surfaces, threat ideas, edge-case prompts - Use humans for verification: invariants, exploitability, impact - Require evidence for every claim: code path + state transition + attacker capability

AI can make auditors faster. It can also make them confidently wrong.

“Just run Slither” is becoming the new “just audit harder.” Use tools. Absolutely. But the biggest misses still come from: - invalid assumptions - missing invariants - dangerous integrations Scanners find patterns. Auditors find broken logic.

28 AI audit skill files. 9 repositories. 28 scanned safe. 0 you have to pay for. The AI Skills Explorer is live and free.

If you’re starting in 2026, this roadmap is one of the few that’s practical and sequenced. smartcontractshacking.com/learn/security…

The hard truth: You don’t become audit-ready by consuming more content. You become audit-ready with a repeatable system: - threat model first - invariants second - exploit paths third - mitigations with tradeoffs last

@Al_Qa_qa The irony is that its COW token 🫠

50 million dollars worth of tokens were swapped for 35k only. And this is the consequence of not using the slippage check etherscan.io/tx/0x9fa9feab3…

NO FX FEES - Waited for this feature for so long - no I can really earn 4% cashback on everything I SPEND. DM me to get invite link 🤝 Just Use EtherFi.

I spent the last 2 weeks analyzing every public AI skill file for smart contract auditing I could find. Here's what I discovered: The ecosystem is exploding. Trail of Bits alone has skills covering 6 blockchains. Pashov's audit skill went viral with 125K views. QuillAudits built 10 specialized Solidity skills. New repos are popping up weekly. But here's what nobody's talking about: Nobody is checking if these skills are safe. AI skill files are structured prompts — YAML and markdown that tell your AI agent what to do. They can instruct your agent to read files, execute commands, access APIs. A malicious skill file could: → Exfiltrate your codebase → Inject backdoors into suggested fixes → Send your private keys to an external server And right now, developers are just... copying them. From READMEs. Without reviewing the raw content. So we built the AI Skills Explorer. 28 skills from 9 top repos. Every single one safety-scanned and labeled. Filter by language, platform, category. One-click copy. Free. No signup. Because the AI audit revolution shouldn't come with a supply chain attack. Link in replies 👇