AlexSR

My 2025 Web3 Security Wrap-Up - Discovered web3 security - All started with @CyfrinUpdraft courses - Started a 100 days challenge to become a security researcher - Made my first "reward" with @PatrickAlphaC videos $50 and an amazing sink NFT - Got up to speed with @RealJohnnyTime courses - First contest on @CodeHawks with $354 and a top 10! - Participated in @pashov internship - Joined @cantinaxyz fellowship - Listened countless of @bountyhunt3rz podcasts - Grinded on @code4rena - First top 3 on @sherlockdefi - Joined an amazing web2 startup building an AI first product as a founding AI engineer (~6 months ago). Highly time consuming but amazing experience building a product. - Met so many cool SRs online and irl - Team audit on highly complex codebases with @ChaseTheLight99 & @auditor_nate - Top hacker of the week on @HackenProof Top tip: - Don't over-study. Do audits, then learn exactly what you're missing Some stats: - Top rank: 3rd (x2) - Total findings: >30 H/M (2 unique) - Total earnings: ~$3k => Let's break those stats in 2026 I loved the challenge. Exploring complex protocols and finding ways to break them is incredibly rewarding. It’s tough to balance alongside a full-time web2 startup role, but the excitement makes it hard to step away. Curious to see where this leads, maybe full-time someday.

@BengalCatBalu Going there (Tokyo, Osaka, Kyoto) in 2 months! Anything more you want to share about it?

Just got back from a two-week trip to Japan. Completely stepping away from work for a while is incredibly refreshing. It helps you reset and look at yourself from a different perspective. I feel fully recharged. Japan itself was an amazing place to travel. My favorite spots were Kyoto and Kawaguchiko near Mount Fuji — both had a very special atmosphere. Now it’s time to set new goals and work even harder to help make Web3 a safer place

Fallacy - AI tools are finding Critical Severity Vulnerabilities in audits, contests & bug bounties. Humans that built & run these tools are the ones who find the vulnerabilities. Come do this, plus so much more with Pashov Audit Group - we're all about security. Retweet pls🫡

openai and paradigm are benchmarking how good ai is at exploiting smart contracts. meanwhile i open sourced the actual prompts and workflows i use day to day during real audits — bounty hunting, private reviews, contests, and even zk circuits. all built to chain together as a pipeline. the models are getting smarter. your workflows should too. github.com/pantheraudits/…

@carlos__alegre @thepantherplus @immunefi Probably the case sometimes but it seems to happen quite too often 🙃 crits aren't taken seriously imo

@0xAlexSR @thepantherplus @immunefi true xd I guess sometimes it is not that easy to fix or implement the fix without making sure it does not compromise other stuff and that is why they get delayed?

@immunefi , why not posting hashes of a summary of submited valid reports to a blockchain? Then when someone sends late an already discovered issue they can verify it is true by hashing the summary. This way you generate more trust than with a: "Trust me bro someone already submitted this." Something like: hash("Protocol X: Bug regarding func123() having a reentrancy with func345(3445)") Or maybe even the hash of all calldatas that generate the exploit. It just has to be something clearly linked to the issue.

@JupiterExchange @code4rena x.com/0xAlexSR/statu…

After 6 months of building and testing, Jupiter Lend is officially out of Beta. With 83,000 users, 7 audits, 1 formal verification, and $0 bad debt Now we're launching a $107,000 audit contest with @code4rena 👇

Why not a bug bounty after 7 audits for 6 months with conditional pot $0 if no H/M? "Live audit contest" H/M pool of $96,000 🤔 - Securing $1B TVL - Launched in September - $70k fees generated daily - 35% Solana marketshare (defillama.com/protocol/jupit…)

@auditor_nate @0xSimao Team audit for the win 💪 A pleasure teaming up with you!

Day 70/90 @0xSimao Contest Academy. 70 days into this check in, feeling and working better then ever, gym is dialed, diet is dialed. Olas wrapped up today, multiple subs had an incredible partner on this one in @0xAlexSR, regardless of the outcome we are winning this year.

After nearly a year of writing and revision, we’re proud to finally present a new book from RareSkills, created in collaboration with @Certora: Formal Verification with the Certora Prover Certora makes formal verification accessible—but for newcomers, there’s still a large set of unfamiliar concepts to learn. Teaching a broad and unfamiliar field comes with pedagogical challenges. Dive into projects too early, and you’re forced to use syntax you don’t yet understand. Delay compelling applications too long, and readers lose interest. We worked carefully to balance showing “cool examples” without presenting anything that feels magical—i.e., concepts the reader hasn’t yet built a mental framework for. Our hope is that this work helps formal verification become a more standard part of development and auditing. Clocking in at well over 60,000 words, this is not a small book. But like any RareSkills publication, it’s information-dense yet approachable, thorough without being academic, and above all, practical and illuminating. In a space that quickly jumps from one meta to the next, we’re proud to collaborate with a company willing to invest in long-horizon projects that make Web3 safer. Link in the reply.

@luc1jan @flyingtulip_ @_MathAcademy_ @0xfluid Nice thanks a lot! Exactly what I did this weekend!

I tested some tools during my last contest (after I’d already finished my regular workflow/review). The codebase was small (~1.6k nsloc) and I still burned almost 5M tokens on the Claude API (~$8). The two skills I liked the most were "entry-point-analyzer" and "audit-context-building". I don’t plan to use them regularly at this point, but I definitely see great potential there. The reports also gave me some fresh ideas for my manual review that I’m going to test in the next contest. Keep in mind that these two are mainly meant to speed up your "onboarding" phase — I only used them after finishing the contest because I wanted to try them on a codebase I already understood well. As for the "bug finding" tools — not very helpful yet. TL;DR: You should test them yourself on a smaller codebase and see what you like. I’ll definitely keep an eye on them in the future.

Week 24/100 to win a contest - @flyingtulip_ audit - 628xp on @_MathAcademy_ This is the first time I exhausted my entire “todo” list in a contest. I did math daily, tested ToB Skills for Claude and played with it to improve my workflow. @0xfluid DEX v2 contest on @sherlockdefi will be my main occupation for next week/month.

@pashov @amazing_mi44813 I didn’t know about this program but that’s great, no idea how responsive / fair they are but better than nothing I guess. Definitely cool for those that are in the leaderboard 🥷

@amazing_mi44813 @0xAlexSR some feedback sir

Finding a vulnerability in Ethereum will be a story you can tell your grandchildren someday. Did you know they have a Bug Bounty program, paying up to $250,000 for vulnerabilities disclosed? Also an all-time leaderboard for the superstar security researchers✨

I've always been into mecha, my favourite games of all time is the Armoured Core series. A huge perk of starting your own thing is you can theme it around stuff you like. You can name and design EVERYTHING. LightChaser Mecha Program 🔥

@md_nafeed_ Hi, feel free to dm

@0xAlexSR Hello Alex, we have a startup and looking for your collaboration ! How do we connect you ?

My 2025 Web3 Security Wrap-Up - Discovered web3 security - All started with @CyfrinUpdraft courses - Started a 100 days challenge to become a security researcher - Made my first "reward" with @PatrickAlphaC videos $50 and an amazing sink NFT - Got up to speed with @RealJohnnyTime courses - First contest on @CodeHawks with $354 and a top 10! - Participated in @pashov internship - Joined @cantinaxyz fellowship - Listened countless of @bountyhunt3rz podcasts - Grinded on @code4rena - First top 3 on @sherlockdefi - Joined an amazing web2 startup building an AI first product as a founding AI engineer (~6 months ago). Highly time consuming but amazing experience building a product. - Met so many cool SRs online and irl - Team audit on highly complex codebases with @ChaseTheLight99 & @auditor_nate - Top hacker of the week on @HackenProof Top tip: - Don't over-study. Do audits, then learn exactly what you're missing Some stats: - Top rank: 3rd (x2) - Total findings: >30 H/M (2 unique) - Total earnings: ~$3k => Let's break those stats in 2026 I loved the challenge. Exploring complex protocols and finding ways to break them is incredibly rewarding. It’s tough to balance alongside a full-time web2 startup role, but the excitement makes it hard to step away. Curious to see where this leads, maybe full-time someday.

@ChaseTheLight99 @HackenProof Ahah thanks! Great way to start the year 🫡

@HackenProof @0xAlexSR @0xAlexSR you legend! Amazing work here!

Top 3 researchers this week: 🥇 zcai 🥈 @0xAlexSR 🥉 maketer Want your handle here? Join active programs: hackenproof.com/programs

@crypticdefense @GuardianAudits Congratulations!

Starting the new year off strong! 💪🏼 Excited to announce I’ve officially joined @GuardianAudits as a full time Security Researcher. With such a fantastic team, I am certain my growth here will be exponential. I’ll let the bugs speak for themselves. 🔥

@ChaseTheLight99 @cantinaxyz What a big year, congratulations for everything you have build so far and so much more to come. Happy new year! 🙏

Happy 2026! 🎉 Summary of how 2025 went: - 50+ Public LightChaser Reports Provided : Many more private reports : Crossed 100 public reports : Check out my GH to see them :) - Got to contribute to the biggest wave of contests I've ever seen in Q1 from @cantinaxyz ! - LightChaser found a solo H/M on the Blackhole contest on Code4rena : Write up done by Nate! : I think this may be the first contest Solo found solely by automation? - Built over 250 New Detectors for LightChaser : Primarily High and Medium detectors : Seen tons of these trigger in both public and private reports - Took on some new mentees : Will make a tweet regarding how to get the most out of a mentorship - Q1 and Q2 I had to take care of some major family commitments : All is sorted : I see this as a 'stress test' and showed me that no matter the situation, I can still get the work done - Huge Shoutout to @auditor_nate : We worked on many audits together both public and private : He is improving at such an incredible rate : Its been an amazing year working with you! - Formed a new team on C4 : PillarsOfLight : Welcome to the team @0xAlexSR ! - Won phase 1 of the Glider contest hosted by @xyz_remedy : Shoutout to the triagers, I really appreciate all your hard work ^^ : Looking to take this momentum into Phase 2 - Had the most productive Q4 of my life despite being sick for half of it 😅 - Went on the @bountyhunt3rz podcast! - Had a talk about Glider on Remedy : Tons of alpha there : The contest is still live so check it out, it may be useful :) - Got to contribute a LightChaser report to the first contest of the new @dualguardaudits platform : I'm seriously getting 2023/2024 C4 vibes from them, very bullish : join the discord if you haven't already! - Built a very comprehensive LayerZero-V1, LayerZero-V2 and Stargate detector suite - Built a Uniswap-V4 detector suite : still a WIP : This got us a High in the DCA Sherlock contest - Started a Hybrid service : Automation + Manual : Still in early testing but we've gotten great feedback so far : Caught confirmed Highs in high TVL projects - Begun work on the LightChaser Mecha Program : I'm looking to leverage automation to create more work for SRs not less : Expect some announcements in 2026! : Feel free to DM if interested - Ran LightChaser against the Monolith contest on Sherlock 3 hours before the contest closed : Nate submitted a LightChaser found High : Now confirmed valid : This is the fastest Run-to-submission we've had on a contest! - General thank you to all of you for all of the support ^^ : Wishing you all an amazing 2026! Predictions for 2026 - Keep an eye on both Nate and Alex, both have shown a tremendous amount of promise and I feel they'll both will cross into the Senior SR bracket this year - We will keep seeing top manual auditors dominating the space : With or without automation, in either reality the auditors who have the strongest underlying manual auditing skill will see the greatest return : Either way, becoming the best manual auditor will give you the best chance of winning - Move and Cairo auditors will see more work this year, still a good niche to look into. Niches in general will provide high ROI - Automation will continue to improve and raise the bar and the reward for manual auditors who cross this bar will also grow considerably Small announcement - LightChaser-V5 has begun development

@Void_Buildeer @CyfrinUpdraft @PatrickAlphaC Happy new year!! 🥳

@0xAlexSR @CyfrinUpdraft @PatrickAlphaC Happy New Year

@navneetsaini__ @CyfrinUpdraft @PatrickAlphaC That's basically all I did in 2025. Lot of web2 work too so it's definitely achievable quicker.

@0xAlexSR @CyfrinUpdraft @PatrickAlphaC Do these things take the whole year of 2025?