Ijele

327 posts

Ijele banner
Ijele

Ijele

@0xIjele

Security researcher

Katılım Şubat 2025
305 Takip Edilen34 Takipçiler
Tucker
Tucker@CrucibleCrypto·
Currently building my team. Looking for 2-4 more SR's I don't care how little or much experience you have, let's have a chat and see if you are a fit. We will tackle the challenges of audit competitions, bug bounties, PoC's, report reviews, and share the rewards.
English
14
1
29
2.6K
Immunefi
Immunefi@immunefi·
You're telling me that a single security researcher just made $150k for writing one report? yes
Immunefi tweet media
English
8
12
284
12.3K
Ijele retweetledi
0xLoopTheory
0xLoopTheory@0xLoopTheory·
Yesterday I wrote that it had finally sunk in. Today the first copy arrived in the mail. A real book. Real weight. My name on the spine. I've looked at this cover on a screen a hundred times. Holding it is something else entirely. Thank you all. 💙
0xLoopTheory tweet media
English
1
2
2
91
Vid Repar
Vid Repar@vidrepar·
I’m an engineer at Immunefi. My advice to any researcher: don't submit cold. Run it through Immunefi Studio first. It catches the weak spots that get reports closed. 65% of beta runs last month came from newer researchers. They checked before they sent. Reply "studio" if you want in 🛠️
GIF
English
34
10
22
2.8K
Ijele retweetledi
CertiK
CertiK@CertiK·
Today, we're excited to announce the launch of CertiK Hunt - our new invite-only platform connecting elite security researchers with trusted Web3 projects. CertiK Hunt brings together bug bounty programs, audit competitions, and AI security challenges in one place. 🧵👇
CertiK tweet media
English
27
69
256
41.6K
Immunefi
Immunefi@immunefi·
Let's hunt
Immunefi tweet media
English
5
3
79
4.3K
Ijele
Ijele@0xIjele·
How do you know a protocol is worth spending time on? What are the key metrics you look out for? Pls, ser @WhiteHatMage
English
0
0
0
34
WhiteHatMage
WhiteHatMage@WhiteHatMage·
My motto is "break the code"
English
4
6
84
3.7K
Ijele retweetledi
Immunefi
Immunefi@immunefi·
@ayush152002 If you want it bad enough you can do it
English
2
2
10
758
Ijele retweetledi
WhiteHatMage
WhiteHatMage@WhiteHatMage·
If you're interested in catching chain halts, here are some ideas: Consensus critical paths: - Check consensus invariants and how to break them -> halt - Check functions that should always succeed, but you find a way to make them fail or revert for everyone every time -> halt - Check functions that should always return a response (success or failure), but you can make them panic -- unexpected side effect or missing recovery mechanism. - Look for possible sources of non-determinism -- may lead to chain halt or fork Risk profiles: - Halt the production of blocks - Halt the production of proposals - Halt the processing of transactions - Halt the p2p communications - Halt the processing of txs - Crash validators consistently - Crash critical dependencies consistently Attack Surface: - Trace back the critical paths, and the components that could be broken - It may be a malicious transaction by any user, or a malicious p2p message relayed to the nodes - It could be a rogue validator with a malicious proposal - The chain might read events from contracts. It could have a light client checking things happening on other chains. - It could be time based, or something that happens on specific blocks, or during some special event. - There might be issues in dependencies that aren't critical anywhere else, but they lead to a more severe impact in some specific flow - The chain could have special roles that could be vulnerable to specific attacks Resource exhaustion: - CPU: make validators spend too much time computing transactions or blocks -- they won't make it in time for agreeing on the block - Memory: crash validators with OOM errors - Storage: bloat the disk space - Invariants: bloat some resource invariant, like consistently surpassing the block size, or tx size, making proposals fail. Caveats: - Most bugs aren't vulnerabilities. Learn how to code an e2e PoC for a network. - Not every panic leads to a crash. They're often gracefully caught. - Not every crash leads to a chain halt. You may crash the RPC node, but not the validators - A chain might have different clients, and the overall impact may not lead to a chain halt - Permissionless attacks are more dangerous than ones that require a validator - Panics in transactions are usually caught by the execution layer - If the impact is that your tx reverts, there's no impact. If the impact is that your proposed block is rejected, there's no impact. - Chains have different consensus mechanisms and caveats. The same vulnerability won't necessarily lead to the same impact. There's a huge overlap with other impacts. The same core vulnerability could be exploited for a chain halt, or could be used to take down validators to gain consensus, or could be abused to lead to a chain fork, or other issues. It's also possible that it doesn't lead to any real impact too. It's up to you to assess the most critical impact.
English
12
29
315
8.4K
Ijele retweetledi
Immunefi
Immunefi@immunefi·
This Immunefi All Star just crossed $1 million in earnings, making them the newest crypto millionaire on Immunefi. Meet @_blockian, the alter ego of @ControlZ_1337. We asked him how he does it. "What is one practical bug bounty strategy that has helped you find better bugs? " Pre-AI era: Find the most complicated part of the project - the area I assume most researchers would avoid diving into - and then repeatedly chant to myself “there are always bugs” until I eventually break something. Post-AI era: Same thing, but with AI. Don't be scared of complexity - embrace it "What habit, routine, or mindset has made you more consistent as a researcher? " Balanced life. Personally, I burn out pretty fast. Too much ADHD and not enough self-discipline 😅 So I compensate by cycling between periods of hard work and periods of rest. I work hard until I start feeling the early signs of burnout, then I stop before I hit the point where I won’t want to work at all. I’ll start a new PS5 game, fly abroad, take a week (or a month) off, snowboard, recharge, and then come back feeling fresh and ready to go again. Would I have found more bugs if I could work 24/7 like some other researchers? Probably. But is that actually sustainable for me? Probably not. "Can you share a memorable bug or win, and what helped you find it? " I think it was my first bounty, this is what made me believe this was actually possible. It was a pretty cool cache-poisoning issue that, to this day, I still consider one of my favorite bugs. I was determined to find something. The codebase was quite complex, so I was convinced there had to be an issue hiding somewhere. At some point I got stuck and stepped away from the computer, but I couldn’t stop thinking about the codebase. Then suddenly it clicked. I realized how I could use the cache to my advantage, rushed back to my computer, and spent the entire night building a PoC out of pure excitement. The report got confirmed and paid, and that was the moment that made me believe this was actually possible. It’s what kept me going. "What is one piece of advice you would give to a researcher trying to level up or land their first bounty?" Find what genuinely excites and interests you. If you're doing it only for the money, you'll probably hit a wall sooner or later. If you want to rise above the competition, you need to be passionate about what you're doing - passion is what keeps you going when things get difficult, repetitive, or frustrating.
Immunefi tweet media
English
6
14
193
14.3K
Immunefi
Immunefi@immunefi·
In case you missed it, here are five things Immunefi shipped this month: 1. IronScore A free security score for any protocol, rated from 0 to 100 and ranked on a public leaderboard. It also includes a wallet scanner that shows how much of your value is sitting in weakly secured protocols. 2. Immunefi Studio A new toolkit built with and for top security researchers. It includes Studio Reviews and Studio Signals. 3. Studio Reviews Get structured feedback on your bug report before you submit it, so a real finding doesn’t get weakened by a weak writeup. 4. Studio Signals Access real program data before committing your hours, including which programs pay and how fast they move. 5. Dark mode Easier on the eyes. Finally. Some of these shipped in limited release first, but we’ll be rolling them out to everyone soon.
Immunefi tweet media
English
9
6
68
6K
Immunefi
Immunefi@immunefi·
This Security Researcher has earned $1,073,742 on Immunefi in 2026. 2nd on the Whitehat Leaderboard. Now @0xvivekd is coming on The Immunefi Show to talk through how he hunts, how he thinks, and what separates a good report from a million-dollar year. What should we ask him?
Immunefi tweet media
English
13
18
266
15.7K
Ijele retweetledi
Immunefi
Immunefi@immunefi·
This Immunefi All-Star just made a Google Staff Software Engineer’s salary from one report. Congrats @riproprip.
Immunefi tweet media
English
37
24
459
49.3K