Lucifer Ξ

1/ Solidity `bytes` variables behave differently than you might expect—especially when mixing high-level code with assembly. This short snippet below shows a common gotcha

@0x3b33 Usually the solidity guys and solana guys are same or different for the audit?

Our first Solana + Back End audit Really proud of the boys, they crushed it!

@pashov @4lifemen What does this signals?

🤯CODE4RENA SUNSETTING. THE END OF AN ERA Thank you for everything, code4rena, forever in our hearts <3

It’s time to get back in the game.

@arsen_bt @renegade_fi Does renegade finance have bad reputation for resolving bounties on platforms?

Attacker drained $209K from @renegade_fi. Then messaged claiming to be a whitehat. Unfortunately, that's bug bounty state in 2026.

Is it early to have Uniswap V4 swap integrations in your defi protocols. Should you stick with V3 only?

@Ehsan1579 What did I just read, such huge lapses in development. It almost is unbelievable.

Anyways, I've been digging in this for the past 12 hours, Imma go back to my normal audits lmao. It was fun while it lasted.

@0xCharlesWang @grok help me undrstand the gist of this post

Whenever you start a new audit, the first days are essential for laying the ground stone for advanced exploits. You will have an open mind and are creativ. The more you dive into the code, the more biases you will develop. Use the initial time wise.

@0xKaden that was insightful, gonna bookmark this asap

✨Weekly bug writeup✨ #3: Insufficient slippage protection with price limit only In Uniswap v3/v4 swaps, the sqrtPriceLimitX96 parameter constrains how far the price can move during a single swap, but it does not guarantee a minimum output amount or maximum input amount While the sqrtPriceLimitX96 enforces an upper bound on the price paid for the swap, the actual price paid depends on the amount and placement of in range liquidity For example, a protocol that only uses sqrtPriceLimitX96 to handle slippage protection may have to set the sqrtPriceLimitX96 according to the expected resulting sqrtPrice after the swap, based on the amount of liquidity being swapped through. However, as long as there is sufficient liquidity to execute the swap between the current sqrtPrice and the sqrtPriceLimitX96, the swap will succeed regardless of the placement This allows MEV bots to strategically move liquidity away from the current sqrtPrice to the sqrtPriceLimitX96, providing the swap with the worst possible pricing Always enforce the minimum amount out/maximum amount in to protect against slippage Stay tuned for a ✨new bug writeup every monday✨

While auditing, if you find a possible vulnerability: 1. You would mark it and carry on auditing 2. Or would you rather right there write the PoC for it and then move on

@philbugcatcher words felt real💯

I used to ask myself a lot "am I auditing correctly?" I studied auditing a lot, and everyone says they just read code. But in the beginning, just reading code felt incredibly hard I was convinced top SRs had some secret process that I was missing Turns out I was wrong. It just takes time to master reading code After a while the process starts to feel natural. Auditing is still tough, but it flows

@legalsifter_AI yes sir, couldn't agree more!

1/ Solidity `bytes` variables behave differently than you might expect—especially when mixing high-level code with assembly. This short snippet below shows a common gotcha

@petercalic99 @0xSimao share your favs

If you want to deepen your sc security skills i recommend watching "The Mentorship Series" by @0xSimao. A ton of great tips. I might share my fav.

@HackenProof In upgradeable context, the initialize function can be initialized again against implemantation contract storage. -> Use diableInitializer() in constructor -> add initializer modifier in initilize function

Spot the Bug 🧠 Upgradeable setup What’s the issue in this code?

Starting with this 10-weeks long SR mentorship program, mentored by @bichistriver and sponsored by @PashovAuditGrp 🫡

@HackenProof nonce

Spot the Bug 🧠 Signature Replay What’s the issue in this code?👇

@bichistriver @PashovAuditGrp Is there any any possible way I can join (paid/unpaid). Was really looking forward !

I have selected the 29 @PashovAuditGrp - sponsored candidates who demonstrate the highest probability of consistency. Selection Criteria: - absolute beginners but with Clear roadmaps rather than vague passion. - Candidates who have quit jobs, burned ships, or invested significant personal capital. - Candidates with existing contest wins, specific findings (Highs/Mediums), or completed bootcamps (RareSkills, GuildAcademy). - Developers/SREs transitioning to security (higher retention rate than fresh beginners). @0xgo4ko @cosminm53 @slAGeRoP @0x_Blackwolf @Rezar13 @0xh2134 @ByteFable @0xbube @0xAbhayyy @KalpPShah @takeshi77kovacs @derastephh @specterev @dejiolaniyannn @HabeeblaiM @AshhadAslam @0xserEMir @0xmishoko @tiersigma @StrangeEth @faruukku @developerx_sec @Abdvssamad @molaratai @0x_wind @dystopiaxyz @kalyan__tr @0x_bob_0x @0xvard if your name is mentioned above kindly dm me on TG to get added today to the group. tg username: @bichistriver We will kick off tomorrow!

@0xFireFist @vinicaboy @0xSimao Good going ser !

I can't even express my feelings rn... 3rd place on Mento's contest, life is good. Congrats to @vinicaboy, he once again proved that he is one of the best in our space! @0xSimao I guess the 5 figs challenge goal isn't that far now, is it?

@PashovAuditGrp What is expected outcome of this program?

We sponsored 29 slots of this mentorship web3 security program. Good luck with your applications🫡

@ArnieSec I had the same learning curve with Yul/Assembly I think identifying prerequisites is itself a task

If you’re trying to learn something and it feels confusing or doesn’t stick, that’s often a sign that you skipped prerequisites. Yul/Assembly felt impossible to me early on, not because it was “too hard,” but because I didn’t yet understand storage, memory, the stack, and how data is represented. Learning has an order.