0xScourgedev

367 posts

0xScourgedev

@0xScourgedev

CEO & Lead Fuzzing Specialist @perimeter_sec

Canada Katılım Nisan 2023

199 Takip Edilen712 Takipçiler

Sabitlenmiş Tweet

0xScourgedev@0xScourgedev·21 Tem

It's a lot of responsibility being one of the final lines of defense! Our invariant fuzzing harnesses uncovered and prevented several severe vulnerabilities (all issues fixed) from reaching production. Lots of respect to @berachain for taking security extremely seriously 🫡

Perimeter@perimeter_sec

Excited to share that over the past 6+ months, we've helped secure critical infrastructure for @berachain using invariant fuzzing. Big credit to @berachain for their industry-leading commitment to security. Looking forward to continuing our partnership in securing Berachain 🫡

English

2.9K

0xScourgedev@0xScourgedev·3d

@Montyly @0xkarmacoma possibly?

English

Josselin Feist@Montyly·3d

Anyone at OpenAI interested in blockchain who could help with this?

Josselin Feist@Montyly

@sama If OpenAI is looking to onboard trusted security researchers from the blockchain space, the EthSecurity Badge initiative is worth a look: @thedao.fund/thedao-is-becoming-a-dao-again" target="_blank" rel="nofollow noopener">paragraph.com/@thedao.fund/t… / opensea.io/collection/eth… It's a peer-curated set of trusted security researchers in the ecosystem cc @thedaofund

English

2.7K

0xScourgedev retweetledi

Dimitar Tsvetanov@cvetanovv0·5d

I found this great repo with various Fuzzing Resources 👇 github.com/perimetersec/e…

English

2.4K

0xScourgedev@0xScourgedev·5d

Huge congrats to @gbrigandi! Excited to share the details of this finding, and the creative way that fuzzing was used!

Perimeter@perimeter_sec

🛡️ $69 Million TVL Saved Our very own @gbrigandi reported a critical vulnerability, saving $69,000,000 in TVL for @Polkadot. We’re proud to strengthen the ecosystem through responsible disclosure and proactive security research. Blog post coming soon! PS: Found with fuzzing

English

852

0xScourgedev@0xScourgedev·24 Nis

Depends what my goal is. Is the goal that a cure to cancer is found? Or is it that I want to be the one to cure cancer. If it’s the former then I would be extremely happy, if it’s the latter, then I would feel like I was too slow. Regardless, I would either go into an adjacent field or try to cure the remaining 10%.

English

438

Hari@hrkrshnn·23 Nis

If you spent 10 years of your life becoming a cancer specialist and all of a sudden a pharma company is going to drop a cancer vaccine that cures 90% of cancer, how will you react?

English

8.8K

0xScourgedev@0xScourgedev·23 Nis

Hopefully codex will write my POCs without workarounds now 😅

English

157

0xScourgedev@0xScourgedev·13 Nis

I first met Gianluca and heard about his work at @Montyly's amazing W3ST event in Buenos Aires. We had deep conversations about his approach to Web3 security, and it's one of the most unique and effective that I've seen. Extremely excited to be working with each other!

Perimeter@perimeter_sec

Built the tools. Found the bugs. We’re excited to welcome Gianluca Brigandi (@gbrigandi) to Perimeter as Tooling Specialist. • Author of Traverse, Tameshi, and ThalIR • Multiple confirmed bounties

English

382

0xScourgedev retweetledi

Jeff Schroeder@SEJeff·5 Nis

Unpopular opinion. It isn’t always feasible to do formal verification on large applications or protocols. I’ve done two engagement wilts a well known FV firm and got mediocre results in both. FV isn’t a magic bullet, but it is a wonderful tool when applicable. Fuzzing is easier to get running and finds many of the bugs FV does and often in less time. Both are valid approaches but one will often cost you less I people time and compute if done well.

toly 🇺🇸@toly

If they can get you to sign a tx they can steal your source code. Immutable open source with formal verification is the only real option

English

2.1K

0xScourgedev@0xScourgedev·31 Mar

@pashov @perimeter_sec More visibility coming soon! 🫡

English

pashov@pashov·31 Mar

@0xScourgedev @perimeter_sec Good: looks serious, good branding Bad: very small, people don't know them

English

348

pashov@pashov·30 Mar

Say the name of a web3 security company and I will say 1 good and 1 bad thing about it

English

148

23.8K

0xScourgedev retweetledi

0x310f1.sh@0x310f1sh·27 Mar

Echidna v2.3.2 is out 🦔 Better Foundry support, improved reproducer generation, and fixes for coverage and Osaka compatibility. Big thanks to Gustavo, @BowTiedRadone, and @argotorg hevm folks for pushing a lot of this forward 🙏

English

272

0xScourgedev@0xScourgedev·27 Mar

@nisedo_ It was with Opus 4.5, think it's worth revisiting with 4.6/gpt?

English

nisedo@nisedo_·27 Mar

@0xScourgedev Which model did you use?

English

nisedo@nisedo_·27 Mar

Fuzzing a codebase from scratch takes hours of setup What if it took 1 command? Echidna/Medusa harness + basic invariants, auto-generated for ANY Foundry project Soon™

English

4.7K

0xScourgedev@0xScourgedev·27 Mar

While developing our tool, I played around with AI adding some fuzzing features into the harness. Couldn't get it to be precise enough and it introduced issues that would take a while to debug or would miss some edge cases. So I made it fully deterministic and instead used AI for suggestions. I think it's a better approach for our use case. Curious on how you got past this problem!

English

114

nisedo@nisedo_·27 Mar

Currently working with a mix of deterministic setup (mined from the project tests/scripts) and AI filling for the rest I’m stress testing it against all weird codebases I can think of to fix the edge cases (and there are a lot of them, but hopefully we’ll find the right balance between deterministic and AI so it works with all codebases)

English

339

0xScourgedev@0xScourgedev·2 Mar

Anyone else noticed that Codex 5.3 has gotten much worse over the past few days? Feel like it got significantly lazier and making simple mistakes that it wouldn't have a few days ago

English

264

0xScourgedev@0xScourgedev·22 Şub

This was the best event I attended in Buenos Aires. Highly recommend anyone interested in tooling + attending ETHCC to apply/submit a talk!

Josselin Feist@Montyly

Announcing Web3 Security Tools Seminar (W3ST) 2026 at @EthCC A discussion-driven seminar for security tooling builders Limited seats, technical depth, no marketing Looking for talks on tooling deep dives and work-in-progress ideas Details: seceureka.com/w3st/

English

358

0xScourgedev@0xScourgedev·14 Şub

For the past two months, I've been using a physical stopwatch to record how many hours of focused work I do each day... My productivity has been through the roof

English

259

0xScourgedev@0xScourgedev·11 Şub

@immunefi Wow amazing find!

English

485

Immunefi@immunefi·11 Şub

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

English

194

153

1.2K

345K

0xScourgedev@0xScourgedev·10 Şub

@nisedo_ To be honest, I think the reason is purely economical like @deadrosesxyz said in his reply, especially with the rise of AI spam submissions

English

123

nisedo@nisedo_·10 Şub

@0xScourgedev I’ve done 3 audits in a row with full fuzzing suites, so I’m probably biased right. And I’m still trying to rationalize why audit contests are dying, I guess I haven’t fully grieved yet 🥲

English

292

nisedo@nisedo_·10 Şub

Contests are dying in part because fuzzing replaced them. Devs now run extensive fuzzing suites as the final step of their security process, whereas contests used to act as human fuzzers.

English

0xScourgedev retweetledi

Perimeter@perimeter_sec·15 Oca

fuzzlib v1.1.0 released – now with broader compatibility and new utilities for Solidity fuzzing What's new: - clampArr: Efficient array clamping - scaleDec: Decimal scaling helper - errAllow: Full support for pre-Cancun chains - Updated cheatcodes to allow latest functionalities

English

662

Keşfet

@Montyly @0xkarmacoma @gbrigandi @pashov @perimeter_sec @BowTiedRadone @argotorg @nisedo_