0xSecuri

Just received my very first reward as a Security Researcher. Thanks to @code4rena and @dittoproj for the opportunity! I'm looking forward to sharpening my skills and contributing much, much more to securing the web3 space! 🫡

@blckhv Digging through some gnarly code over here, you know how it makes you feel... and this was the exact boost I needed, thanks for sharing bro!

Do I really suck at auditing or I'm just not interested?🤔 A friend of mine, smart person, who's been doing web3 security shared with me that it hasn't been a pleasant experience for him since day one - but he has been pushing himself to do it. 🤷 The summary: - Not happy with what he was doing. - Average results. In short: dead-end 🔄 Do you see the correlation? 🪤 "You can't get better if you don't put in the hours, you can't put in the hours if it's not interesting to you" 😉 The problem? - auditing is abstract, not like reading a book or writing code, there you have an end goal, "I should read 100 pages today and write these 2 functionalities" vs. simply staring at the code. If you don't want to be that friend, set yourself structured small goals in the scope of your current audit: - Check the contracts that are the main entry flows. 🔍 - Choose the most important variables and follow their state changes across the code. 🧩 - Review similar codebases and their reports. 📜 Remember, you’ll never feel like you've explored a codebase 100%. Even the best researchers rarely catch half of the vulnerabilities. 🛡️

@panditdhamdhere Brave, Solidity Visual Developer, VSC & Clockify

My daily tools. Brave Remix Solidity Vs code Foundry Metamask JavaScript Bunch of faucets. What yours?

💡 TIP to save you hundreds or even thousands of dollars! Always review your @audit/audit-issue tags! I learned this the hard way - today I realized I missed submitting two high severity findings because I didn’t check my @audit tags at the end of my last contest... 🤦‍♂️

The Ronin bridge was hacked(again!) on 6th of August because of an uninitialized critical parameter. Long story short: - Ronin deployed an update - called `initializeV4` but didn't call `initializeV3` - got exploited for ~$12M - paused the contract and decided to do an audit

Don't rely on pattern matching; it won't help you in the long term. Pattern matching can be done by a bot. You want to achieve more than a bot! So, always strive to understand the codebase in depth. This way, you'll find more bugs with fewer duplicates and up-skill yourself!

I got targeted by an address poisoning attack today. Never get lazy with your security practices. Stay vigilant and always double-check your transactions!

Stop overthinking, just dive in! ✌️

@0x18a6 I'm wondering as well 😅

@0xSecuri what's a weekend

Don't let the weekend pass you by without discovering any H/M vulnerabilities 😉✌️

Auditing 101 : Sometimes you just need to stare at the code until it starts making sense, even if you don’t know the language.

Want to be a top-notch auditor? Find more bugs and score big money? Here’s the key: 1. Start today: read code, read docs, and take steps to be more capable tomorrow than you were today. 2. Repeat. The goal is to improve daily and provide more value! Results won't be late!

@Zubeirdayib24 Did you read the entire thread? 😃 Because I've shared the link bro!

@0xSecuri @milotruck or maybe you could share the link

Mindset Tips for Aspiring Auditors 🧠🧵 (1/3) If you feel unmotivated or think you won’t be able to become a successful auditor, check out these pieces of advice from the legend auditor @milotruck. It’s all about the mindset you need to succeed!

(3/3) You can watch the full interview with @RealJohnnyTime here: youtube.com/watch?v=g5Obbl… If you’re interested in just the advice, check out the Timestamps: Tips for Beginners: youtube.com/watch?v=g5Obbl… If this tweet helped you out, smash that like and retweet! 🫡

(2/3) 1. Stick to one contest at a time 2. Be patient - success doesn’t come overnight 3. Don’t just grind; have a clear goal and focus on daily improvement

@rekxor Yes, it is

@0xSecuri Is it what i see?

Sunday grinding ✌️

@uaarrr Yep

@0xSecuri so you use --vvvv instead of console.log ?

@rekxor You've got a sharp eye bro 😀

@0xSecuri SideContractLenderPool::withdraw()?😂 Ik its wrong