0xSimao

The @Aave V4 audit contest results are now published! There were no validated Critical/High/Medium severity issues. The $10,000 USDC gas pot will be split across 6 researchers, proportional to leaderboard points. Thank you to everyone who participated. Full results here: audits.sherlock.xyz/contests/1209

🚨 Half a million dollars paid. 🚨 The largest-ever unconditional prize pool is officially settled — all $500,000 distributed to participants. 4 high & 7 medium severity findings rewarded. Shoutout to @Monad & @category_xyz for their unwavering commitment to security!

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

To the participants of the recent $1.1M @code4rena zkSync competitive audit and the zkSync community 👇 As the competition came to a close, as is customary for our team, we conducted an initial review of the results and findings. Integrity, transparency and fairness are core to our ethos, so we always put maximum emphasis on our due diligence process. During this review we noticed anomalies in the findings, which led us to 1) conduct further investigation, and 2) pause the bounty distribution until the investigation concluded. After an in-depth investigation, we identified a conflict of interest between a participant in the competition, HE1M, and a third-party contractor working with Matter Labs. The investigation concluded that HE1M gained an unfair advantage in the competition by failing to disclose that their spouse was a contractor on assignment with Matter Labs. One or both of the following scenarios took place: - The individual purposefully did not disclose bugs in the system to gain an unfair advantage. - The individual’s spouse received unfair positive treatment by the contractor. We have zero tolerance for anything that challenges the fairness and integrity of the contest. From the possible scenarios described above, both are cause for disqualification. Upon conclusion of the investigation, Matter Labs notified Code4rena and immediately terminated the working relationship with the contractor involved. Code4rena followed course with their standard operating procedure of performing their own thorough diligence and providing evidence to an independent judge for review. The independent judge received all of the findings from our internal investigation, and the judge came to the same conclusion. As a result, HE1M, the participant with a conflict of interest, had their submissions deemed ineligible for awards so that competition funds could be distributed fairly to other participants. It is possible that HE1M’s discoveries in previous competitions were also the result of the same conflict of interest. While we are not in a position to retroactively review submissions from prior competitions, the conflict of interest was discovered by the diligent team overseeing the current competition before rewards were distributed. Our team has put parameters in place to ensure that a similar situation does not reoccur. We deeply apologize to the participants and condemn the actions taken by HE1M. In future contests, as well as in all Matter Labs initiatives, we will continue to be transparent in our communications with the community. We are grateful to our and Code4rena’s team of experts for their impressive due diligence and for raising the bar in accountability and integrity for white hats across the space.

Pretty happy with this result from the @Panoptic_xyz contest on @code4rena, having in mind that I worked on it for a few days only. Managed to find a very interesting medium with only one duplicate. Congrats to @ValvesSec for the good job!