0xStalin

1 more year has gone by, marking 2 years since I ventured into the world of web3sec. This second year, I worked full time on this craft, and man, I can tell you it’s one of the best decisions I’ve made. Over the past year, these are the most important highlights. - Won 2 contests & placed multiple times in the top 5. - Collaborated with multiple audit firms. Lately, I’ve been working with the chads @bailsecurity, securing big names in this space. I'm very grateful to all the lead auditors who have given me the opportunity to collaborate with their teams. See y'all at the top 🫡

Vote for us in the Nominee Selection of the Security Council. Voting is open from March 22nd, 2026 - 12:32 pm UTC until March 29th, 2026 - 12:32 pm UTC. Member Election starts Apr 12, 2026. tally.xyz//gov/arbitrum/…

With AI, people think the following files will help protect them: .gitignore .cursor/rules .cursorignore CLAUDE.md .claude/settings.json However, these files are just asking your LLM; "I have $1M in here, please don't steal!" But you can take the .env pledge on-chain now!

@0xStalin Good post

@DoD4uFN Happy to hear you enjoy it 🫡

@0xStalin It was a nice read 👍 Hoping to have more of those in my timeline

@aviggiano @monad Congrats sir

I’m happy to share that I’ve joined the security team at @monad Monad Foundation! I’ve been really impressed by the team, their technical depth, and their ability to execute, and am excited to contribute to making the ecosystem more secure.

@p_misirov x.com/joranhonig/sta…

guys what do we do.

Announcing the Solidity Testing Handbook ✨ Fully free, one-stop resource for Solidity developers and security researchers. Resources are currently scattered across blogs, docs, and forums. I found it difficult to keep track of everything in one place. This handbook aggregates all testing patterns from basic unit tests to advanced mutation tests into a single, well-organized guide for quick reference. It’s built from my own learnings and best practices observed in popular codebases. soliditytestingbook.com

@TamayoNft Heeey, congrats champ 🥂

I came back yesterday to my house and my wife surprise me with this, I'm goint to be a father. I know some people in the web3 sec community are fathers, some advice to me? Im scare honestly.

@0x3b33 In the not-so-distant future, I'd add an AI audit before going for the external audit 😉

If I was a project owner looking for an audit here are 5 things I would do to get the highest security with the lowest possible price ! 1. Simplify the code - not only do we reduce bugs, but we lower our auditing quote as more code tends to equal higher audit quotes. 2. Do an internal audit - your team is already working on the code and knows it very well. They are also cheaper than hiring external auditors, so why don't you put them to work by having a few days just for cracking their own code and finding bugs in it. 3. Write some tests - I would write a lot of tests, but if I am in a hurry would make sure I know the contract works and have tested the most basic operations. Let cursor write the setup and test, it's gonna be really easy to pump a lot of tests in a day or 2 4. Write some docs - no need for a whole white paper, just a few lines of comments above important or difficult to understand functions. 5. Place a bug or 2 inside the code - to test how good the auditors are. Make them a bit hard to spot, but not too hard.

Introducing the new Strata. A refreshed identity. Multiple markets. A platform built to democratize on-chain yields. Next-gen structured yield products. Only on @strata_markets.

@deadrosesxyz Looks like indeed the caffeinated 20 yr old Bulgarian won x.com/PeckShieldAler…

ok apparently this is a new competitor the big question is who's gonna win? a Paradigm-backed protocol or a caffeinated 20 yr old Bulgarian? (they stand no chance)

Why wouldn't you submit the issues at least as Meds? - If they turn out to be H or M, being submitted as M can be upgraded. If they are actually lows, then they'll be downgraded and excluded from the QA payouts, but what's the point of risking losing a valid H/M for the possibility of getting the QA report payout?

I was patiently waiting for the Megapot report to drop because I had my suspicions that I may have played myself, again. Apparently, I submitted 2/3 high findings in the contest as lows. And as you know, according to C4, it's a bye-bye-baby-gone situation. My L-01 is H-03 My L-05 is H-02 (2 dups) Boy! I'm surprised I can still stand, considering the number of times I shot myself in the foot in the last quarter of 2025. lol. Solayer: Missed out on top 3 for not adding a "specific" precondition to my report for what turned out solo. Rezerve: Missed out on top 5 for not catching a dup of my report that turned out to be solo. This particular contest hurts to think about, because of the sheer number of oversights I found out later. Now, this. This is the reason behind my decision to do team audits going forward. I need a second pair of eyes -- at least for now.

@ihtishamSudo @cyfrin Thanks sir, appreciate it 🫡

@0xStalin @cyfrin wishing u more success stalin

What I got done during 2025: > Joined @cyfrin as a full-time LSR > Fully booked during the entire year in private audits > Worked on ~30 audits, including some of the leaders in our industry > Massively outperformed myself in terms of # of bugs found compared to last year, as well as the quality and rarity of those bugs. > Got to work with very talented SRs Overall, this was an extremely successful year. I surpassed all my expectations and became a more skilled SR. Here is to a new year full of new challenges and growth. 🍾

@real_a_kalout @cyfrin Thanks G 🫡

@0xStalin @cyfrin Great stuff, all the best!

@TamayoNft @cyfrin Thanks, broder, onto another year killing it. Hope to get to work together again soon 🫡

@0xStalin @cyfrin Incredible brother congratulations 🙏

@0xSimao @DeBankDeFi I haven't been asked to login/do annoying stuff on debank. I only paste the address I want to check and it loads the assets listed on what protocols on what chains they are deployed. Really useful if you deploy capital to defi projects on different chains.

@0xStalin @DeBankDeFi I tried a few services but they were paid so I figured it's easier to just ask claude to do one. DeBankDefi looks good but I tried configuring it and it started asking for login and stuff which is annoying.

Just vibe coded a gh repo that fetches all your earnings from an array of wallets. Mostly useful to get contests earnings, I have already selected the main tokens used for payment. It likely doesn't work well if you use the wallets for other purposes. github.com/0xsimao/wallet…

@0xSimao @DeBankDeFi though, afaik, it only works for one wallet at a time

@0xSimao @DeBankDeFi works amazingly to track all your assets deployed across multiple chains on different projects