Synthrax

152 posts

Synthrax

@0xSynthrax

Blockchain Security Researcher | Ex C low-level developer | Auditing with @CODESPECT | https://t.co/ZnRgn86x5T

Katılım Kasım 2023

315 Takip Edilen143 Takipçiler

Sabitlenmiş Tweet

Synthrax@0xSynthrax·31 Ara

2025 was an interesting year. • Left my dev job at the beginning of the year • Became full time crypto degen • Missed programming after 6 months and decided to learn blockchain development • Discovered Web3 audits and fell in love • Got my first contest result in September • Got my first private audit 2 months ago • Made a lot of great connections • Closing the year with 4 private audits Plans for 2026: make it all count

Synthrax@0xSynthrax

My first private audit collaboration got finalized today🔥 Grinding started to pay off 😎 Feels like a big step forward

English

3.5K

Synthrax@0xSynthrax·2d

When you know there is an issue in this suspicious function but you just can’t prove it yet.

English

254

Synthrax@0xSynthrax·3d

@zuhaib44 @CODESPECT

GIF

QME

zuhaibmohd@zuhaib44·3d

@0xSynthrax @CODESPECT Yes I did

English

Synthrax retweetledi

Synthrax@0xSynthrax·3d

Did you already register for the upcoming @CODESPECT contest? Good contest performance is a lot more valuable during markets like this. Btw I’m going to be the judge 👀 Don’t miss the opportunity👇

English

1.5K

Synthrax@0xSynthrax·4d

Started a solo audit a few days ago. The ones grinding through bad markets are the ones who win when things turn around. Stay busy, anon.

English

201

Synthrax@0xSynthrax·3d

specsiege.codespect.net

ZXX

165

Synthrax@0xSynthrax·5d

New contest👇 Don’t miss the opportunity anon

CODESPECT@CODESPECT

As promised. Today, we have a big announcement We're launching registration for SpecSiege. It's our double-check format for audits. First, an internal private audit went through the code with a full manual review. Then the community review follows. 10 days of open review on a fairly large codebase, we know, but the chance to work on an ERC-6909 European bond platform, an institutional project, doesn't come around every day. - €15K total pot (€13K community pool, €2K fixed for the lead researcher). - If only Lows are discovered, €5K is distributed instead. Simply find bugs after us and get rewarded. We value your participation. We're not here just to squeeze you. Link below ⬇️

English

268

Synthrax@0xSynthrax·6d

Something’s coming 👀 Stay tuned

Talfao@talfao1

I've always valued the web3 security community. Tried to share my path early. A lot of Cairo posts back then. That was how I differentiated myself, and some security takes along the way. Tomorrow, with @CODESPECT, we push it further with an opportunity we haven't opened up before. Stay thrilled.

English

125

Synthrax@0xSynthrax·13 May

@lonelysloth_sec Gaming community doesn’t like anything AI generated in the games, so studios are afraid of adding things like that. There were a lot of cases with negative backlash when community discovered that in some aspects(not connected to programming) there was AI used.

English

LonelySloth@lonelysloth_sec·13 May

Are all new videogames coming out using real time LLMs for realistic interactive NPCs? If not, why not? Is it a matter of time? Of cost? Seems to me like a no brainer use for the technology. You shouldn’t even need good models. Stuff from a year or more ago would probably be good enough. Are there any games that use it? Any recommendations?

English

Synthrax@0xSynthrax·12 May

@blckhv Which “auditors are cooked” ai innovation are we on right now? I’ve just lost count

English

191

Blckhv@blckhv·12 May

How long until smart contract auditors are cooked?

OpenAI@OpenAI

Introducing Daybreak: frontier AI for cyber defenders. Daybreak brings together the most capable OpenAI models, Codex, and our security partners to accelerate cyber defense and continuously secure software. A step toward a future where security teams can move at the speed defense demands.

English

Synthrax@0xSynthrax·8 May

@talfao1 Sign of success

English

Talfao@talfao1·8 May

I have first impersonators, be careful. I never want your crypto keys or never share with you any code etc.

English

334

Synthrax retweetledi

CODESPECT@CODESPECT·29 Nis

CODESPECT is proud to support @Solbuildersclub. We've agreed to provide special perks for community members. If you're part of SBC, you can reach out to us for discounted security services, security guidance, and a free initial consultation on the security behind your project. Supporting builder communities is core to what we do. @solana is a great example of how strong communities ship great products. Members can DM us or reach out through the club to get started.

English

506

Synthrax@0xSynthrax·28 Nis

@lonelysloth_sec AI missing vulnerabilities made by AI, who would have thought

Synthrax@0xSynthrax

There are audit review fix comments in the code. Was the code audited by AI? Because even junior auditor wouldn’t miss this kind of bug👀

English

643

LonelySloth@lonelysloth_sec·28 Nis

"Coded" by Claude on Feb 1st. "Audited" by Claude on Feb 2nd. "Fixed" by Claude on Feb 3rd. Deployed to mainnet (by Claude?) on March 19th. Funded on April 24th. Rekt (by Claude?) on April 28th. Welcome to the future. 🤡🤡🤡🤡🤡🤡🤡

PeckShield Inc.@peckshield

It seems a @tradingprotocol vault, i.e., YieldCore-3rd-deal, was exploited with $398k loss. There is a missing check on the caller authorization, which is exploited to drain all funds from the vault. Here is the related tx: etherscan.io/tx/0x6b04344d5…

English

168

15.7K

Synthrax@0xSynthrax·28 Nis

There are audit review fix comments in the code. Was the code audited by AI? Because even junior auditor wouldn’t miss this kind of bug👀

PeckShield Inc.@peckshield

English

932

Synthrax retweetledi

sudo rm -rf --no-preserve-root /@pcaversaccio·21 Nis

the negative and positive things that have happened since saturday are the result of _centralised_ points of building. everything that has happened (the bad and good things) would not have happened if we built in a truly decentralised way. overall, dprk would have far fewer "gains" if we stuck to cypherpunk principles. like, dprk does _not_ focus on smart contract hacks, they almost exclusively target centralised attack vectors. if we want to win against dprk (and any other state actor, which all focus on web2-based attack vectors), we need to go full cypherpunk mode. if this is not a wake up call, i do not think we will get a second chance.

English

240

17.4K

Synthrax retweetledi

Talfao@talfao1·20 Nis

This weekend KelpDao lost $292M. @LayerZero_Core just published their incident report. The protocol worked as designed. The smart contracts were fine. The money left through an RPC poisoning attack on a single-DVN configuration that multiple parties had warned against. A thread on what this teaches us about every attack surface. 🧵

English

910

Synthrax@0xSynthrax·3 Nis

@FirepanHQ 👀

QME