Hammad Ghazi

Secured the spot, grind starts next week

@ret2basic @TaiChiWeb3Sec 🔥

Only 0.4 away from winning🤣 Achievement so far: - RACE #37 1st place - RACE #42 2nd place - RACE #20 2nd place - RACE #27 3rd place I am from @TaiChiWeb3Sec

@arsen_bt Defendor

This is literally the best Web3 Security Insights channel. Hacks, News, Education — in simple words • Like the post • Comment "Defendor" And I'll DM you the invite link.

Couldn’t have gone worse. Learned a lot, coming back stronger next time.

@0xNForcer @cantinaxyz congratulations

Day 49 of 1001 – Building my @cantinaxyz portfolio in public Finally opened my account! Got the results back from my second contest - not much $$$, but at least I made it into the top 10% with 4 highs. I'll go through the missed findings in detail tomorrow.

This would’ve cleared up all my uniswap v3 confusions. Timing’s off for me, but this looks like the best opportunity if you’re looking to really understand how v3 works. Hoping they run it again soon

@nabeelimran852 finally!

@0xhammadghazi When your inbox delivers good news instead of spam 😄

Secured the spot, grind starts next week

@nabeelimran852 @cantinaxyz @kuprumxyz maybe he’s optimized his sleep to fit in more judging

@0xhammadghazi @cantinaxyz @kuprumxyz is he an ai agent 👀

One thing I really like about @cantinaxyz is how fast their judges work, especially @kuprumxyz who went beyond by keeping everyone updated on discord

one of the best things about @JeanCavallera all about solidity series is that even if you’re fairly experienced, you still pick up a nuance or two you might’ve missed before

@pkqs90 did you use that username in csgo or valorant?

Just changed my twitter handle to @pkqs90. The previous one @woshilalala was more of a troll name I used back in gaming, which I used initially to test the waters of web3. Now that this has become a serious career, gonna change back to my main handle now :)

@Al_Qa_qa Solid journey🔥 I see you picked up both solidity and rust in 18 months. Did you start learning rust after getting comfortable with solidity, like when you could manually review solidity codebases, or did you first go deeper into things like fuzzing, yul, math before switching?

Don't miss to read the story guys, from Frontend development to Web3 security. All this during my college studies.

@GalloDaSballo @PatrickAlphaC @Jeyffre That moment when you want to learn something and find a RareSkills article on it. You know you're about to really get it. Thanks for making that happen @Jeyffre

I want to publicly compliment @PatrickAlphaC and @Jeyffre for doing what I thought was impossible: Building a viable business with education as the driver It may look obvious today how the flywheel works with ongoing events, launches, products, audits and jobs This was honestly doomed to fail for many years, and must have taken an enormous amount of dedication The idea of having to take a massive paycut for years (compared to being a dev or auditor), building what seems to be a pretty big (expensive team) It’s inspiring to see you guys pulled it off at the highest level!

@pashov Already on my way. No looking back.

Say it with me - "I will work as hard as possible and will become the next big web3 security success story"

@chrisdior777 This is @jklepatch and you are on eat the blocks

OG Web3 devs/auditors remember: - CryptoZombies - Secureum - Smart Contract Programmer on YT - Mastering Ethereum book - cmichel This is how most of us learned smart contracts back then. What else shaped your early days?

@0xSorryNotSorry So you're the audit after the audit?

Ok guys, I'm quitting web3 security, Can't find bugs anymore... kidding 😂 Just got hired to review a codebase after a Tier A company audit. Found 2 Highs and a Medium on top of their "clean" report. They re-hired me right after. Guess I'm not going anywhere.

@arsen_bt ...and clearly not sticking to one language either. From solidity to func

Exactly 365 days Just reading the code and not - Complaining - Procrastinating - Quitting Everyone can get the milestones done.

@Al_Qa_qa Agreed. Digging into the rabbit hole is never a waste. Even if you miss the bug, it deepens your understanding and helps you catch similar ones later. Reviewing contest reports to understand what you missed and why also teaches a lot. Those insights compound. Nothing is wasted.

I want to share this short story with you guys regards contests, and how joining them, helps you. When I joined Blast L2 contest on Cantina, I was not a very experienced auditor, but I decided to join at the end. The codebase was hard for me. This was my first time dealing with OP Chain, which has an internal yield mechanism. I couldn't handle that many large files at this time. When checking and seeing files, I find that the Bridge (Portal) allows users to provide the value they receive. It is like he can give L1 10 ETH and request 20 ETH without problems. This was weird to me, as this is the implementation of the Optimism itself. I started the node and tried to test this situation. And at the end, I figured out that Optimism Nodes handle this internally. In simple terms, if you send 10 ETH on L1 and request 20 ETH at L2, Nodes will take the rest (20 - 10 = 10 ETH) from the sender address at L2, and send it to the L2 receiver address. I tried all possible situations, and OP nodes handle all situations, no issue at all. Time passed, and later, after ~10 months, I decided to join Soon contest. It is an OP stack L2 chain, but L2 nodes are SVM Rust dependent. When checking the codebase, and checked the L2 Bridge, I found that it gives the user at L2 the `value` provided at L1. I remembered what I figured out from Blast contest, the `value` is an input value the user can put, and OP nodes handle the process internally. I saw L2 node implementation, and checked it out, and I found that the process is not handled. This was a Unique High finding I found in Soon contest. The contest you join 9 months ago, and you failed to get good results in it. helped you later in other contests, and this is why I and most of the top auditors recommend joining contests. Before Soon contest, you may feel like you wasted your time joining that Hard competition, and you may think, I could have joined another one, and gotten good results. But this contest you joined was one of the reasons that helped you in your future contests. Never be pessimistic about contests you join and fail; you are building yourself. And that's it. If you have similar stories, don't hesitate to share.

First audit contest on @SherlockDeFi: Symmio Found 2 medium severity issues but only submitted 1 (ran out of time). Maybe next time I should submit before continuing the hunt 😅 Still a great experience!

Long overdue, but here it is - stepped into web3 security. Didn’t get to go all in, but first audit contest: 2 highs, 1 medium. Let’s see where this leads.