Shalafat

293 posts

Shalafat

@0xlookman

web3 security research. DM for thorough smart contract audits.

blockchain Katılım Mart 2024

104 Takip Edilen225 Takipçiler

Sabitlenmiş Tweet

Shalafat@0xlookman·18 Nis

I know its tough for new projects/protocols Security is very essential but sometimes can be unaffordable at the start. I am giving out a chance to the first 10 protocols with no budget or a very limited one, interested. Contact me so that we can secure that codebase.

English

314

Shalafat@0xlookman·9h

@arsen_bt Yah, at times I also stopped on phase 2 And missed alot of bugs

English

Arsen@arsen_bt·13h

The 3 phases of every Solana audit ■ Phase 1 - Contextualize. > Skim every function. > Find entry points, actors, integrations. ■ Phase 2: Line by line. > Understand every atom. > Goal: walk the code in your head ■ Phase 3: Research. > List invariants. > Eliminate ideas > Conduct research > Do fuzzing > Dive into integrations Most auditors stop after phase 2 and wonder why they find nothing. The bugs live in phase 3.

English

854

Shalafat@0xlookman·9h

@0xShaedyW Cantina at it again Cantina, Cantina, Cantina every where Cantina Wherever you find something bad in web3, cantina is likely involved

English

199

Sir. M. Shade⒮🌴@0xShaedyW·14h

🚨 Cantina Apex is officially the top spammer in web3 security. 65 reports to MetaMask, 5 valid. 19 to Coinbase, 8 valid. 40 to Anthropic, 4 valid. 24 valid out of 167 closed: 14.37% accuracy. This is the future? A Spammertozoa?

English

146

20.6K

Shalafat@0xlookman·1d

@chrisdior777 Will be joining you soon

English

chrisdior@chrisdior777·1d

left Web3. starting something more stable 🤡

English

140

4.2K

Shalafat@0xlookman·1d

@windhustler I believe they just didn't put in efforts to monetize. There were many ways they could monetize. They didn't just apply them

English

GiuseppeDeLaZara@windhustler·2d

Immunefi Audit Comp | Firedancer V1 had 644 submissions, each costing $100. If the critical pot gets unlocked, they'll pay out $1 Million to researchers. Taking a wild guess, their cut is at least 10-15%. They'll earn $64.4k + $150k = $214.4k. How is this not a profitable business?

Patrick Collins@PatrickAlphaC

@PeatPeater2 Because contest platforms make $0

English

9.8K

Shalafat@0xlookman·1d

@bbl4de_xyz Some good memories

English

bbl4de@bbl4de_xyz·1d

The first time I participated in a Solidity contest I was learning vector calculus at my university - I remember precisely what formulas surrounding gradients I was studying when I got the notification from Discord with the result. Now, I'm observing how contests fade-away while studying gradient descent to better understand machine learning concepts and play around with neural networks. What a ride.

English

1.9K

Shalafat@0xlookman·2d

If protocol continue taking whitehats for granted. Web3 will not prosper. From bugbounties, now they are doing it on private audits.

Martin@ShieldifyMartin

First time getting scammed for providing an honest, on-time security service. 👏 Still, shoutout to @Fast_Protocol, @primev_xyz and @MuratLite - hope the help made a difference, even if it came at our expense. Hope the good gets passed forward to someone else 🙏

English

480

Shalafat@0xlookman·3d

But contests can not die like that, They are better than private audits security wise Because the more eyes on your code The more secure it is No other way can you get these eyes.

English

Shalafat@0xlookman·3d

@0x3b33 All goes down to cantina

English

435

Pyro@0x3b33·3d

Contests are dead, cantina killed them

English

242

15K

Shalafat@0xlookman·3d

@chrisdior777 @cmichelio I believe cmichelio has spent more than two years without hunting anything from there

English

chrisdior@chrisdior777·3d

Holy shit 🤯 I started my Web3 security journey on C4, and earned my first money there too. It onboarded thousands of people into Web3 security. Funny thing is that when I was starting, @cmichelio was #1 all-time. Now that C4 is sunsetting, he’s still #1. #unbeatable 👏

0xasen@asen_sec

🚨 CODE4RENA just announced they are shutting down End of an era for web3 security contests. Thousands of auditors built their careers there. What happens to the contest model now? Will it survive in a new form? Who absorbs the talent? Let's hear your takes

English

3.9K

Shalafat@0xlookman·3d

@asen_sec Everything comes to an end, but I didn't expect it to end like this

English

147

0xasen@asen_sec·3d

English

121

11.3K

Shalafat@0xlookman·3d

@adeolRxxxx @code4rena Ugly things are happening in web3 sec right now

English

140

playboi.eth@adeolRxxxx·3d

Hacks are happening on a steady. @code4rena just decided to wind down. What a terrific year to be in web3 security.

English

112

3.9K

Shalafat@0xlookman·3d

@pashov Nice from the guy

English

160

pashov@pashov·3d

A young and smart Nigerian guy messaged me last night. Hopped on a call. He was like "Pashov Audit Group is one of a kind and all other security companies suck, I want to work with you" There definitely are other good security companies. Already working with the guy though🫡

English

167

7.5K

Shalafat@0xlookman·4d

Been engaged in a solo audit recently More details to come

English

Shalafat@0xlookman·4d

Its high time protocols treated whitehats better They won't manage blackhats

0xHumr@humairar301

What is going on with @FloeLabs? They received a valid report through @immunefi, fixed the issue, then disappeared from mediation. Immunefi confirmed Floe has been completely quiet and already offboarded. Is this how a serious project treats whitehats? @base @AlexQuellsIt

English

Shalafat@0xlookman·4d

@DevDacian Have they ever been honest?

English

Dacian@DevDacian·5d

Looking back on this post in light of recent on-chain events, instead of finding honest work like plumbing jobless auditors turned to the dark-side by actively attempting (sometimes successfully) to exploit live protocols. Watchmen became wolves. Very sad to see.

Dacian@DevDacian

Easy money mostly gone in auditing. Many skilled auditors w/great portfolios looking for work + tons of new firms => more competitive market than ever, hence recent ambulance chasing / grave dancing. If you haven't made it already, consider pivoting to AI or learn plumbing.

English

3.2K

Shalafat@0xlookman·8 May

@Huntoor will be back soon

English

Hunter@Huntoor·8 May

where are those roadmap to success posters. i miss you guys.

English

1.8K

Shalafat@0xlookman·5 May

@0xapple_ @code4rena Good luck, attorney I have a case, dm when all is done. But I will need to know results of this case, before before we can proceed

English

119

0xApple@0xapple_·5 May

10 days auditing Monetrix on @code4rena now 20 days of being a lawyer 😭 already drafting arguments for findings I know judges will try to invalidate audit ends, the real work begins at this point in contests, fighting a homicide case would've been easier 💀

English

1.7K

Shalafat@0xlookman·5 May

Be polite, be good to people You lose nothing from being good And remember every action has a reward Good for good, bad for bad No other way

English

Shalafat@0xlookman·5 May

Hey dev, hey founder, is your protocol secure? Let's secure it

English

Keşfet

@arsen_bt @0xShaedyW @chrisdior777 @windhustler @bbl4de_xyz @0x3b33 @cmichelio @asen_sec