sa1nt

@rokinot I agree. It feels like if the AI slop problem is fixed competitions can rise and thrive again.

However I refuse this narrative that contests are gonna die, not when we had a 550k + 1M last month

End of an era. I've never had a front-row seat to a product going from 0 to 100 back to 0 before. I still remember in 2022 when @sockdrawermoney said audit contests are a great thing for the Web3 space and that others should launch contest platforms. That was part of the green light that encouraged us to create Sherlock's audit contest platform. The irony is that I truly think Code4rena died due to competition. Sherlock was the 2nd entrant to the field, and Cantina and Immunefi came 1-1.5 years later and turned the space into a bloodbath where fees to audit contest platforms approached zero. I think if there had only been one audit contest platform (impossible I know), it would have been a very healthy, lucrative business. And the irony is that I think we'd see more contests and higher SR payouts in that scenario than we do today. On the bright side, I think competition made Sherlock's audit contest platform a much better product. Our customer-facing dashboards are more user-friendly. We reinvented our judging process 4x and it's now 10x better than it was 3 years ago. And our team as a whole was forged by fire thanks to the intense competition. I am a better founder and CEO because of the experience. I'm really grateful for the lessons that we learned by competing against Code4rena. Their team was truly mission-driven and cared about security outcomes in a way that some others sadly didn't (and still don't). Sherlock has fought hard to keep the security-first ethos in the audit contest space and in all our products. And we'll continue to fight hard for this. For any team that experiences a gap in the market due to Code4rena's exit, I hope you'll ask protocol teams and security researchers you trust for their recommendation. I'm grateful for everything Code4rena has given to the space and our team. And I look forward to Sherlock continuing to carry the torch of a security-first approach in audit contests.

@adeolRxxxx @code4rena I guess this is the wrong time to get into this industry

Hacks are happening on a steady. @code4rena just decided to wind down. What a terrific year to be in web3 security.

@0xfrsmln @code4rena Competitions really are this cooked i guess

BRO @code4rena IS WINDING DOWN 😭

@0x_Scater @revertfinance @cantinaxyz Good job bro

🏆 1st Place — @revertfinance Audit (@cantinaxyz) Ranked #1 out of 727 participants Earned: 5,284.82 USDC Findings: • 2 Medium severity issues Recursive thinking is essential when diving deep into complex protocols. #Web3 #BlockchainSecurity #SmartContractAudits #defisec

Most security firms are quietly moving away from audit competitions. This is one of the biggest mistakes happening in crypto security right now. There is a simple way to think about audit value: what does it cost to find a critical vulnerability? We looked at the actual data on what it costs to find critical bugs in crypto, and the numbers are not surprising. Finding a critical vulnerability in an audit competition costs $6,548 on average. The exact same severity bug through a bug bounty program costs $114,000. That is 17x more expensive for the same result. Now look at the traditional audit model. Some top firms charge $100 per line of code. Others charge as high as $25,000 per auditor per week. A single engagement can easily run $200k to $500k+, and you are getting maybe 2 to 4 people looking at your code. But cost per critical is not even the most interesting part. The interesting part is the structure of who is looking at your code. When you hire a firm, you get 2 to 4 auditors. Maybe they are great. Maybe one of them is having a bad week. You are making a concentrated bet on a small number of people. An audit competition attracts hundreds of security researchers. These are some of the best hackers, people who have found real vulnerabilities in major protocols. These hundreds of researchers are now armed with AI tools. They understand codebases faster. They write PoCs faster. They find bugs that would have taken DAYS in just hours. Think about what that means. You are not just getting hundreds of humans. You are getting hundreds of AI-augmented humans, each running their own workflow, each with their own intuition about where bugs hide. The scaling dynamics are extraordinary. The firms moving away from competitions are optimizing for predictable revenue, not for their clients’ best outcomes. That is understandable from a business perspective. But if you are a project choosing where to spend your security budget, you should optimize for bugs found per dollar spent. Audit competitions now also have scaling pots. The prize pool grows with the scope of the codebase. This aligns incentives in a way that fixed-fee engagements never can. But what about AI spam, low-quality submissions, and the time it takes to triage all of those submissions? Immunefi is addressing these with mechanisms like pay-to-submit, managed triage, and AI triaging agents, which are already showing very strong promise. The best security strategy is not either or. But if you have a limited budget and you want the most eyes, the most diverse skill sets, and the best cost per finding ratio, audit competitions are still the obvious choice.

|￣￣￣￣￣￣￣￣￣| Web3 Security is not DEAD |＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

This month might be the worst of them all 😭😭

@GrumpyLord36678 @immunefi Gongrats keep it up

After so much hard work and perseverance, I finally made it in the top 100 of whitehats of all time on Immunefi @immunefi I am 4th place in the past 90 days (: It's been a long rough ride. I'd like to personally thank Immunefi for giving me the opportunity and making all this possible! I'm forever grateful to have had the chance to have an impact and to have contributed positively to the space! No dream is ever impossible. it's only impossible if you give up KEEP working hard, be patient and let time do its thing Next goal is top 40 on Immunefi all times and 1st place next quarter

@TheBlockChainer I have been using this platform for a few days. Currently trying some shadow audits and it seems very fun.

After 6 weeks with 44 early builders, Zealynx Academy is public today 🥳🥳🥳🥳🥳🥳 A platform to help Web3 founders build secure protocols and grow them into real businesses. Four things inside: - Guides to fork DeFi protocols with awareness - Security training to build safer Smart Contracts - MBA-level knowledge to grow your protocol into a business - Interactive guides to build your own AI Agents to help you grow your company academy.zealynx.io

@0xCharlesWang 🫡🫡

I will do everything in my power to make defi great by improving security on all different fronts (focused on smart contracts however)

This month is crazy ngl a lot of exploits happening.

Very interesting approach from sherlock. Has this type of reward pool distribution been done elsewhere?

@Pro___King1 @KannAudits Going to be tough

The space is getting really tough for SRs. Here are the details of the @KannAudits internship: 1. ~100 security researchers selected 2. Some have $30K+ rewards in contests 3. Only top 3 per week get ~$150(per SR) 4. The rest → no rewards And all of them are auditing the same protocols. This means: - Heavy competition among skilled auditors - Maximum coverage for protocols - Huge advantage for projects being audited Smart move from a firm’s perspective. Tough reality for SRs.

Announcing the Solana Audit Arena ⚔️ A free, weekly security competition for Solana security researchers. Every Monday I drop a new Anchor program, built using the safe-solana-builder tool and real-world DeFi implementation. Why? → Junior researchers have no clear path to prove themselves → No practice ground with realistic Solana programs → AI is raising the floor; you need to be above it github.com/Frankcastleaud…

@PatrickAlphaC I'm guessing you are cooking somethin crazy

Competitive audits… but better

Very very interesting

@KannAudits Looking forward to it

Over 500 security researchers have applied for the Security Researcher Intern role at Kann Audits. That number alone shows how fast the Web3 security space is growing and how many people are serious about building a career in this field. It’s amazing to witness. If you haven’t applied yet, there are 3 days left to submit your application. We’re aiming to onboard the selected interns in early March, and we’re excited to help them build real portfolios, collaborate with other researchers, and level up their skills. Don’t miss your chance 🚀