Sabitlenmiş Tweet
It took 122 pomodoros during 25 days to research @BeanstalkFarms
Managed to find 16/22 High and 14/33 Medium. Would love to work again researching this complex project!
English
T1MOH🪐
1.5K posts
T1MOH🪐
@0xT1MOH
Hakuna Matata | ASR at @spearbit I Resident at @cantinaxyz | Won $300k+ | 200+ High/Medium issues | Pomodoro Ambassador |
Katılım Ekim 2022
296 Takip Edilen1.7K Takipçiler
something normal people fail to get is we dont have fixed times or days for work haha
we are always working and we are always available for fun.
both things could be true at same time. there is no switch like that.
we see all hours of 7 days equivalently.
curiousapple@0xcuriousapple
tech people should go out and and interact with people outside their bubble to better understand reality. first, we don’t realize how privileged we are. we’re still earning significantly more than the general average. second, for some reason, other people think we’re geniuses, when we clearly are not. personally, i don’t think coding is particularly difficult, and the same goes for audits. if you’re able to articulate your thoughts through a beautiful painting or a poem, that’s no different from coding, I’d even argue that it’s harder considering lack of patterns. all we do is if/else, for loops, read and writes. the good thing among most tech people is we know where to do hard work and how to grab opportunities. we understand concepts like equity, cash flow, margins, and so on. whole many others never get exposed to these. the thing we should learn from general populus is social skills haha
English
@cyfrin was cooking
Cyfrin Audits@cyfrin
As of today, BattleChain testnet is LIVE. The pre-mainnet, post-testnet blockchain, where whitehats legally attack your smart contracts before they reach production. Deploy. Get attacked. Ship stronger. Here's why we built it, what it is, and how you can get involved 🧵
English
BattleChain fixes this.
Bug bounties: "find a vuln, write a report, we'll pay you (maybe)."
BattleChain: "find a vuln, exploit it, keep 10%, return the rest."
You stole the money. You sent it to the recovery address. You keep your cut.
No politics.
No discretionary payouts.
On-chain Safe Harbor agreements make it legal.
English
As of today, BattleChain testnet is LIVE.
The pre-mainnet, post-testnet blockchain, where whitehats legally attack your smart contracts before they reach production.
Deploy. Get attacked. Ship stronger.
Here's why we built it, what it is, and how you can get involved 🧵
GIF
English
@bbl4de_xyz @0xDontonka I have huge respect for C4, but Zellic's code4rena is different entity
English
@0xDontonka Sorry this happened to you. I have huge respect for C4 for all they did to the space, but the current contest judging is undeniably very flawed - I've got similar experiences (fortunately on a smaller scale $-wise).
English
Keeps coming up that Malaysia is one of the most underrated countries in Asia for remote work and comfortable living. Bali and Thailand get most of the attention, at least among Europeans and Americans, but people who've actually tried a few bases keep saying the same thing.
English
I made $140k auditing web3 projects in 2025
Here's the exact breakdown:
- Contest winnings: $9k (5 contests, 2 - top3)
- Working for firms: $131k (32 audits)
- Bug bounties: $0 😅
Time investment:
- 50-60 hour weeks
- ~2k hours auditing
- ~$70/hour effective rate
The best part? Year 2 earnings typically 2-3x year 1.
Most auditors I know are at $200k+ by year 3 (some even before that 👀)...
English
Hey, last day at @CryptoExpoEu, if you're here and wanna chat, feel free to poke and nudge.
I look like in this picture of me
English
@adeolRxxxx @immunefi Do I understand correctly that submitted issue is valid, but reduces accuracy because it's dup? Intuitively it should increase accuracy because valid.
English
I write this tweet with pain and regret in my heart, as currently I’m in complete deadlock.
A new Protocol dropped on @immunefi bug bounty, I quickly checked this protocol, rawdogg thousands of lines of code to find bugs in this, day and night I didn’t sleep.
Submitted a bug that lands to direct loss of funds permanently in the contract.
P.s noting on the programs page of old bounty, as this bug is even live on mainnet with lots of funds at stake.
It got escalated to the protocol, and protocol was so malicious to provide a json as a prove that this bug been submitted in their old bounty program??
What type of malicious behavior is this?
If this was an old bounty, why not include it for srs so as to avoid them?
> Now I’m in complete deadlock because I have <10% accuracy. Due to the fact of the other dups I submitted back to back on this same project that got closed.
@immunefi when the feature to pay $75 for escalation, I’m ready to put my money in
Protocols like this can’t be treating SRs this poorly, it’s bad.
It’s a thin line between becoming a blackhat from a whitehat but I promised myself that I won’t steal.
English
English
Proud to achieve first place on the @InverseFinance competition in @sherlockdefi. Pushed super hard on this one and sometimes things just click.
Turns out stablecoins is my favorite thing to audit after working on one for 2+ years!
Excited for the next steps coming soon 👀
SHERLOCK@sherlockdefi
Here are the results of the @InverseFinance Audit Contest! 1. @0xdmanwalking - $1,833 🥇 2. bughuntoor - $8,312 🥈 3. @ValvesSec - $1,691 🥉 $35,500 in rewards, bringing Sherlock's total researcher payouts to $19.6M+. Link below for the full results 👇
English
That's my mentee! More wins coming
Securious@0xSecurious
Great contest, good to know I missed 1 medium to place higher! Congrats everyone👏
English
We’re looking for 4-5 Security Audit Interns at @QuillAudits academy who don't just "read" code, but break it.
The Stack: Solidity, Rust, Move.
Nice to have: Hands-on experience with Testing & Fuzzing (Foundry, Echidna, Medusa).
This is an unpaid 3-month internship designed as a high-octane trial. Perform well, and you’ll be fast-tracked into a Full-Time Auditor role.
If you think like an attacker and build like a defender, let's talk
English
My first top 10 placement came from @cantinaxyz with a 6th place on the @MentoLabs V3 contest on a super solid codebase despite allocating about half the available time on it.
Feels good to learn and be rewarded for the work over the past few months. Onwards!
English
Usually, to learn what new capabilities a technology has, you’d need to check in once a year since big leaps and polish rarely happen faster
- But with AI, it’s best to recheck model capabilities every few months since what was impossible a couple of months ago is now a boring reality
- In competitive fields like contests, you need to regularly ask yourself "can AI do it" for any task and recheck every few months
- I think rn almost no one writes PoCs themselves, but 1-2 years ago most (all?) people would do it by hand
- Or use it to quickly understand parts of the code you’re seeing for the first time. Hallucinations have gone down significantly
- Or invalidate your ideas fast
- Otherwise, your competitors will get way ahead
English