zpan

133 posts

zpan banner
zpan

zpan

@0zpan

DM for cooperation.

Los Angeles, CA Katılım Mayıs 2021
1.2K Takip Edilen251 Takipçiler
Vid Repar
Vid Repar@vidrepar·
Duplicate detection got a sibling today. Known issue matching is live in Studio Review. Programs keep a list of issues they already know about. Match one and your report gets closed like a dupe. So the review now checks that list before you submit. Tag your role model researcher in replies and I'll get you both access.
GIF
English
20
9
42
5.1K
ACai
ACai@ACai_sec·
@0zpan @HackenProof hackenproof的新号积分根本不够现在项目要求的门槛🫠连提交的资格都没有
中文
1
0
1
72
zpan
zpan@0zpan·
My current favorite model is GPT-5.5, before GPT-5.6 came out. @thsottiaux
English
0
0
8
657
zpan retweetledi
OpenAI
OpenAI@OpenAI·
GPT-5.6 Sol, along with Terra and Luna, will launch publicly this Thursday. We’re expanding preview access globally now.
OpenAI tweet media
English
2.5K
6.8K
47.9K
9.7M
Vitto Rivabella
Vitto Rivabella@VittoStack·
4 days ago we launched Jailbroken, a PRIVATE Discord community to learn AI red teaming and safety. Since then: - Over 250 security researchers joined - Top resources have been collected - People shared countless techniques and discoveries Today, we've secured over 100B in FREE AI tokens for all the members. If you want to join, drop a comment.
Vitto Rivabella tweet media
English
1.6K
70
1.4K
115.1K
Andrea | Blockchain Security | 🦀 . Solana 🏖️ 💻
Bug bounty reality check: Found an issue where fees could still be collected after permission was revoked. Submitted it, but the finding was rejected. Frustrating? Yes. Giving up? No. Every invalid finding is another lesson. Back to the code. 🛡️
English
4
2
52
2.1K
zpan
zpan@0zpan·
4 Dup in one Day
zpan tweet media
English
1
0
9
609
zpan retweetledi
AlexSR
AlexSR@0xAlexSR·
Been wanting this to exist for a while, so I built it. ProofOfRep, a reputation board for bug bounty programs and contests. Report your unfair or dishonest experiences, with proof, and I'll manually review everything. Hope it helps SRs focus on projects that actually take security seriously. Still early. Let me know if this sucks or if it's useful. All feedback welcome. proofofrep.xyz
English
15
32
169
14.5K
zpan
zpan@0zpan·
3 months building an AI-powered vuln-hunting system taught me: AI doesn’t replace auditing — it turns intuition into an engineering loop. 1H3M in bug bounty so far. Keep moving forward.
English
0
0
8
287
WhiteHatMage
WhiteHatMage@WhiteHatMage·
Last time I checked, hardly any ZK projects had bounty programs. Now’s a good time to set one up.
English
3
1
81
3.6K
zpan
zpan@0zpan·
@WhiteHatMage However, it's clear that you can't request a review of a duplicate, low-severity report.
English
1
0
0
243
WhiteHatMage
WhiteHatMage@WhiteHatMage·
I also have another theory about duplicates: some projects and platforms abusing nonsense slop submissions. You disclose an e2e-proven exploit, but it gets marked as a duplicate because of the "root cause". The slop report contains the vulnerable lines but no actual proof or has invalid claims. With enough slop, you cover all the lines where a reasonable bug could exist. Then the project reopens the invalid slop submission, pays it as Low, and avoids paying the actual Critical. That’s my worst nightmare. That shouldn’t happen ever.
WhiteHatMage@WhiteHatMage

I’d say that getting too many duplicates in old bug bounty programs is a sign that your hunting strategy needs improvement. Duplicates should be rare.

English
21
9
113
10.5K
0xaudron
0xaudron@0xaudron·
Everyone hitting $10k bounty on @HackenProof , is it mostly on Hyperbridge or diff program ? My feed is kinda full with $10k bounty post.
English
6
2
127
6.1K
ret2basic.eth
ret2basic.eth@ret2basic·
@ACai_sec 我计划是30天没活就转行 现在还差17天 我也在看新领域还没想到特别好的
中文
2
0
7
446
ret2basic.eth
ret2basic.eth@ret2basic·
Bye code4rena🥹 What’s next web3 SRs, what do you plan to do next? Any new field that has opportunities like code4rena back in 2021?
English
8
1
70
4.5K