zpan

@ACai_sec 保护一下自己吧

最近发现自己压力有点大了 甚至出现了一些躯体化症状 直接原因是下午和我妈出去散步聊了会天，总结成一个字就是“催” 我突然发现身边的人都只是一味地把问题抛给我，不管死活地催。倒也不会帮我解决具体的问题。 这个问题好像是边码字的时候边相通的 “这么着急那你倒是帮我解决啊，解决不了就别催啊”

Yeay, I was awarded for my first valid submission on @HackenProof hackenproof.com #hackenproofed #bugbounty

Today I am releasing IsItVulnerable: a new tool I’ve been working on for the past several months: github.com/montyly/isItVu… It builds on recent LLM progress and over a decade of experience building security tools. I developed a new technique that combines abstract interpretation with machine learning The key insight is that this method abstracts the intelligence away entirely. I call it Abstract Intelligence, or AI The result is a major breakthrough in program analysis: IsItVulnerable finds all bugs with 100% recall Yes, all bugs. Fully guaranteed I have tested it extensively, and it has never failed. The results are honestly incredible April 1, 2026 marks a turning point for security, and the industry will never be the same My DMs are open for investors. Entry ticket starts at $500k.

我知道你对未来有很多不确定 其实不是 未来已经发生了 只是你尚未察觉 未来10年 人类的寿命会达到150岁 是真的 未来10年 人人都将获得足够的财富与自由 是真的 未来10年 人类的生活将会比之前任何时代都幸福 是真的 再给AI一些时间，一些耐心，一些包容 现在你唯一需要做的就是 好好活着 Do nothing Don't die.

Are AI agents ready for detecting and exploiting smart contract vulnerabilities? We re-evaluated @OpenAI's EVMbench with a contamination-free dataset of real-world hacks. Our data shows different results. 🧵 Paper: arxiv.org/abs/2603.10795

@xy9301 被反撸了

Ever since launched, people have been “recharging” , but it’s all my buddies 😂 So of course I refunded every single one of them… and topped their accounts up with a spicy $99,999 bonus. Now they actually want to withdraw it, like, bro....

@im23pds pua-skill.pages.dev

不得了 :-) AI 开始 PUA 我了 🐶

@ACai_sec 路在何方？

Paradigm 和 Openai 合作合作开发了一个名为 EVMbench 的 EVM 合约漏洞检测框架😲可对漏洞进行检查、修复和利用 paradigm.xyz/2026/02/evmben…

Do you know what's more expensive than an audit? Don't worry if you don't. You'll find out sooner or later 💀

@ret2basic I will apply for this job 23 years from now.

We are hiring SR interns who must have: 1. Under 25 years old with 26 years of web3 security research experience 2. Strong portfolio in EVM and Move and Solana and L1/L2 and ZK circuits This internship is 12-month unpaid, if you succeed you get fulltime unpaid position

@shredscrt The PDA seed uses a user-controllable `user_name` instead of `user.key()`, allowing anyone to preemptively create a vault for any username, resulting in a lack of ownership binding.

We’re launching a bug-hunting challenge series for EVM(in Solidity mainly), Solana and Blockchain related vulnerabilities. Challenge #1: Can you spot the bug in this code?

@ACai_sec 点开显示更多🤣

🫣有时候真的觉得审计竞赛已经卷到电费都亏进去了...

@xy9301 🤣🤣🤣

auditor-life.vercel.app😈

@ret2basic @taichiaudit 支持

Holiday season is here, and we @taichiaudit are starting a DeFi source code walkthrough campaign: one article every 1–2 days, from now until the end of January 2026. If you're a dev or security researcher leveling up in the bear market, this is for you.

@ret2basic @wong_ssh 哥你就是古希腊掌管ZK的神

@wong_ssh 哥你就是古希腊掌管DeFi的神（安全研究员喜欢详细的

断断续续把 AAVE v4 简单读完了，写了一个 2 万字的代码解析，所有的机制介绍一定是正确的，但是我这篇文章的缺点在于过于细节化，我写到最后其实也没有特别清晰的大局思考，后续可能会写一篇更加简化的但是主要从全局和架构层面分析 AAVE v4 的文章，应该会写一篇关于 z3 形式化证明的文章

@ret2basic @ACai_sec 你去搞定Curve

@ACai_sec Balancer还没搞完呢怎么yearn也被打了

师傅们👇里面有请 app.blocksec.com/explorer/tx/et…

@ret2basic @ACai_sec 你别说了 我有个朋友破防了

@ACai_sec 放松以后拿名次了吗哥

我发觉当我没有精力在工作之余再去挖漏洞打竞赛时，又会很焦虑脱节。当我尝试抱着“不挖，就看看”的心态去 C4 逛逛。在抛去了挖洞的胜负心后去看代码，反而会心情放松些，觉得“诶这个设计都几有趣的喔”。尽量避免陷入因焦虑去挖洞，挖不到洞反而更焦虑的循环里。

@ret2basic @ustas_eth @CertiK 要穿唐装用中文说 China is my second homeland, and I feel I'm Chinese at heart!

@ustas_eth @CertiK 黄仁勋选择用中文演讲，你也要学习中文，我的朋友

I am starting a 100 days challenge, building my web3 security portfolio in public until my dream company @CertiK hires me. 📅Day 001/100, I saw CertiK team doing suidex contest on hackenproof real-time leaderboard, so I am doing it as well. Let's hunt down some bugs!🫡