Antics Decoded

1K posts

Antics Decoded banner
Antics Decoded

Antics Decoded

@AnticsDecoded

I do everything except audit

Katılım Nisan 2024
4 Takip Edilen423 Takipçiler
Sabitlenmiş Tweet
Antics Decoded
Antics Decoded@AnticsDecoded·
Found a Medium-severity vulnerability in Zebra, @zcash's Rust full-node implementation, and reported it through the Zcash Bounty Program for a $37,500 bounty. Already patched and shipped in v4.5.0 — disclosure below. github.com/ZcashFoundatio… @ZcashCommGrants Had some duplicates too. Feels good 😁
English
17
9
107
9.3K
Greg Brockman
ChatGPT Work is so good, very proud of the team and excited for people to explore what’s possible
Victor E. Nunez@nunezvice

a lot of people haven’t realized how much more capable Chat has become in the last few days how much of Codex is now available directly inside @ChatGPTapp on mobile and the web. the Codex desktop app is great. I obviously live there. but now, inside ChatGPT, you can tap Work on mobile or the web to hand off a task that runs in the cloud, no computer needed. you can also tap Remote to pick up and continue work already running on your computer. start at your desk, keep things moving on your phone, or kick off something new wherever you are. agents shouldn’t care which screen you started from.

English
90
40
876
116.7K
Yassine
Yassine@yassine3eth·
Banned from Immunefi? Now there's a way back in. A run of invalid reports can lock your account out of submissions. The new Immunefi Studio Academy gives you a path back: pass a short skills assessment and your access is restored automatically. Enrolled → Pass → Reinstated ✅ Invite-only for now. DM me for access 💬
Yassine tweet media
English
27
11
110
11.9K
farismaulana 🏖️ 💻
my "improved" run is three times worse in term of false positive rate😅
farismaulana 🏖️ 💻 tweet media
English
1
0
17
1.2K
Antics Decoded
Antics Decoded@AnticsDecoded·
Reported a medium-severity remote DoS vulnerability in @PirateChain capable of crashing synchronized production nodes. Rooted in the shared Komodo codebase, so it affected the whole chain family. Responsibly disclosed, coordinated, and now fixed in v5.9.3 piratechain.com/blog/pirate-ch…
English
1
1
2
140
Purpledragon
Purpledragon@MVadivalan·
I Excited to share that I recently discovered a high-severity security vulnerability in @CantonNetwork. The issue was responsibly disclosed, independently confirmed by the security team, and has now been patched.🛡️🛡️
Purpledragon tweet media
English
7
2
56
2.2K
Antics Decoded
Antics Decoded@AnticsDecoded·
@hrkrshnn On point. With my wack workflow I am still better than them because I got $$$$$ not just points
English
0
0
2
266
Hari
Hari@hrkrshnn·
This is false. We compete a lot with our AI tool and have earned nearly a million dollars overall and #1 on the US business leaderboard in 2026. The accurate framing is Tenzai is #1 in Q2 in a narrow category: VDPs. Bugs that don't have a bounty. Very little competition there!
Tenzai@Tenzai_Labs

The Tenzai AI hacker joined @Hacker0x01 in March. Less than 90 days later: #1 among all AI security companies on the platform. Cost: ~$20,000. Read it --> tenzai.com/blog/tenzai-hi…

English
3
0
47
8.9K
Jacob Phillips
Jacob Phillips@JacobPPhillips·
UPDATE: No vulnerability. (Confirmed by @Lombard_Finance team) We welcome (and will reward) all good faith bug reports — but it is poor form to tweet about a potential bug before submitting it to the team. This tweet was live for ~13 hours before a report was shared, which was quickly cleared as not a vulnerability by the Lombard team. If you think you’ve found a bug, these are your best resources: - @immunefi Bug Bounty program (best place) - Get in touch with any verified Lombard team member - Email us (security@lombard.finance or support@lombard.finance) Our docs page is another great resource: docs.lombard.finance
Fibonacci@kumo_eth

POV: I discovered a critical vulnerability in a protocol with + $800 million TVL at risk, scammers desperately trying to front-run 🤣

English
11
4
82
21.7K
playboi.eth
playboi.eth@adeolRxxxx·
I go to bed alone, and it’s killing me
English
9
0
19
1.9K
Antics Decoded retweetledi
Antics Decoded
Antics Decoded@AnticsDecoded·
@v12sec Is the publicly disclosed V12 as good as this? If yes why plan could I pay for to be this accurate
English
0
0
0
147
V12
V12@v12sec·
we consistently find bugs human auditors miss in this review for the Ethereum Foundation, we reported a unique High-severity bug. it stems from missing input validation us and the human auditors found the same set of crits
V12 tweet media
PSE@PrivacyEthereum

We hardened Sonobe, our folding schemes & IVC library, before its first release. Two audits: one human (@alpeh_v) + one AI (@v12sec). Each caught bugs the other missed, but both independently flagged every critical one. Read more 👇 pse.dev/blog/sonobe-up…

English
3
3
63
11.7K
Antics Decoded
Antics Decoded@AnticsDecoded·
@0xAnmol_ Yeah perfectly well even though i can't see your triage.md
English
1
0
2
463
0xAnmol
0xAnmol@0xAnmol_·
Am I doing this right? want to hear from folks who have found multi figure bugs with the help of AI.
0xAnmol tweet media
English
5
0
48
4.3K
SuperBeetleGamer
SuperBeetleGamer@Cayden_Liao·
🧵Veria AI autonomously found and demonstrated a critical vulnerability in Aleo, finding a proof forgery in Aleo's snarkVM. The project awarded us the maximum bounty of $65,000 for the find.
English
5
5
50
10.1K
LonelySloth
LonelySloth@lonelysloth_sec·
@m4rio_eth I found one there too! They are going to pay me 1T dollars in bounties!
English
3
0
5
476
m4rio
m4rio@m4rio_eth·
I just run Fable 5 and found a critical in WETH.sol
English
15
3
150
34.6K
TruthLover
TruthLover@0xtruthlover·
Adding some context: This was a direct fund-theft vulnerability. A blackhat could have used it to drain millions from targeted vaults, potentially causing a complete collapse of trust in that blockchain. The team understood the impact and rewarded it fairly under their program rules, which is something I truly appreciate.
TruthLover@0xtruthlover

Thank you @HackenProof for the opportunity 🙏

English
17
2
280
16.1K
Antics Decoded
Antics Decoded@AnticsDecoded·
Age is an Illusion +1
Antics Decoded tweet media
English
1
0
2
154
Hari
Hari@hrkrshnn·
@lonelysloth_sec FV just doesn't scale. Doesn't matter if LLMs are doing the work or humans.
English
2
0
4
1.3K
LonelySloth
LonelySloth@lonelysloth_sec·
I think the idea AI will just generate Formal Verification for code and everything will be fine is very dangerous. The limitations of FV are the same if an LLM or a human wrote it. You "change" the target from the code to whether the formal description actually represent what goes on in the code and if the properties proven are the correct ones, or sufficient for what you need from the code. I put "change" in quotes bc if the FV wasn't correctly constructed then the full code is still a target. So you don't actually remove the need to audit the code or the possibility of exploiting the code. It's more like a test/fuzz harness that makes bugs less likely than something that guarantees bug-free code or even reduces the surface to be examined. **And I think mistaking one for the other is very dangerous. In general thinking there is a silver bullet that can guarantee code is safe will make code even less safe.** That isn't saying FV can't be great. It's just not the guarantee some people think. And it's even less of a guarantee when an LLM wrote it for you, and you dont fully understand it (like tests, audits, or anything else if you just trust it uncritically).
English
11
0
39
3.8K