0xBabsAudits

I actually didn't expect that😩, but let's keep moving...😇 #smartcontract #solidity #defi #audit #contets #blockchain

@HackenProof 1. Send the "amount" to "msg.sender" instead of "account". 2. Missing access control in upstateRoot function, anyone can call it and replace with malicious Root. That's all I can see.

Spot the Bug 🧠 Merkle reward claiming Two bugs in this one. Can you find both?👇

@chrisdior777 @CDSecurity_io Unbelievable!

One of the toughest months Web3 has faced. April 2026: • 30+ security incidents • ~$630m drained This chart shows the hacked projects, estimated losses, and the cause behind each incident.

@blockaid_ @SweatEconomy @NEARProtocol Why is this happening daily? Is it because of a poor audits? Or it's because founders don't care much about security?

🚨Community Alert: Ongoing exploit on @SweatEconomy on @NEARProtocol. Exploiter: 3be304b2151870b2be88b9de0b80acab921337ad152584138bd852fc6e9ae018 Largest exploit tx: DvrSMfY85Anc6AuLUmoEDkDdab7qX5NUZLu76HN8NoPn

@maigadohcrypto You're right.

Observe something about audit guys on CT, the real ones that really participate in BBP/Contest are hardly active on x, if you see one know that he has made enough fortune that gives him enough time for flexibility due to reduction in his commitment. What i mean is that, SRs early stage is real hustle none-stop, this makes it almost impossible for him to be active on x posting, but once he has earned enough, then he becomes very active here 🤣🤣. Thats my oberrvation

🚨. @ZetaChain has been exploited. Based on initial analysis, the following outlines the root cause. Root Cause The core vulnerability lies in the call function of ZetaChain's GatewayZEVM contract, which lacks both access control and input validation. This allows any arbitrary user to invoke cross-chain calls through GatewayZEVM and execute arbitrary operations on external chains via the relayer. Specifically, an attacker can craft a malicious call on ZetaChain to emit a cross-chain event. ZetaChain's relayer picks up this event and, through TSS, executes the malicious call on the destination chain — enabling the attacker to drain funds. Transactions: zetascan.com/tx/0xdaa19f995… etherscan.io/tx/0x81fc9b245…

@asen_sec Correct! That's what I'm currently doing sir.

The best security researchers in 2026 spend more time reading post-mortems than audit reports. Post-mortems show you how hackers think. Audit reports show you how auditors write.

@0xSilvermist Congrats on your wins.

A few months ago, I was the one watching from the outside, thinking, "Everyone's winning, I'm still fighting." Now I'm the one with the win. People see a five-figure win, and that's all they see - the win. But nobody sees what it actually costs. For me, this win is: - 2+ years in the space - Multiple times, I almost gave up - Countless moments where I had no idea how to keep going - The thought "this isn't for me" on repeat And honestly? I'm grateful for the almost. That word is everything. A friend used to tell me: "You keep saying you're giving up. This is the third time I'm hearing it, but I don't care how many times you say it, I only care that I hear it, never see it." And yet, I don't know exactly what kept me going. Probably stubbornness. If you're somewhere in that spiral right now, thinking the same things I was thinking - keep going. Your win is waiting for you.

6 exploit postmortems every auditor must read this month. ■ Hyperbridge exploit 🔗 t.me/defendor_eng/1… ■ Cow-fi Domain Hijack 🔗 t.me/defendor_eng/1… ■ LiteLLM Supply Chain 🔗 t.me/defendor_eng/1… ■ Denaria Exploit 🔗 t.me/defendor_eng/1… ■ Rhea Finance $7.6M Exploit 🔗 t.me/defendor_eng/1… ■ Kelp $280M Exploit 🔗 t.me/defendor_eng/1…

@code4rena @MonetrixFinance Have been waiting for its coming..!

Welcome, Monetrix. We're thrilled to collaborate with Monetrix for an audit competition to help secure their codebase! The audit will run for 10 days, stay tuned for more info. Let's go 🤝 @MonetrixFinance

@asen_sec It's actually not easy boss.

When I started in web3 security, I knew one thing - I wouldn't quit. I'm not the smartest or the most intense. Just stubborn. That's enough. Stay stubborn.

Why is there a contest shortage these days? Is it because we’re in a bear market, or because contests are dying?

@chrisdior777 Why is there a contest shortage these days? Is it because we’re in a bear market, or because contests are dying?

Web3 Security Contests 2024 vs 2026

@soligxbt I also received the same comment on my issue.

@BABS96711 welp, got an invalid on sherlock here x.com/soligxbt/statu…

All my 4 submissions (2M, 2L) closed as "Informative" on hackenProof, but I got some reputations! Is this how BB looks like? 🫢

@0xZulkifilu It's really different bro, bug bounty programs treat us as if we're the blackhats.

@BABS96711 dis thing just dey scare me oo, i wan start bug bounty too but all what i am seeing is different stories.

@viveksh0062 The thing is indeed a scary, it is very strict, can't even imagine what happens next.😐

@BABS96711 The contests are not coming and working on these type of bug bounty programs scares me a lot that what is going to happen next?😅

@HackenProof The way platform rejects reports without PoC even if they're real issue.

What was difficult for you to understand in a bug bounty?

@RV_Programmer Exactly what happened bro.

@BABS96711 Solid call. I’d focus on understanding real-world exploits and writing PoCs. Finding bugs is one thing, proving impact is what matters

Due to the contest shortage, I'm considering starting bug bounty hunting again, for the second time since my journey began. I'll start by next week. What's your advice? #bugBounty #solidity #contest #smartcontracts #defi

Why am I supposed to deposit my own money while protecting other's money from blackhats ? Just to prove the finding seriousness? This is funny. 😂

This is exactly what prevents me from submitting issues there, I even visited their website last week with intention of participating in some bug bounty programs, but I actually don't have time to complete their kyc requirements.