CODESPECT

As promised. Today, we have a big announcement We're launching registration for SpecSiege. It's our double-check format for audits. First, an internal private audit went through the code with a full manual review. Then the community review follows. 10 days of open review on a fairly large codebase, we know, but the chance to work on an ERC-6909 European bond platform, an institutional project, doesn't come around every day. - €15K total pot (€13K community pool, €2K fixed for the lead researcher). - If only Lows are discovered, €5K is distributed instead. Simply find bugs after us and get rewarded. We value your participation. We're not here just to squeeze you. Link below ⬇️

A few more and we are reaching 100 registrations!

🔗specsiege.codespect.net END OF TREAD

Registrations for SpecSiege, the ERC-6909 bond platform, are open until 31 May, 3 PM UTC. The response has gone well past what we expected, so today we set the cap: 50 spots, then we lock it. Once registration closes, we'll select the 50, and everyone who applied will get the decision by email. If you've been weighing it, this is the week to apply.

Registrations for SpecSiege, the ERC-6909 Bond Platform audit contest, are open until the end of the month (31 May 2026). Then we'll close registration and choose the group of researchers. We're already amazed by the number of applications, so we'll definitely make the group bigger than we originally planned. Great to see the community this thrilled. We're still polishing the rules to make the experience as smooth as possible for security researchers. That said, the competition will still be a challenge: the project goes through a full audit with CODESPECT first. We're open to suggestions, so feel free to message us on X or reach out to @talfao1 directly. We're really looking forward to kicking this off well!

SpecSiege targets a protocol running on EBSI, the European Blockchain Services Infrastructure. EBSI is a permissioned proof-of-authority network operated by authorised nodes across Europe and designed for cross-border public services. No public mempool. No open validator set. For researchers, that changes the threat model entirely. MEV and front-running are not the focus here. The attack surface that matters is contract logic: access control, accounting invariants, and state handling. Different chain, different bugs. That's exactly the kind of target a second pass is built for.

@Destinyxeiiios1 We have tested and have not seen any problems. Maybe try it again, please, but the form is working based on our testing.

@CODESPECT not working

As promised. Today, we have a big announcement We're launching registration for SpecSiege. It's our double-check format for audits. First, an internal private audit went through the code with a full manual review. Then the community review follows. 10 days of open review on a fairly large codebase, we know, but the chance to work on an ERC-6909 European bond platform, an institutional project, doesn't come around every day. - €15K total pot (€13K community pool, €2K fixed for the lead researcher). - If only Lows are discovered, €5K is distributed instead. Simply find bugs after us and get rewarded. We value your participation. We're not here just to squeeze you. Link below ⬇️

@_kujen5 @0xSynthrax The registrations are open till the end of month. Then we will be selecting the most relevant researchers as we will be capping the researchers. We still have not decided on the number. But we will be letting everyone know 1st of June.

@0xSynthrax @CODESPECT When will they send the email invitations? I applied yesterday yet still didnt receive anything

Did you already register for the upcoming @CODESPECT contest? Good contest performance is a lot more valuable during markets like this. Btw I’m going to be the judge 👀 Don’t miss the opportunity👇

Definitely! The number of registrations has already surpassed our expectations. And we are so looking forward!

A primer, since SpecSiege targets an ERC-6909 bond platform. ERC-6909 is the minimal multi-token standard: one contract, many token IDs, like ERC-1155 stripped down. No mandatory receiver callbacks, and a more granular approval model (per-ID, per-ID infinite, or operator-for-all). Uniswap v4 uses it as its settlement layer. For auditors, the interesting part isn't the standard itself, it's what a protocol layers on top: approval semantics, and the accounting and state logic built around ID-scoped balances.

@zinnresearch You can use AI, we highly recommend it. We just do not want findings without verification.

@CODESPECT this is awesome, does it count if I get a bit of help from an agent to help go through this and find a bug 👀

@SarthiB7 Yes!

@CODESPECT Wow huge opportunity

I've always valued the web3 security community. Tried to share my path early. A lot of Cairo posts back then. That was how I differentiated myself, and some security takes along the way. Tomorrow, with @CODESPECT, we push it further with an opportunity we haven't opened up before. Stay thrilled.

First look: us. Second look: you. Wednesday.

This is really sad moment for web3 sec community. One of the first starting points for most of the current web3 security researchers is closing down. Thanks for everything you made here and wish the team all the best in their future work.

Our pleasure to support!