Siri

@pashov Thanks for the insight Pashov, godspeed!

@CodingSirius Just check out coinmarketcap sir This space is growing, so security demand grows with it as well

If you are a web3 security company/auditor and you are not close to being fully booked and crushing records this month you are probably doing it wrong or not working hard enough Everybody I know in this space is blowing up right now, good time to say "I told you so"✌️

@pashov Care to elaborate why? Being in the field so deep now, you surely know some things we don't.

@CodingSirius Nope

@0xMackenzieM @MitchellAmador Thanks for your answer Mackenzie, excited to see how you'll fix that issue. Godspeed!

@CodingSirius @MitchellAmador Making sure projects pay for valid bugs is our bread & butter 👍 Project ghosting and disputes do inevitably come up, but a lot of our work is taking care of whitehats in these situations We got fresh news on how we're innovating even better ways to do it coming out

Just a reminder that Immunefi has had a mandatory PoC policy for… 3 years now. Why a competitor is claiming this is an ‘industry-first’, when it’s a long implemented Immunefi standard, you’ll have to judge for yourself.

@MitchellAmador What I mean is, if a protocol is listed on Immunefi, and a valid bug is found and confirmed by Immunefi too, they shouldn't have the option to not to pay.

@MitchellAmador Hi Mitchell, while I appreciate Immunefi a lot, I think it would be better to spend time on making sure that the protocols on Immunefi actually always pay for valid bugs. I've been seeing on my timeline ppl talking about getting ghosted by protocols and Immunefi can't do anything

You might be talking to a bot.

@0x3b33 That's some serious stuff mate, thanks for answering. Wishing you the best💪

@CodingSirius I don't track them, but would guess 8-10, with chill days around 4-6. Where about 50% is hard focus and the rest is just normal auditing and writing reports.

💥Lessons learned - Sentiment💥 Short summary: 🐛 Found: 4M 🕐 Time spent: 6 days 💰Results: 245 USD TL;DR - You don't need to be focused all the time This audit was again one of my experiments, taking concepts to an extreme just to see what leverage they have. The one I had here is to audit only under hard focus. Which meant I audited only 4-5 hours a day... The bad side is that I had little to no time to do much reviewing and thinking and only expanded on the basic leads found on the first pass. The only positive is that I found a few solo vulnerabilities, that were valid, but due to the rules and the large amount of high impact bugs were deemed invalid. For now I can suggest to keep it 50/50 hard/low focus. Overall it was a negative experience, but it helped me get to another one, which might have turned out pretty well.

Announcing First Flight #27: Trick or Treat! nSLOC: 109 Start date: October 24, 2024 Noon UTC Duration: 1 week Get real auditing experience! Check it out! 👇 (1/2)

@GalloDaSballo Hi Alex, thank you for onebugperday, but I have a feedback: Currently it is NOT possible to unsubscribe from the email list, because the confirmation code never shows up. I needed to block and mute the address from the account I want to unsubscribe...

Also I was wondering why platforms like Sherlock or Codehawks had a field for deposit address even though you were already connecting via your browser wallet. That's why I guess.

Be paranoid, then, more paranoid. Do not keep anything in your hot wallet, yes, use a multisig, yes, I'll check gnosis safe.

You know how you need to be very careful with your Metamask wallet seed phrase, that you need to write it down somewhere safe and if you lose it, you'll -supposedly- lose access to your funds forever? Well, I just found out that it is not the case at all.

🚨 New contest: Rumpel Point Tokenization Protocol @RumpelLabs 🚨 Sign up here: audits.sherlock.xyz/contests/494 Total Rewards: 16,000 USDC nSLOC: 498 Lead Senior Watson: @0xSimao Starts Monday, August 26th at 15:00 UTC Check it out!!