DadeKuma

Note: I just made this repo public, so it would be awesome if you could star it 🌟 I've also included an audit template that you might find useful for creating your own! ⬇️ github.com/DadeKuma/audits

👀

@MartinMarchev No way, so that was you lmao. Got duped here last month by a single day. Can I DM to be sure?

Just trying to make web3 a bit safer. One finding at a time.

@real_philogy New models = training costs. Even if the inference API is profitable, most people use the subscription, which is definitely not.

@DadeKuma This is not true, inference is already profitable. Not to mention the OS models are getting smarter and can run on roughly the same hardware

I hate this dumb AI timeline. Within a few years, 80% of current security auditors will be gone, and not for the reason you think. People don't realize that AI costs are actually increasing with each new model, not decreasing. Companies are selling at a loss just to capture the market; they'll pull the rug once we're all fully dependent by massively increasing prices. Those who rely entirely on AI have already stopped thinking for themselves. When this system eventually collapses, they will be left completely helpless.

@Bharg4v We're hitting a point where AI is consuming 6%+ of the power grid, and the grid literally wasn't built for this kind of load. When these companies run out VC money, they aren't going to just 'optimize' their way out because it's physically impossible.

@DadeKuma In the ideal timeline for AI, they would be able to figure out how to optimize their costs. But as you have said I doubt it's going to be that easy. I'm just wondering what happens when AI hits those bumpy roads.

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

@Shobam_dev 🙏

@DadeKuma Keeps my the grind up regardless or setback is what counts. The win will definitely come

Inspired by ily2, I temporarily paused private audits to focus fully on bug bounties a month ago. My results so far: - Submitted 4 High + 1 Critical. All valid, 100% signal. - 2/5 were duplicates. Zero payout. - 2/5 were closed as "Informative". The reasons: - "We already know and are OK with it." No fix, no payment. - The other one was a straight-up scam lmao. Fixed with no pay; reasoning was "behavior is considered by design." I can't say much, but it would've resulted in a permanent protocol DoS and locked funds. - 1/5 Critical passed triage, pending review... I'm going to keep grinding for a while.

@auditor_nate Thanks, I appreciate that 🙏

@DadeKuma A solid start brother, x2 more months of pushing will yield something crazy for you 💪

@nisedo_ @lonelysloth_sec @WhiteHatMage 100% agreed, hopefully we have a win sooner rather than later.

@DadeKuma Similar experience here 1 month BB 8 submissions 2C / 4H / 2M 7 valid 4 duplicate 3 informative 0$ payout If it wasn't for @lonelysloth_sec and @WhiteHatMage success stories, I'd be convinced the entire web3 BB industry is a scam by now

@0xlamide 💀

@DadeKuma Worse than heartbreak 🤣

Nothing beats the feeling of getting scammed in bug bounties.

@mylifechangefa1 1. The judging is not finished yet 2. Tell that to people who submit multiple issues within the same report

@DadeKuma nothing beats the feeling of this too x.com/mylifechangefa…

@sockdrawermoney 👀

14 months straight. Going to finally ship it and start talking about it now…

@0xaudron 1 bug bounty for $10M

Top 5 ways to make $10 million auditing 🧵:

@0xKaden sus

who is this? what project is this? what was the bug? i NEED to know

WTF

@teviglobal Agreed!

@DadeKuma Move is such a cool language.

Having a blast learning Sui/Aptos Move 🔥

@ChaseTheLight99 Thank you Chase 🙏

@DadeKuma Your amazing at Rust. Can't wait to see you excel at Move as well 🔥