Wolf_Kalp

@MitchellAmador Experienced this feature, Amazing

Big news from Immunefi: we just shipped Proof of Duplicate, and it's *the* feature I've been wanting to see for a long time. For years, one of the most frustrating experiences a whitehat could have was submitting a report, putting in the hours of research, the careful write-up, the working PoC… and getting back a one-line "duplicate, closing." No justification and no transparency. No way to push back. That era is over. Starting now, when a submission is closed as a duplicate, it points to the original report. The researcher can read the original. They can compare the reports for themselves... and if they believe the call was wrong, they get a formal dispute button. Verdict upheld means the report stays closed. If the verdict is overturned, the report gets reopened and goes back through triage like nothing happened, including reward eligibility. This matters beyond the feature itself. The whitehat community is the immune system of crypto. Every protocol secured, every exploit prevented, every billion in TVL that didn't get drained. For this immune system to keep working, things have to keep improving for whitehats. Proof of Duplicate is just one piece. There will be more. SR Summer 2026 is coming.

@LisaKell_ @RonghuiGu @hibillh @blckhv Thank you!

@RonghuiGu @hibillh @blckhv @KalpShah_eth Big W right there congrats

Congratulations to @hibillh @blckhv @KalpShah_eth, well done!

@amsukuna @RonghuiGu @hibillh @blckhv Thank you

@RonghuiGu @hibillh @blckhv @KalpShah_eth Congratulations gees

Thank you @RonghuiGu

A few weeks ago we threw CertiK's AI Auditor into the fire: hide a real, fund-draining bug inside a production-style DeFi contract, get multiple tries to tune it against the live tool, and see if you can sneak it past. The results are in. 🧵

Planted Critical Issue and got 3rd position in Certik Challenge!

@MartinMarchev On Point

@forefy @zellic_io @code4rena I can't see any other good alternatives!

🚨🚨 C4 SHUTS DOWN (and what does it mean) > since June last year @zellic_io did not take any profit to themselves for keeping @code4rena alive despite platform obvious costs > why? we can defer that Zellic's customers enjoyed the services there, and that its hell of a business lead-gen to be this middleman, even for free > bear market + AI submission spam is a bad combo, but even worse that it continues overtime without breathing air to many the OG stepping down might signal "contests are dead" (which was already the vibe with thedailywarden homepage) but to me it just says that it's a hard business running a contest platform nowadays if you're an auditor, don't use it as an excuse to give up - but take the lesson here that "easy" wins are no longer valuable - contests that pay need real criticals, real impact, hard research, niche focus areas and strengths its your time to shine ☀️ thanks @code4rena for reimagining crowdsourced security

True!

Thank You @code4rena Going To miss You!

Attacker drained $209K from @renegade_fi. Then messaged claiming to be a whitehat. Unfortunately, that's bug bounty state in 2026.

@ZeroK_____ @LoopGhost007 Your dms are also closed!

AI sucks at catching bugs, at least for me, if you used AI to catch bugs in bug bounties or contest, I’d genuinely love to know how you use it! And please don’t DM me trying to sell your $1K/month AI tool that produces ton of false positives bugs.

@LuxLode I think, Buzz words such as AI Layoffs are masks!

I don’t understand AI layoffs, if you can now do more with the same team why not, hear me out, do more? Why do you need to cut your workforce in order to do the same but now using AI? Seems to me AI is an excuse to simply save money by firing people

@chrisdior777 Hopefully, compounding will be fruitful

Web3 Auditors: - it took you years. - it took failures you don’t talk about. - it took pushing through when quitting made more sense. - it definitely wasn’t risk-free. That’s why you’re here now. 👏 To everyone starting now: Respect the process. It’s brutal, but it compounds.

Day 1 of @revertfinance StableSwap Hooks audit on @cantinasecurity Started with docs & design understanding. A bit late to the party, but focusing on critical user flows to make the most of my time. Let's go!

Wrapping up the @MonetrixFinance contest with @code4rena I managed to uncover and submit a few medium‑severity findings, No highs or criticals were discovered Next focus: shifting gears to the @revertfinance Stable Swap Hooks contest hosted by @cantinasecurity 🚀

Day 3 of @MonetrixFinance Contest on @code4rena Found some promising leads—working to convert them into solid issues. A few lows/info so far, but the code is extremely well written.

Oh My God. Looks Like all Blackhats favourite month is April

@RealJohnnyTime May be Depends on how we make our tool?

What's the most dangerous AI hallucination you've seen in a smart contract audit? The core problem with AI in smart contract auditing isn't that it gets things wrong. It's that it gets things wrong in exactly the same tone it uses when it's right. I've seen AI tools flag "critical vulnerabilities" that are impossible to exploit on-chain, hallucinate complex DeFi math, and completely miss actual attack vectors in the same file they were analyzing. If you don't understand the protocol you're auditing, you can't filter that. You'll present both the real findings and the hallucinations with equal confidence. AI is genuinely useful in auditing - but only once you have enough context to know when to trust it.

@CertiK Not Going to Miss this!

Can you fool our AI? We're running a 2-week public challenge against CertiK AI Auditor. If you can plant a bug that slips past it, you could win $1,000 in credits and a fast-track interview at CertiK. Apply at ai.certik.com/challenge More details 🧵👇