Max

@cvetanovv0 i checked your git and you have decent results in contests, so, you do have talent, that's out of question. but talented ppl sometimes talk sht, and noobs believe them bc what do they know? writeups for live bugs contribute more than finding bugs introduced by ai intentionally

@MaxAllTaken I don't understand why you think the advice is dumb. Could you explain in more detail? The goal of this exercise is to practice your hacker mindset.

One way to continuously practice your Web 3 security skills is to have an AI write smart contracts with hidden bugs, then find them.

@GeorgievWeb3_ @cvetanovv0 the guy said "one way to continuously practice", never targeted the tweet to under-junior-level.... it was a general advice... and as a general advice is a shtty advice.

@MaxAllTaken @cvetanovv0 That advice is good actually and applies to people which are way below junior level. For the ones that are super super new . Everyone has to start from somewhere right ? Very useless comment ✅

@0xapple_ @LayerZero_Core just like what happen with KelpDAO, LayerZero will blame other ppl but never themselfs that full ecosystem will continue to get hacked and LZ take no responsability at all

5k lines of @LayerZero_Core zero findings turns out "intended behavior" is doing a lot of heavy lifting in that codebase 😭 how can there be a bug if everything is a design choice 🙂🔒

@maigadohcrypto but what is a fact, is that anyone with 10k earnings knows 2% of what is required to protect a top tier protocol ask any elite with over 4 years on web3 sec what they think about protocols hiring auditors with 10k in earnings waste of money, better get an audit from gpt3

@maigadohcrypto indeed, all of them get hacked, and all them have bug bounties, most of them configured their bug bounties with terms and a scope so aggressive that is like having no bug bounties at all bc no top tier SR will ever hunt there

How about protocols starts hiring security researchers, who's job is consistently going through the protocol's documentation and implementation, each line of code in the whole system, find bugs( low, medium,high or critical) create a report and send to the team, there should be a QA master reserved, who is going to be the one who validates the finding( remember the researcher should have enough to to try different approaches and attack scenarios to try to find a way to make low turn medium, high or critical), i believe hiring someone like like comes with greater benefits and possibly save costs and alot of bugs that will either get found in bug bounty or by a blackhat. I believe there are mid tier security researchers with a portfolio of atleast $10k earned in contest and possibly between 50th and 150th in leaderboard ( depending on the protocol requirement for hiring) that are ready to be paid between $1k to $3k monthly . What the protocol get im return? : 1. A security researcher who's job is making sure he reads every single part of your codebase just like most blackhats do, instead of cherry picking files or functions with bug density ( a normal practice for most bug bounty hunters) 2. He will be even fast in providing the repprts due to use of AI and possibly finding a valid bug that would otherwise be found by a blackhat to nuke the protocol/chain or a bugbounty hunter that you will pay an average of $50k( which is higher than paying even $3k monthly in a single bug) for each critical found in a system 3. You save cost and get full coverage So if you do the math, look at it very well, you will see the benefit outweighs the money paid, and yes this should not stop you from doing your bug bounty program, but atleast you have more eyes, more coverage. What do you all think?, what did i miss

@maigadohcrypto you are a Prompt Engineer no idea of what it takes to join as a core dev for a top tier DeFi protocol they fuzz daily, build tests & think hard about security you think you solved security with "hire a fulltime mid tier sr" btw, 10k in web3 sec is loser tier, not mid, mid is 150k

@MaxAllTaken Nope, that is different, this one is intentionally meant to constantly stress test the protocol, find any issue and repprt it. Going through every part of the codebase everyday, no protocol have those type of security, apart from the ones that only monitors onchain transactions

@abarbatei you forgot that for the first 12 days in firedancer lot of people paid 20,000 IMU instead of the 100 usd, there was an option to pay with imu same way you miss easy dumb sht like this, you miss bugs in code being dumb is so sad, am sorry for your condition

One interesting side effect of requiring people to pay-per-bounty-submission onchain is data transparency (and a slight privacy leak). Example, for the 2 immunefi active contests, you can see exactly how many submissions there are and what address submitted them. The 20 USDC payment ones are for Azul and the 100 USDC ones are for Firedance V1 (easily identifiable). So you now can see that: # Audit Comp | Base Azul: 89 submissions etherscan.io/advanced-filte… # Audit Comp | Firedancer V1: 96 submissions etherscan.io/advanced-filte… Note: I'm presuming the following: 1. there is no other contract used for payment for these competitions 2. everyone must pay the fee, including all-stars References: x.com/immunefi/statu… x.com/d0rsky/status/…

@0xlookman is not that, there are too many "auditors", at least 3 "auditors" for every web3 developer in the world, cost of an audit is down heavy, demand and offer, wait until you see for how few bucks an indian would audit a codebase... this sht is about to go even more down

Besides assuming that researchers will be using ai only. How can an SR review 190k lines of code in 12 days. It seems protocols assume that manual reviews are dead. And ai tools will catch everything.

@Aasif1552 wdf you mean with 100% coverage with 1 report even if everybody found just 1 thing, your are inflating your "achievement" you should be ashamed of yourself for ranking #46 out of 58, and say "100% coverage!" damn proud of your lack of results, destined to be a happy loser

Alhamdulillah, 100% coverage this time. Thanks @immunefi and @FolksFinance for the opportunity #OnchainDefender

@_kujen5 lol a year of study for $400 hahahahahahahahahahaha and is happy about it hahahahahaha, nobody will tell you, but you look quite lame

This is an insane moment for me. FIRST EVER WEB3 PAYOUT on @immunefi !!! I started learning about Web3 on December 2024 from @CyfrinUpdraft and @PatrickAlphaC Started my first contest on @cantinasecurity on June 2025. First payout on April 2026! NEVER STOP THE GRIND! Lessgerit!

@0xMSF14 @immunefi @code4rena bro u talk so much d0mb 4ss sh1t, so often KYC+deposit+ban is bc you spam 900 false AI reports, is a DOS attack on projects.. only losers like yourself have a problem with this elites love it devs lowball sh1t in web2, web3, and when web4 comes out they will lowball there too

@beacon302 @sector_fi guys reporting "criticals" with $0 at direct risk, saving $0 with their report, but asking for a 6 figure reward the L, the real L.

@sector_fi acting in bad faith on a Critical bug bounty submission. At the time of my report : - IMX contracts still listed as in-scope on both ARB & ETH networks - few vaults NOT paused response ? Closed the submission citing ‘deprecation’ then quietly delisted from @immunefi AFTER the report was filed. A snapshot proposal doesn’t override a live @immunefi scope. They also replied in 6 days instead of the mandatory 48h Post-hoc delisting doesn’t invalidate a valid submission. It confirms the bad faith instead of pausing vaults or updating scope beforehand, they waited for a report and then pulled the program Honestly, don’t surprised when protocols get drained, this is what happens when bug bounties become dishonest.

@0xHo3ein0xploit @voorivex This is the hacker version of hot girls posting a bikini photo with an inspirational quote. A payout screenshot, with an inspirational quote.

It’s never about luck. It’s about staying curious when things almost look correct. @voorivex

@seunlanlege hahahahahahahahahahahaha this @seunlanlege lol top tier pathetic L I hope you never recover, the IQ range of ppl that makes fun of security researchers like you, is too low to work on a web3 project, u don't even deserve a computer

Real money has been lost & we're working with security teams & the relevant authorities to trace & recover the exploited funds. We will share more updates as more progress is made.

Incluso los que dicen que no puedes hacer nada para cambiar tu destino, miran al cruzar la calle. Stephen Hawking

@bryy_glez_ Irónicamente, hay quien se le puede contar lo mismo infinidad de veces porque se le olvida que se lo contaste.

Me amarías aún sabiendo que te puedo contar 3 veces lo mismo porque se me olvida lo que te conté?

"La única gente que me interesa es la que está loca, la gente que está loca por vivir, loca por hablar, loca por salvarse, con ganas de todo al mismo tiempo, la gente que nunca bosteza ni habla de lugares comunes, sino que arde, arde como fabulosos cohetes amarillos..." #Kerouac

@_karirodriguezz En medio de la tormenta, guiando mis pasos un camino de migajas de pan celestial a las que no se le aplican las leyes de la Física y la Ventolera. Amén.