Merulez

Wrapped it in a valve 🫡

@velevvv The rules of the jungle bro

Fighting on contest platforms feels like being in a jungle full of starving lions. I never understood why, if I have my own findings, I would try to invalidate someone else’s issue — even while providing sh*t arguments. That’s why nobody wants to be a judge. That’s why the judging phase takes months. I’m personally addicted to the “earn it” mentality. I can’t imagine trying to take someone’s reward just by typing nonsense against findings.

We have published a new security audit report for univoucher.com 🙌 Overall, it was a solid codebase. We managed to identified 1 High and 2 Medium severity issues, along with two more Low/Info findings. See the full report below 👇 github.com/Valves-Sec/rep…

@pashov bro cast summonSeniorAuditor() seven times

AI Web3 Security AI Web3 Security AI Web3 Security AI Web3 Security AI Web3 Security AI Web3 Security AI Web3 Security

@rufai_xyz Glad it helped🤝

@Merulez99 Thank you man

Smart Contract Security Roadmap 2026 Free resources only. If I had to start from zero today, this is the exact path I’d follow:🧵 Most people waste months jumping between random resources, tools, and contests. If I were starting again in 2026, I’d focus on 4 things in order: • Foundations • Security fundamentals • Competitive auditing • Specialization Here’s the roadmap I wish I had.👇

@0xgo4ko facts bro🤣 reading code is still the main thing. Glad the roadmap resonated 🔥

@Merulez99 just read code bro 🤣. Very good roadmap tho 🔥

@ardosino Love to hear that bro, glad it can help on your journey 🙌

@Merulez99 Nice! It will be useful on my journey.

@mkXploit Feel free to add anything else you think would help others too🙌

@Merulez99 Good one You can’t be more right 👍🏼

But never confuse: • a plausible explanation with a validated bug • a generated test with a proven exploit • a clean writeup with real understanding • a confident answer with correct reasoning Use AI to compress the feedback loop, not to skip the fundamentals. AI is very good at producing confidence. Security research is about producing proof. That gap is where weak researchers get exposed. The people who win in this field will not be the ones who avoid AI. They’ll be the ones who know exactly where AI stops being useful and real judgment begins. AI can speed up the workflow. It cannot replace the part that actually matters: • reasoning under adversarial conditions. That’s the path I’d take from zero in 2026. Save it, if you’re getting into smart contract security. And if you’re already in the field, what would you add?

A good way to use it while learning: • when reading a new protocol, ask AI to explain each core module, user flow, and trust assumption in plain English • when studying a bug, ask what invariant broke, what assumption failed, and what test would have caught it • when writing tests, ask for edge cases, adversarial sequences, and weird state transitions to check • when stuck, ask AI to compare two functions, two accounting paths, or two state transitions and explain where they can desync • after contests, use it to analyze the findings you missed and identify patterns in your blind spots • when reading reports, use it to turn one issue into a checklist of similar bugs to look for in future audits