Pavlo Midvel 🇺🇦 (@MidvelCorp) - Twitter Profili

Sabitlenmiş Tweet

Test smart contracts as you have a black box. Disregard what you know about the code and work as QA based on requirements knowledge - that will help you find all edgecases and potential vulnerabilities. As vulnerabilities start from bugs, and bugs are deviations from requirements

English

0

1

9

645

Pavlo Midvel 🇺🇦@MidvelCorp·4 Nis

It's been a while since I posted smth on twitter. But last few weeks were so packed with events and breaches, that I felt an urge to return to investigations and researches in cybersec and web3 sec. Could not imagine axios npm compromise, solana dex hack, balancer compromise and row of other events packed so closely.

English

0

4

131

Pavlo Midvel 🇺🇦@MidvelCorp·8 Şub

@ddimitrovv22 web3 finally discovers requirements based development and integrity checks. on own painful lessons - instead of learning from several decades of software dev best practices. Better later than never.

English

1

0

1

138

ddimitrov22@ddimitrovv22·7 Şub

This is still one of the best articles I've ever read. Strongly recommend it to anyone building or auditing DeFi protocols. nascent.xyz/idea/youre-wri…

English

3

12

108

5.9K

Pavlo Midvel 🇺🇦@MidvelCorp·8 Oca

@hklst4r @Truebitprtocol cyber archeology - brings treasuries to hackers and headache to security community

English

0

2

4.3K

Weilin (William) Li@hklst4r·8 Oca

Another 26M hack. @Truebitprtocol I haven't decompiled the vulnerable code yet, but the root cause appears to be a mispriced minting function of its purchase contract that allows anyone to purchase TRU token at a very low price. The first attacker (26M profit): 0xcd4755645595094a8ab984d0db7e3b4aabde72a5c87c4f176a030629c47fb014The second attacker (~250k profit): 0x71496352b02f974a3898c1b743e9fc2befb935e6c2a3e421134ec09b63052f4b@Truebitprotocol This contract has been a very old contract deployed ~5 years ago... It seems old contracts are getting more "popular" among attackers now. btw a friend of mine shared me a screenshot of the second hacker celebrating in his chat group 😂 (not sure if it's genuine) --- Disclaimer: This is my prelminary analysis and I may make mistakes.

English

45

36

273

68.3K

Pavlo Midvel 🇺🇦@MidvelCorp·10 Kas

@woof_software in woof we trust

English

0

2

57

Woof@woof_software·10 Kas

Meet our new GM, Bublik. He’s ready to build. Reply “woof” if you’re building too 👇

English

7

0

9

363

Pavlo Midvel 🇺🇦@MidvelCorp·10 Eki

@0xaudron 💯

QME

0

3

77

0xaudron@0xaudron·10 Eki

Fullstack Audits.

English

1

4

23

2.1K

Pavlo Midvel 🇺🇦 retweetledi

Prof B Buchanan OBE FRSE@billatnapier·24 Eyl

I really enjoyed our International Conference in PQC and AI today, and where we had an amazing opening talk by Jaime Gómez García: youtube.com/watch?v=W6uSo3…

YouTube

English

0

4

8

593

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

It was a fun event on PQC (post quantum cryptography) migration. Thanks to @billatnapier and guests for that youtu.be/W6uSo3uohmU?si…

YouTube

English

0

3

357

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

Currently attending another webinar - on modern approach to cybersecurity. And the framing thought resonates a lot within me: ‼️Cybersecurity is about risk management, and risk management is about money (loss). The one should never underestimate the necessity of security budget

English

0

2

110

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

Another point from event - live demonstration of PQC readiness assessment by automated tools. Example shown on panel - analysis of TrustWallet core repo. That was ... well ... impactful to see how web3 industry is still in procrastination phase for PQC (even from single example)

Pavlo Midvel 🇺🇦@MidvelCorp

Great event on post-quantum cryptography, organized by @billatnapier The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️ It is good the world already started work on compliance and migration planning, but we are still procrastinating this.

English

0

148

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

Another thought why PQC awareness matters - even now principle works ❗️Harvest Now, Decrypt Later❗️ Adversaries harvest data, waiting around for quantum computer to crack it later. Even if you have strong confidentiality, encrypted data breach is still a breach (just delayed)

Pavlo Midvel 🇺🇦@MidvelCorp

Great event on post-quantum cryptography, organized by @billatnapier The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️ It is good the world already started work on compliance and migration planning, but we are still procrastinating this.

English

0

74

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

Another thought I liked from the discussion - that while PQC expects certain technical and hardware updates, it is still heavily based on crypto-hygiene, awareness and understanding of foundations of integrity and confidentiality.

Pavlo Midvel 🇺🇦@MidvelCorp

Great event on post-quantum cryptography, organized by @billatnapier The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️ It is good the world already started work on compliance and migration planning, but we are still procrastinating this.

English

0

51

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

One of points which I liked in PQC discussion - that blockchain is an actual technology reviewed to become a component of PQC frameworks Maybe it will finally achieve its initial technological goal.

Pavlo Midvel 🇺🇦@MidvelCorp

Great event on post-quantum cryptography, organized by @billatnapier The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️ It is good the world already started work on compliance and migration planning, but we are still procrastinating this.

English

0

1

135

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

Great event on post-quantum cryptography, organized by @billatnapier The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️ It is good the world already started work on compliance and migration planning, but we are still procrastinating this.

Prof B Buchanan OBE FRSE@billatnapier

Two world-leaders in Post Quantum Cryptography (PQC) - Jaime Gómez García and Daniel J Bernstein - in our PQC Seminar on Wednesday, 24 Sept 2025 (1-4pm - UK time), and a whole host of innovation presentations. Register here: luma.com/9lxiupu6

English

0

482

0xGondar@0xGondarxyz·24 Eyl

These days I'm getting into auditing Defi perpetuals. If you'd like to know more and discover about them with me, you're invited to read the first piece of the series. More to come! PS: Any corrections are appreciated! mirror.xyz/0x9663a2287FA1…

English

4

5

37

1.9K

Pavlo Midvel 🇺🇦@MidvelCorp·24 Eyl

@0xGondarxyz great initiative 👍 looking forward for next posts (as I am working on certain materials on lending protocol security and may take some inspiration if you don't mind 😅)

English

1

0

1

81

Pavlo Midvel 🇺🇦@MidvelCorp·22 Eyl

@shafu0x @EthereumDaily_ @ethdevnews @ethereum_mrc @thedailygwei @christine_dkim @sassal0x @abcoathup @ethdaily @bankless @ethresearchbot @antiprosynth @growthepie_eth @the_bytecode @Bookof_Eth @eth_everstake you have forgotten the @EthMagicians - as where else you can check tech plans on Eth

English

0

3

62

shafu@shafu0x·22 Eyl

The best sources to keep up to date with Ethereum @EthereumDaily_ @ethdevnews @ethereum_mrc @thedailygwei @christine_dkim @sassal0x @abcoathup @ethdaily @bankless @ethresearchbot @antiprosynth @growthepie_eth @the_bytecode @Bookof_Eth @eth_everstake

English

23

30

133

7.4K

Pavlo Midvel 🇺🇦@MidvelCorp·21 Eyl

Great read on the newly discovered supply chain vulnerability. It brings several important topics: ❗️why decentralization matters - even in zero-trust systems ❗️why cryptography and zk particularly matters ❗️why SRs should have damn good qualification infosecwriteups.com/the-god-mode-v…

English

0

2

127

Pavlo Midvel 🇺🇦@MidvelCorp·21 Eyl

@chrisdior777 if it make newbies feel better - it will not become easier on higher levels 😅 from some point of view everyone is in the same conditions here. But you will become better in understanding why it is hard 🤷‍♀️

English

0

1

79

chrisdior@chrisdior777·21 Eyl

Many beginners in Web3 say, “This is hard, I don’t get it.” Truth is, everyone feels that way at first. Great auditors didn’t quit - they showed up daily, stayed consistent, and kept learning. It’s not just hard for you. It’s hard for everyone. Keep going.

English

12

115

3.2K

Pavlo Midvel 🇺🇦@MidvelCorp·15 Eyl

@shafu0x nah do not think so 😎

English

0

3

31

shafu@shafu0x·15 Eyl

Laptop stickers are kinda cringe

English

19

0

39

3.3K

Pavlo Midvel 🇺🇦@MidvelCorp·15 Eyl

Being gone for a while - inspected closely how governance works on one of the lending protocols. Not to say that it is slow, but I'd say that close monitoring of proposals expiration and renewal dates is a must have for any protocol. Just in case, to avoid highjacking.

English

0

2

78

Pavlo Midvel 🇺🇦

Keşfet