MrPotatoMagic

After 488 days of highs & lows on @code4rena, I've finally secured my first win on a C4 contest 🏆 11 out of 15 H/M (including a solo finding) helped me secure the Top Hunter & Gatherer + Top QA report. Now in the all-time Top #100! Thank you @code4rena and @phi_xyz for this opportunity!

@zzebra83 congrats🐐🔥

Last week I got laid off from my web2 job. This week I won my first web3 competition. I’m just getting started.

In 2025, Code4rena Wardens prevented 286 high- and medium-severity vulnerabilities from entering production. Here’s a look back at what the C4 community accomplished this year!

Creativity is one of the most important traits if you want to become a great auditor. I did a small training session with two of our auditors on a very small, trivial scope. It was clear from the beginning that the attack vectors are limited and the task was to find all issues in itself and incorporate creativity to find very hidden issues. If you do something like that regularly, I believe you will level up quickly.

Shout out @MrPotatoMagic & myself great result on this challenging cross-chain TradFi auditing finding: * 4 Med * 4 Low * 15 Info & 9 Gas This audit was quite challenging because we were auditing a TradFi protocol's Solidity integration between Wormhole & Circle CCTPv2, at a time when: * Wormhole's official documentation and Solidity code examples were all related to CCTPv1 integration * Wormhole's publicly available off-chain code only integrated with CCTPv1 So based on the publicly available information at the time, it was extremely difficult to verify the correctness of the proposed implementation - we couldn't see how the Solidity Wormhole <-> CCTPv2 integration should look nor the off-chain code that would process the emitted events then call the CCTPv2 API. We overcame these limitations by: * reaching out to our contacts to get some draft unpublished integration specs * simplified the client's protocol while keeping the same core integration logic, wrote some Foundry scripts to deploy & test our simplified contracts then successfully performed live end-to-end integration testing In the end we were able to find some nice edge-case bugs delivering good value to the client under challenging circumstances!

@DevDacian thank you for the shoutout, pleasure cracking this codebase together🫡

Our quotes are always 100% exact and fair. We never try to overcharge our clients. But 6 months ago, we had 2 cases where our teams completed audits earlier than estimated. We informed the partners ourselves and sent partial refunds back, several thousand dollars each. They were stunned by the honesty. BailSec stands for: 100% transparency, quality, and trust in Web3. @CryptoAlgebra @lista_dao

Code4rena will run audit contests for free, as public goods. 100% of funds from sponsors will go directly to auditors and judges. We won't take any cut. Why? 1. Competitions are commodities. They're CRUD apps. Why should builders pay premium for a website just to submit bugs? Especially smaller teams without VC funding. 2. Everyone deserves competitions. We tell all our clients to get a competition after their audit. That's because competitions simulate real world conditions, where there's thousands of eyes on a protocol. We want to make competitions as affordable as possible so everyone can get one. 3. It benefits our wardens. In 2021, we invented the competition format. We're still the platform with the largest auditor pool (10,000+ registered). Not only should builders have access to the best security talent, we believe auditors should have opportunities to work with great projects. Opening up our platform benefits our wardens. How will you afford this? Zellic is a profitable business. We make money doing traditional private audits through Zellic and Zenith. This benefits us because: (1) our clients are more secure after they run contests, and (2) Code4rena is a talent pipeline for Zenith. Will you stop maintaining the platform? Of course not. Since we acquired Code4rena, we've shipped several features and have several more already underway. C4 has a dedicated dev team that we're fully committed to. Besides, many of our clients at Zellic use C4. We're incentivized to make sure the platform works well. It's just that now we're allowing everyone to benefit from our investments in Code4rena. In conclusion: Run a contest on Code4rena! We won't take a cut, your prizes will go directly to wardens and judges. For full details, check out our blog post here: zellic.io/blog/code4rena…

@bailsecurity @Uniswap @areta_io 🔥

Bailsec is proud to be one of the whitelisted Audit Teams for the @Uniswap Subsidy Fund on @areta_io. Building in the Uniswap ecosystem? > You may be eligible for a FULLY SUBSIDIZED audit by @bailsecurity.

@chrisdior777 Let's not forget about @andyfeili

OG Web3 devs/auditors remember: - CryptoZombies - Secureum - Smart Contract Programmer on YT - Mastering Ethereum book - cmichel This is how most of us learned smart contracts back then. What else shaped your early days?

You start a quick PoC at 12am. 15 minutes later it’s 3am. Classic.

@tpiliposian @certora Congrats ser! Looking forward to working together🔥

The new arc of my life has just begun Proud to announce that I’ve joined @certora It’s a huge honor to work alongside such great minds and world-class professionals If you’re building something serious, I highly recommend hiring them for top-tier security

@AmainoOti @code4rena 👀

@MrPotatoMagic @code4rena Solo leveling type shii ❤️

Validator ⏩ Judge @code4rena Upgrade complete👾

@hanzceo @code4rena thank you!

@MrPotatoMagic @code4rena congrats man

@tpiliposian @code4rena thank you!

@MrPotatoMagic @code4rena congrats ser

@rscodes21 @code4rena ty ser!

@MrPotatoMagic @code4rena oh wow nice 🔥🔥

@rscodes21 @StellarOrg @blend_capital @code4rena 🐐🔥

@evokidx @code4rena Thank you ser!

@MrPotatoMagic @code4rena Congrats friend 🎉🎉

@0xDjangoOnChain @GuardianAudits Congratulations🐐🔥

I'm beyond stoked to announce that I've accepted a Lead Security Researcher position at @GuardianAudits 🔥 The team at Guardian is top-notch and their review process is like none that I've experienced as an auditor. Great times ahead 🍻

To demonstrate @burraSec's expertise, we’re offering a free full-day security review/consultation for projects integrating with LayerZero or Arbitrum—whether you’re already deployed or still in development. We’ll thoroughly review: LayerZero: Configuration (DVNs, Executor, and overall integration), functionality (LzRead, OFTs, vanilla OApps, and more). Arbitrum: Native bridge or token bridge integrations, use of retryable tickets, or custom Orbit chains (e.g., custom gas tokens, USDC bridge standard). DM me to schedule your review!