Perseverance Success

Excited to share that I’ve joined @Certora 🎉 as a Security Researcher! It’s an honor to be part of @Certora's security team, working alongside talented security researchers and diving deep into cool projects with big customers. Thanks @Certora for this amazing opportunity! 🤩

Multi-Sig Best Practices & Operational Safety for @solana builders x.com/i/broadcasts/1…

From V2 to Aave V4, we've been in the room. Few protocols take security as seriously as @aave. It's been the foundation of everything we've built together.

No excuses. $1M in audit subsidies is now available for @ethereum mainnet builders, and Certora is in. Apply, get covered, ship securely 🚢

Building on @StellarOrg? Get 45 min of free, 1-on-1 time with Certora's Soroban security researchers. Threat modeling, audit readiness, formal verification. Slots are limited 👇 luma.com/stellar-office…

Elad is in the final round of the @arbitrumdao_gov Security Council election, and he's ready to continue contributing to the protocol security, and long-term integrity of the ecosystem. Our VP of Security Labs brings 20+ years in cybersecurity, threat management, and risk assessment. The kind of experience @arbitrum needs. Support his candidacy ⬇️

A critical bug can be worth six figures to the person who finds it. Missing it can cost eight figures.

Certora is hiring! We're looking for a cryptography engineer who reads RFC 7748 for fun and can break what others build. If you know the math behind elliptic curves and ZK proof systems beyond just the language-du-jour (Circom/Noir/Leo), have spotted vulnerabilities in cryptographic implementations, and understand Groth16 end-to-end, we want to hear from you ⬇️

@Ehsan1579 Wow ! Thanks a lot for sharing the story behind and your generosity ! Thank you also for saving the project and users from a big hack by responsibly disclosing the bug.

This one has a bit of story behind it. Less than 12h after the report was submitted, it was confirmed by the team. The team didn’t even try to argue about how catastrophic the impact was. They were fast responsive and professional and transparent with their users, something I really admired. They simply straight told me because of a large hack last year that they suffered from they’re struggling financially and they’re letting a lot of their people go. The direct impact was around 7 million dollars. They were honest and I like honesty so instead of the normal 700k bounty, I accepted the 300k, I don’t regret my decision and I hope the project bounces back even stronger during these hard times, I admire them and their security standards and I wish them the best.

Aave V4 has one of the strongest security frameworks in Web3. They didn’t achieve this goal merely by increasing the number of audits. They did it by prioritizing security as the foundational stage of development. Here’s how @aave and Certora teamed up to put security first👇

@MartinMarchev @Certora Sure, me too. Thank you very much for your support and warm welcome!

@PerseveranceSu5 @Certora Welcome aboard, ser 🫡 Really looking forward to working together.

Excited to share that I’ve joined @Certora 🎉 as a Security Researcher! It’s an honor to be part of @Certora's security team, working alongside talented security researchers and diving deep into cool projects with big customers. Thanks @Certora for this amazing opportunity! 🤩

@windhustler @Certora Thank you very much! 😀

@PerseveranceSu5 @Certora Congrats 🙌

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

Circuit is no longer in beta! It's been two months since the protocol launched on Chia mainnet, and there have been no security-relevant findings in our ongoing bug bounty program on @cantinaxyz The TVL cap has been removed. The protocol can now be used without restrictions!🚀

Permissionless doesn’t have to mean insecure - and Lido V3 proves it. Proud to have contributed to the security review of this strong release 🫡

Aave V4 launches with one of the strongest security foundations in DeFi. For over a year, Certora worked alongside Aave to help shape the protocol’s architecture. The result isn’t just a 'well-audited' protocol. It’s a system shaped by security expertise from day one.

Security isn’t only about preventing exploits. It’s also about how systems absorb damage when something goes wrong. Cozy’s risk infrastructure, first-loss capital and protection layers, complements the prevention stack. Congrats to the @cozyfinance team on the launch of Cozy Earn. Proud to support the protocol’s security. 🫡

@immunefi @__nnez Wow! Congratulations @__nnez It is amazing!

$380,000 earned from a single critical bug report. A little bit curiosity and persistence can totally change your future. But you have to put in the work. Just like Immunefi All Star @__nnez did. Thanks to nnez for keeping the space secure with us! Pledge IMU behind nnez here to earn IMU when he finds bugs: immunefi.com/pledge/nnez

Thanks @immunefi for the great initiatives of IMU Pledge. This motivates me even more to keep grinding. Looking forward to more wins together and more secure Web3 future!

Wow, @CarlosMB138 Thank you so much for the 100k IMU pledge! This means a lot and really motivates me to keep pushing in bug hunting. Appreciate your support! Thanks @Immunefi for this great initiatives of pledging