Sabitlenmiş Tweet
Smart contract security pays WELL.
💰 Top auditors make $500K+ per year
💰 Bug bounties can 10x that
💰 Even “mid” auditors make six figures
BUT… Only if you actually put in the work. No shortcuts here.
English
JohnnyTime 🤓🔥
10.1K posts
JohnnyTime 🤓🔥
@RealJohnnyTime
Founder @ https://t.co/gcgrMm5l8P, JohnnyTime @ Youtube, Securing Web3 @ https://t.co/wJdpJyYK5y & https://t.co/3d9aL8nDvG
Web3 Katılım Şubat 2012
1.4K Takip Edilen12.6K Takipçiler
Selector detail that actually matters:
Event topics are hashed too.
If you can compute keccak fast, you can:
- verify event meaning
- map logs to signatures
- debug from evidence, not guesses
English
Another famous stable coin gets destroyed.
Be cautious out there farmers.
Pharos@PharosWatch
May 1st: Pharos Watch exposes pmUSD Three days later: pmUSD depegged. Currently trading at $0.422, down 56.8% in 24 hours. The lighthouse sees everything before it happens.
English
If you want real security intuition, prioritize hack pages that include:
- technique stats
- related incidents
- links to PoCs
The point isn’t to memorize one exploit.
The point is to recognize the pattern before it repeats.
English
MVP #9 - getDragonBot.com 🐉 - UPDATE 32
created a "DragonBot vs. COMPETITOR" for each one of our competitors (see screenshots).
gonna run google PPC on related keywords to see what converts.
whatever works - I'm gonna try to rank for it.
English
If a postmortem can’t be reduced to a 3-step failure chain,
it’s not a postmortem.
It’s just commentary.
English
Strong social proof in security education isn't a polished screenshot.
It's verifiable feedback with:
- clear dates
- concrete context
- a traceable source
If you're evaluating any course (mine included), check those three things first.
English
JohnnyTime 🤓🔥 retweetledi
I built @RektHQ 6 years ago because crypto needed a place that says what really happened when things go wrong.
I never accepted funding, so Rekt could stay agnostic and say whatever the fuck needed to be said.
Now you can help keep it that way.
Support Rekt in the Ethereum Security QF round.
WE ARE ALL REKT 🐸
qf.giveth.io/project/rekt-n…
English
Most security content tries to sound sophisticated.
The best security content reduces surprise under pressure — you recall it mid-audit, not after the postmortem.
If it doesn't do that, it's just noise.
English
To understand oracle manipulation, skip abstract theory at first.
Start with a tiny exploit flow:
- what input is trusted?
- how is it aggregated?
- what breaks when it’s wrong?
Then read the docs.
You’ll know exactly what questions to ask.
English
If your protocol uses an oracle, your threat model includes more than “wrong price.”
It includes:
- data source compromise
- market manipulation
- update latency
- governance or config drift
Treat oracle risk as a system, not a line item.
English
What's the most dangerous AI hallucination you've seen in a smart contract audit?
The core problem with AI in smart contract auditing isn't that it gets things wrong. It's that it gets things wrong in exactly the same tone it uses when it's right.
I've seen AI tools flag "critical vulnerabilities" that are impossible to exploit on-chain, hallucinate complex DeFi math, and completely miss actual attack vectors in the same file they were analyzing.
If you don't understand the protocol you're auditing, you can't filter that. You'll present both the real findings and the hallucinations with equal confidence.
AI is genuinely useful in auditing - but only once you have enough context to know when to trust it.
English
When people ask where to start in Web3 security, I give the same answer:
Start with an attack class library and work through it systematically:
- access control
- oracle manipulation
- reentrancy
- DoS
- MEV
Most people skip this. It's why they keep getting surprised by the same patterns.
English