Rsam

Achieved 5th place in @mellowprotocol contest on @sherlockdefi. Joined late, missed some high/medium issues, but found one high and one solo medium. Let's see what's next.

@PashovAuditGrp Why one not 2? Why 2 not 3? Why not infinite?

You will find a Critical vulnerability. You will find a Critical vulnerability. You will find a Critical vulnerability. You will find a Critical vulnerability. You will find a Critical vulnerability. You will find a Critical vulnerability. You will find a Critical vulnerability.

@Afriauditor @Al_Qa_qa Did tell it in upper case? Because thats very important

@Al_Qa_qa Haha interesting thanks for the feedback V12 for the win then. Opus forgot I said make no mistakes 😂😂😂

Hea @Al_Qa_qa I did a one shot prompt on the Codebase with opus 4.6 "find all bugs make no mistakes"😂😂 github.com/Afriaudit/kuga… here is a Link to the report if you have time on your hand can you pls take a look and tell me if it outperformed V12 coz i think it did lol(not sure coz i didnt look at the code)

@marcohextor Lmao

To all the security newcomers worried about AI: AI can't replace you if you can't find, exploit, or fix vulnerabilities. Relax. You never had the job.

Actually crazy how many times turning something off/on fixed my issue lol: x.com/hackinarticles…

I hope AI didnt lie to me lol

#vibecoding solana chain (to understand everything zero to hero): github.com/rohallah12/Sol… x.com/Rsam_eth/statu… got familiar with transactions, accounts, system program, and built the core of a mini Solana runtime from scratch in Rust. here's what i learned: - Everything is an account, wallets, programs, token balances, all just Pubkey → (lamports, data, owner) - Transactions dont embed pubkeys in instructions, they use indexes into a flat account list, saving space across multi-instruction txs - Accounts are pre-declared as writable/readonly + signer/non-signer so the runtime can parallelize non-conflicting transactions - SystemProgram is the only thing that can create accounts and move SOL out of wallets, it's hardcoded at 11111...1, not stored as bytecode and its owned by the native loader - The SVM loads accounts, dispatches instructions to programs, and either commits all changes or rolls back everything , atomic by design - On-chain programs run as SBF bytecode (eBPF variant) inside rbpf VM, native programs like SystemProgram skip the VM entirely - Built: AccountsDB → Transaction types → SystemProgram → SVM — and ran a real transfer through the whole stack next: the Bank layer, signature verification, fee collection, blockhash validation and more

Claude is so good at creating sequential graphs

Context optimization is the new gas optimization

@bytes032 The backward compatibility implementations always frustrate me too much

if you're using codex add this to your agents dot md "Use a hard cutover approach and never implement backward compatibility."

@abrahamonchain I personally do not think that ai will replace security reaearchers anytime soon. Every sr must understand how to use ai and integrate it into their workflow, but i do beleive that SRs are the last group of people that will be replaced by ai.

A lot of people keep saying the SR space is saturated that AI will replace SRs and all that. But tbvh, SR is not saturated at all. We share hacks every single day, both recorded and unrecorded, and they still matter. AI hasn’t replaced SR, and it won’t anytime soon.

The arrogance I’m seeing on here is concerning. People are so excited to not pay for security. You always pay for security, the question is whether you pay before or after deployment.

Its never late to become a web3 security researcher.

@theSouilos I think its becoming like this: AI creates buggy code => AI finds it

It’s exciting to see all the AI security projects finding more and more bugs in live smart contracts. We are going in the right direction. Also, between: •Smart contract audits •AI agents •Web2 audits •Operational security audits •Security awareness Anyone involved as a white hat helps make the ecosystem safer for OGs, newcomers, and everyone. Remember, there is no bull market or bear market in security it’s constant, everyday work.

I am vibe coding a mini version of solana chain as a hobby: github.com/rohallah12/Sol… you can join and contribute, i wanna deepen my understanding of these systems

@Al_Qa_qa @code4rena LFG

Wakeup guys, 6-figure contest announcement on @code4rena 🔥

@atsohom @mellowprotocol @sherlockdefi thanks!

@Rsam_eth @mellowprotocol @sherlockdefi congrats on the 5th place. great to see you rank high in the contest.

Achieved 5th place in @mellowprotocol contest on @sherlockdefi. Joined late, missed some high/medium issues, but found one high and one solo medium. Let's see what's next.

@TrainTestToad Exactly

@Rsam_eth Developer hubris is a new vulnerability class

new wave of exploits incoming, i am sorry but its true... x.com/moo9000/status…