Sabitlenmiş Tweet
၊|||!
1.8K posts
@DevDacian Found this in a recent move audit on Sherlock but couldn't get a clear way to exploit it.
English
💡Subtle Oracle / Math Bug💡
When a price aggregator uses multiple feeds to calculate on-going Moving Average (MA), it shouldn't also use as input previous MA values to avoid the MA increasingly reflecting itself rather than the market data.
Using previous values as input is useful to calculate Exponential Moving Average (EMA) where each new observation is blended with previous EMA using a "smoothing factor", causing recent values to have more weight while older values decay exponentially.
The correct way to implement both:
1⃣ aggregate multiple raw feeds into one clean price per desired time interval
2⃣ run either MA or EMA on that single price series
English
"If your benchmark for a good salary is $100,000 per year ($8,333 / mo) remote, then you are smoking crack if you think that salary is achievable within a year of grinding, given the current conditions."
Couldn't agree more. Back in 2021-22, VC money was flowing like water. Projects were fighting over a handful of Solidity devs, and companies threw absurd salaries.
Cut to 2025: Funding evaporated. Those same companies are now laying off hundreds of people.
That's the correction happening.
Unless you've been shipping consistently for the past 3 years, breaking into the six figure range as a developer is going to be a tough sell right now.
Jeffrey Scholz@Jeyffre
Let me add some color to this spicy tweet because I suspect some folks have interpreted this as "leave Web3." In 2020-2022 (before FTX crash), Solidity was legitimately easy money. Deploy a few "advanced" contracts, get a six-figure remote job. Report "function is reentrant" on code4rena and make $3,000. There was also an insane amount of money flying around due to the money printer working overtime and almost nobody knowing about Web3 dev. People were paying hundreds of thousands of dollars for monkey jpegs in case you forgot your history. It's no secret that 80% of the industry is essentially a casino -- and people only go the casino when they have extra money to gamble, and numbers are generally up only. That's been less and less the case as we move away from the pandemic years. Since then, the Web3 industry has been steadily contracting, while the supply of engineering talent has steadily increased to arbitrage the relatively easy money that Web3 offers. So, there is no more easy money career-wise in Web3. -- Now let me offer some nuance: 1) If you are born in a country with unfair advantages, and you think $1,000 / mo for a remote job is a great salary, then there are still opportunities for you -- if you can think on your feet. The market is too harsh to just follow a roadmap and get a steady job, but the opportunities are there. However, it won't be a "sip cocktails on the beach" kind of job. Even companies that are "doing okay" now have all the cards when it comes to job negotiation. 2) If your benchmark for a good salary is $100,000 per year ($8,333 / mo) remote, then you are smoking crack if you think that salary is achievable within a year of grinding, given the current conditions. It used to be. It's not anymore. If you have an exceptional background (i.e., you won math or programming competitions), then Web3 might have some advantages for you relative to other industries, as web3 is still somewhat merit-based. If you have a cryptography or distributed systems background, then you have the necessary edge. You can make $100k in Web3, but not if you are starting fresh. You need some kind of an advantage going into it. I personally had a huge advantage -- I already had decades of technical writing experience + leadership experience at big tech. RareSkills didn't succeed only because I tried hard. There is no such thing as a junior solidity dev or junior auditor anymore. What anyone calls a "junior" today would have been "senior" two years ago. -- Keep in mind, I actually have a financial incentive to tell you "OMG YOU CAN MAKE $100,000 IN WEB3 DEV/AUDITING" -- I run a web3-oriented bootcamp and recruitment company for crying out loud. In fact, even if you don't take our bootcamps or use @RareTalent_xyz, the more people who are (at least attempting) to do something related to Web3 dev/auditing benefits me because I can show more numbers on the RareSkills website and cut bigger deals with other companies. So no, I still want you in this industry -- if anything -- for selfish reasons. So am I just trying to scare people away? Well, I am trying to scare away the people who ought to be scared away. And I'm doing them a favor. They'll be disillusioned when they find out that the messaging they repeatedly got that "entry-level jobs pay well and are relatively easy to obtain" isn't true. Those are the sort of people who will leave crypto and never come back. We don't want that. -- Now let's zoom out. In most countries, it requires at least six years of schooling to get "six-figure jobs" like accounting, medicine, law, architecture, etc. Six years to six figures. Has a nice ring to it, and it's what most industries seem to converge to. If you can grind in Web3 for six years, I guarantee you will succeed. RareSkills hasn't even been around that long. Heck, Solana is barely six years old. But if you're willing to grind for six years, why not just do one of those traditional jobs? One valid answer is that you live in a country that doesn't offer them. Fair. But can you sustain grinding for six years, let alone three? Objectively -- most people cannot, whether due to personality traits or circumstances. Your decision should be conditioned on those time horizons. In fact, there was once a time I made the RareSkills Solidity bootcamp 5-6 months long. The very long duration was to scare away people who weren't willing to invest in self-development for long periods. I saw many disciplined people join with the right intentions, but life still got in their way. So if someone I judge to be disciplined commits to a five-month program and pays several thousand dollars to join, but life still gets in the way, what does that tell you about how tough the journey into web3 is? It says most are not going to complete the journey even if the stars aligned at one point. So I shortened the bootcamps to a max of 1-3 months because life can be unpredictable for most people on longer time horizons. This has nothing to do with "lack of discipline" or "not sticking to goals." Life happens. -- Here's my advice: Only do Web3 because you honest-to-goodness love it. That's the only way you can grind for so long. I've mentored hundreds of people. The ones that made it 1) genuinely enjoyed the subject and 2) came in with at least some kind of an edge. If you "enjoy" web3 because you think it will get you a good salary someday, you are in for a rude awakening. I've seen this play out several times. Even if you get lucky and land a job, you'll not genuinely enjoy what you do. Then you will coast, then the job market goes south, then you are toast. Opportunism either makes it out early or gets washed out eventually. I've seen that play out over and over. If you know deep down inside you are opportunistic, then I suggest making a quick buck on AI agents while you still can. The attitude of "making a quick/easy buck" actually keeps you poor. The "easy money attitude" keeps you staring at charts, hoping for the lucky trade that never comes. The "easy money attitude" keeps you passively consuming technical content like a dummy thinking that doing so brings you closer to your dream job. The "easy money attitude" keeps you spending more energy thinking about the future than making the future happen. Have an edge. Choose long-term. Choose fun.
English
@SolidityScan The bug is deposit() overwrites unlockTime instead of extending it. If a user locks for 1000 days and later deposits again with the minimum 365 days, the unlock resets to now + 365, allowing them to shorten the original lock and escape early.
English
Day 2: Calling all bug hunters
The #FindTheBug challenge continues. Find the bug and share the correct answer below
Win $500 worth of free access to SolidityScan
English
We’re hiring Security Researcher Interns for Kann Audits!
Interns will be paid weekly and should know at least one of Solidity, Rust, or Move. We’re looking for highly motivated hustlers eager to grow.
Given how hard it is for new talent to get recognized, we’re launching our first official internship program to help interns build real portfolios, collaborate with others, and level up their skills.
Apply here:docs.google.com/forms/d/e/1FAI…
After applying, comment ‘Applied!’ below 👇
English
@raopreetam_ @QuillAudits I'm interested, but I can't send a direct message.
English
We’re looking for 4-5 Security Audit Interns at @QuillAudits academy who don't just "read" code, but break it.
The Stack: Solidity, Rust, Move.
Nice to have: Hands-on experience with Testing & Fuzzing (Foundry, Echidna, Medusa).
This is an unpaid 3-month internship designed as a high-octane trial. Perform well, and you’ll be fast-tracked into a Full-Time Auditor role.
If you think like an attacker and build like a defender, let's talk
English
No disrespect to data analytics, I respect the skill and the money there.
But if you are asking why people switch from data analytics to marketing, here is the honest answer.
Marketing has a lower entry barrier.
More businesses actually know they need marketing.
Most businesses do not even know they need data analytics.
A small business in the US with no structure will gladly pay a marketer $300–$500 per month to bring leads or sales. That same business will not even understand what a data analyst is offering them.
Data analysts make good money, but you must be very specific about your clients, your niche, and your positioning. It is technical, slower to break into, and harder to sell, especially as an African trying to land foreign clients.
Marketing is universal.
Every business needs it.
You can learn it faster, implement it faster, and get paid faster.
If your goal is to make your first 1 million naira quickly, marketing gives you more shots on goal than data analytics. Not because it is better, but because demand is obvious and immediate.
Both skills pay.
One just sells itself easier.
Oluwaseyi@AnalystSeyi
@TechnicalBben Data Analytics to Marketing I’ve seen this a lot on X. Why is everyone switching? Is there anything wrong with Data Analytics that I don’t know yet?
English
၊|||! retweetledi
10 YouTube Channels That Actually Make You a Better Web3 Builder (2026)
1. Ethereum Foundation (@ethereum) :
Deep dives straight from researchers and core contributors.
What it proves: You learn from primary sources, not summaries.
👉 @EthereumFounda8" target="_blank" rel="nofollow noopener">youtube.com/@EthereumFound…
2. Dapp University (@DappUniversity):
Clear explanations + hands-on dApp builds.
What it proves: You can translate theory into working code.
👉 @DappUniversity" target="_blank" rel="nofollow noopener">youtube.com/@DappUniversity
3. Patrick Collins (@PatrickAlphaC):
Smart contracts, security and Foundry done right.
What it proves: Security-first engineering mindset.
👉 @PatrickAlphaC" target="_blank" rel="nofollow noopener">youtube.com/@PatrickAlphaC
4. Smart Contract Programmer (@ProgrammerSmart) :
Focused Solidity patterns and real contract examples.
What it proves: You understand Solidity beyond copy-paste.
👉 @SmartContractProgrammer" target="_blank" rel="nofollow noopener">youtube.com/@SmartContract…
5. Whiteboard Crypto (@WhiteboardCryp1):
Explains complex crypto concepts simply and visually.
What it proves: Strong fundamentals and mental models.
👉 @WhiteboardCrypto" target="_blank" rel="nofollow noopener">youtube.com/@WhiteboardCry…
6. a16z Crypto (@a16zcrypto) :
Ecosystem, incentives, governance and long-term thinking.
What it proves: You think beyond code.
👉 @a16zcrypto" target="_blank" rel="nofollow noopener">youtube.com/@a16zcrypto
7. Chainlink Labs (@chainlink):
Oracle design, cross-chain concepts and real use cases.
What it proves: Infra-level understanding.
👉 @chainlink" target="_blank" rel="nofollow noopener">youtube.com/@chainlink
8. Zero Knowledge (@zeroknowledgefm):
ZK research, protocols and real-world applications.
What it proves: You’re serious about advanced cryptography.
👉 @zeroknowledgefm" target="_blank" rel="nofollow noopener">youtube.com/@zeroknowledge…
9. Flashbots (flashbots.net) :
MEV, auctions and Ethereum market structure.
What it proves: Economic security awareness.
👉 @FlashBots" target="_blank" rel="nofollow noopener">youtube.com/@FlashBots
10. ETHGlobal (@ETHGlobal):
Hackathon talks, demos and builder stories.
What it proves: You learn from builders shipping in the wild.
👉 @ETHGlobal" target="_blank" rel="nofollow noopener">youtube.com/@ETHGlobal
(save it)
English
I can be on DLT today, be on EVM tmw, be on Web.
I've found my space ngl.
English
If you audit consensus-layer code long enough, you start to notice a pattern.
A simple 4-question rule has caught ~80% of the node-crashing DoS bugs I’ve encountered.
When auditing consensus code, explicitly ask:
1️⃣ Is this value derived from network input?
2️⃣ Is it being indexed or dereferenced?
3️⃣ Is there a guard before use?
4️⃣ Does a panic here crash the node or just the message handler?
If you answer yes to 1 + 2 and no to 3 → you probably found something real.
English
၊|||! retweetledi
1/
Recently I started using Claude Code in my audit workflow.
I spent quite some time setting it up properly, and only then decided it was worth talking about.
This is not a post about replacing audits with AI.
It’s about where it actually helps — and where it doesn’t.
English
၊|||! retweetledi
I strongly believe whitehat hackers are the highest tier of technical talent in web3. We work with many of them and we get audit join requests for our team DAILY.
Currently, it's @cvetanovv0 who takes on all of the applications. Follow him, comment below and he will reach out🫡
English
၊|||! retweetledi
This is still one of the best and most underrated graphs on the EVM architecture and execution context.
If you are just starting to learn the EVM or want to refresh your knowledge - Chapter 14 in Mastering Ethereum 2.0 is the best place to go.
github.com/ethereumbook/e…
English
I need for contest too. I'm just 6 months in. Come with a little proof of grit atleats.
playboi.eth@adeolRxxxx
I need someone as hungry and mad like me for a team mate in bounty hunting.
English
@adeolRxxxx I need for contest too. I'm just 6 months in. Come with a little proof of grit at least.
English
I need someone as hungry and mad like me for a team mate in bounty hunting.
English
Not directly. The yield isn’t paid out to you - it’s used to fund development and operations.
Your upside comes from two places:
If the product succeeds, the team buys back the tokens at a premium - that’s your profit.
The token trades on the market, so if its price goes up, you can withdraw and sell it for a gain.
Your original investment stays protected, while the upside depends on delivery and adoption.
English
The @flyingtulip_ perpetual put option token model is a clever twist on token fundraising, significantly reducing investor downside while preserving upside if the protocol delivers.
The idea is simple but smart: raise funds, deploy them into low-risk DeFi strategies, and back tokens with never-expiring put options redeemable at their original value.
I’ve already spent a few days auditing the codebase, and so far, it looks very solid. Fresh ideas like this, paired with a strong dev team, greatly increase the odds of success.
I expect others to adopt this approach as well.
English
If I started in crypto in 2026, here is what I would do:
1. Choose a skill
There are 100 different roles that you can take and all are important. We need more and better developers, BDs, marketers, salesmen, and auditors.
Research them all, find people from any of those roles (and more) and ask them:
- What they do exactly
- How long it took them to reach this level
- How easy it was for them to start
- How much they are making (ask for ranges, people are more comfortable answering)
- Ask until you start hearing repeated information
2. Pick one
With all of them, you can make a ton of money and, most importantly, be valuable and hardly replaceable (stability). Or you can be a freelancer working for whoever pays the most, living the free life.
3. Do it for a month or two and reassess
Don't expect to be good after just 1 or 2 months. You will suck, and you will suck for the next year or 2. But you may realize you picked the wrong thing. There is nothing wrong with that, you just didn't have enough info at the time.
How will you know if it's right?
If you like what you are doing, show potential, or can imagine yourself doing it for the next 5-10 years, then it might be right for you. Otherwise, feel free to pick something else.
4. The long grind
The most difficult part - not quitting. Most things take years to get good at. However, crypto is a new frontier and opportunities are everywhere. As long as you take them and take the risk, you will improve and you will do it faster than most other niches.
When you get good enough, you'll hear more YES-es than NO-s.
English
This is one of my best private audit so far.
Client was super supportive & responsive. I am glad to have worked with @EfficioiVitae and my fellow auditors on this.
Thanks @gowtham_ponnana for this opportunity.
If you looking to hire a full time, in house researcher, hmu.
Gowtham Naidu Ponnana🇮🇳@gowtham_ponnana
Finally, got some time to tweet back on this after weeks of delaying... The private audit for @Umbrae_Ignis has been completed and these guys are real chads! The Audit stats: - 6 Criticals - 5 Highs - 6 Mediums - 14 Lows - 7 Informationals A big shoutout to my fav 3 people: @0xiehnnkta @adeolRxxxx and @10ap17 who did the best work! These guys have been constantly discussing about the findings, logics, validations and everything and genuinely this is how teams should work. For me, these are nothing short of extraordinary and if you guys want to have any private audit -- Don't hire 1, Hire these 3!!! These guys rekt your codebase to the core. Special mention to @0x_Ashish who sprinted fast on the codebase and covered majority of the common findings! Thanks to @EfficioiVitae for giving this opportunity to these chads! On to the next round of audit!!!
English