BurraSec

44 posts

BurraSec banner
BurraSec

BurraSec

@burraSec

Securing Cross-Chain Protocols. DM for security review @windhustler. About: https://t.co/s2BZ6RQfHS

Katılım Mart 2025
3 Takip Edilen441 Takipçiler
BurraSec
BurraSec@burraSec·
Our researchers utilize AI, but we never want to rely on it too much. Every PoC, every exploit scenario — we make sure we understand everything 100%. Our mission is to secure the web3 space, and we'll use any tool available to make this mission succeed. We're here for the long run.
English
2
0
7
399
BurraSec
BurraSec@burraSec·
Our researchers are top-class, with some of them having 10+ years of software development experience. Lately, we've been doing more and more deployment script reviews, reviewing deployed contracts, analyzing codebases that are about to launch on new chains, and similar tasks. We're well-equipped to take on any task beyond your typical security review. DMs are open.
English
0
0
26
1.2K
BurraSec
BurraSec@burraSec·
We've been working on solving the hardest problem in web3 security. How do you find the most complex vulnerabilities that slip through rounds of private audits, AI reviews, competitive audits, and bug bounties? Sometimes the simplest solution works best. Get the best whitehats in one room and let them collaborate freely.
English
5
0
38
2.1K
BurraSec
BurraSec@burraSec·
Our greatest pride is contributing to the giants of our industry. We've helped secure: - @centrifuge: $1.3B+ TVL - @lifiprotocol: $60B+ total transfer value, biggest Bridge & DEX Aggregator in the space - @PancakeSwap: $2.9B+ TVL - @zama: one of the biggest players about to transform the privacy space
BurraSec@burraSec

We have extensive experience reviewing cross-chain integrations. We have reviewed: - @LayerZero_Core - @axelar - @AcrossProtocol - @wormhole - @RelayProtocol - @chainlink CCIP - @eco - @gardenfi - @lifiprotocol Check out the reports at: github.com/burrasec/Secur…. Reach out if you're building across multiple chains.

English
1
1
15
914
BurraSec
BurraSec@burraSec·
Some of our audits are fully collaborative, while others foster competition between researchers. There's no magic pill, and every engagement is different. We've been experimenting a lot with different modes of working. For every engagement, we think through what will yield the best results. Constant improvement and an iterative approach are our greatest strengths.
BurraSec@burraSec

Biggest danger with AI is getting sloppier at everything you do. This can slip up on you if you're not vigilant. AI makes false claims while sounding confident. One of our core values is thoroughness. That means leaving no stone unturned — but it also means every reported issue has to be understood 100% and tested with a POC (Proof of Concept). We've read too many audit reports with false claims and wrongly identified issues. Making mistakes is normal, but in the final deliverable, we aim for assertiveness and confidence in all our claims.

English
2
0
14
479
BurraSec
BurraSec@burraSec·
Biggest danger with AI is getting sloppier at everything you do. This can slip up on you if you're not vigilant. AI makes false claims while sounding confident. One of our core values is thoroughness. That means leaving no stone unturned — but it also means every reported issue has to be understood 100% and tested with a POC (Proof of Concept). We've read too many audit reports with false claims and wrongly identified issues. Making mistakes is normal, but in the final deliverable, we aim for assertiveness and confidence in all our claims.
BurraSec@burraSec

Researchers working on Burra Security audits are world-class. With competency and class, you'll often find ego. Researchers work independently, and during certain checkpoints throughout the audit, all researchers share their findings and brainstorm together — combining attack vectors, maximizing the outcome, and pushing for really complex issues. During these sessions, it's PARAMOUNT TO PUT EGO aside and focus on combining attack vectors, maximizing the impact of each issue, and making sure there are no false claims. Discussions around severity come last. That's our golden rule!

English
1
1
9
1K
BurraSec
BurraSec@burraSec·
Researchers working on Burra Security audits are world-class. With competency and class, you'll often find ego. Researchers work independently, and during certain checkpoints throughout the audit, all researchers share their findings and brainstorm together — combining attack vectors, maximizing the outcome, and pushing for really complex issues. During these sessions, it's PARAMOUNT TO PUT EGO aside and focus on combining attack vectors, maximizing the impact of each issue, and making sure there are no false claims. Discussions around severity come last. That's our golden rule!
BurraSec@burraSec

We try to keep our audits and all the bureaucracy around them dead simple. No introductory or close-out calls — we didn't find any value in having these. Unless there's a serious discussion happening, they're usually a waste of time. Instead, at the end of the audit (or at predefined points for longer engagements), each researcher provides their assessment of the work done: 1. On a scale of 1 (likely bugs remain) to 10 (low likelihood of bugs), how confident are you that no serious bugs remain? 2. Are there any contracts or areas you couldn't cover in depth? We collect feedback from every researcher and sum it up into a general assessment for the client. The purpose is two-fold. First, we keep each researcher accountable — they own their work at the end of the audit. The outcome is binary: either the project is ready for deployment, or they should spend more time securing their codebase. Second, the client gets a clear and honest picture of where they stand. Feedback from clients on this process has been very positive, and we'll keep doing it.

English
1
0
15
2K
BurraSec
BurraSec@burraSec·
We try to keep our audits and all the bureaucracy around them dead simple. No introductory or close-out calls — we didn't find any value in having these. Unless there's a serious discussion happening, they're usually a waste of time. Instead, at the end of the audit (or at predefined points for longer engagements), each researcher provides their assessment of the work done: 1. On a scale of 1 (likely bugs remain) to 10 (low likelihood of bugs), how confident are you that no serious bugs remain? 2. Are there any contracts or areas you couldn't cover in depth? We collect feedback from every researcher and sum it up into a general assessment for the client. The purpose is two-fold. First, we keep each researcher accountable — they own their work at the end of the audit. The outcome is binary: either the project is ready for deployment, or they should spend more time securing their codebase. Second, the client gets a clear and honest picture of where they stand. Feedback from clients on this process has been very positive, and we'll keep doing it.
English
0
0
12
2.1K
BurraSec retweetledi
Centrifuge
Centrifuge@centrifuge·
Centrifuge V3.1 has been under continuous review since August. @burraSec just closed out their third and final report ahead of launch. Security as an ongoing process.
GiuseppeDeLaZara@windhustler

We’ve been working with @centrifuge on a series of security audits since August 2025, ahead of their v3.1 launch. The focus were the cross-chain components of their system. The team has successfully resolved all the issues! Check out the reports: - LayerZero integration: github.com/burrasec/Secur… - Initial v3.1 report: github.com/burrasec/Secur… - Final v3.1 report: github.com/burrasec/Secur…

English
4
5
39
2.7K
BurraSec retweetledi
GiuseppeDeLaZara
GiuseppeDeLaZara@windhustler·
Privacy is back in mainstream crypto, and @zama is one of the biggest innovators in this space. I'm proud to announce a security partnership between @burraSec and @zama!
GiuseppeDeLaZara tweet media
English
6
2
39
3.6K
BurraSec retweetledi
GiuseppeDeLaZara
GiuseppeDeLaZara@windhustler·
Starting the week strong by reviewing @RelayProtocol integration that the team at LI.FI has built!
GiuseppeDeLaZara@windhustler

If you’ve ever sent tokens across chains, there’s a 99.99% chance you’ve interacted with LiFi. They’re the powerhouse DEX and bridge aggregator across a plethora of chains. I’m thrilled to announce a security partnership between @burraSec and @lifiprotocol. We’ll be reviewing ongoing changes to their system to ensure top-notch security!

English
1
1
16
2.5K
BurraSec
BurraSec@burraSec·
We're starting a new security review with our friends @centrifuge today. It's a PR review for their LayerZero integration!
English
0
0
13
2.2K
BurraSec retweetledi
GiuseppeDeLaZara
GiuseppeDeLaZara@windhustler·
Check out the latest podcast episode of THE NETWORK PODCAST with @Montyly! Josselin is a leading expert in web3 security. He’s built security tools, guidelines, and influenced the direction of the web3 security space through his work at Trail Of Bits. topics: - Josselin’s background - Web2 vs Web3 security - Scaling Trail Of Bits - Slither - The role of AI in security - Static analysis vs LLMs - Open source tools and marketing - Evaluating blockchain security maturity - Tools and techniques projects should adopt to make their codebase resilient - Security review vs audit - Attracting researchers into the space - Starting a web3 security agency - Traits that make a great security researcher - Favorite books / Zero to One | The Coaching Habit YouTube link below
GiuseppeDeLaZara tweet media
English
2
2
17
4.6K
BurraSec retweetledi
Gojo
Gojo@0xGojoArc·
Intents are one of the strongest contenders for driving Web3 mass adoption. But how exactly do they remove UX complexity? How can they abstract away all the cross-chain interactions and logic? Here’s a sketch I made to illustrate the journey of an intent. Huge thanks to @burraSec and @octane_security teams for reviewing and sharing their feedback. Shout out to @windhustler for the insights!
Gojo tweet media
English
7
11
58
5.6K
BurraSec retweetledi
Remilux
Remilux@RemiluxMaker·
Staking has launched on app.remilux.xyz Lock your Remilux. Earn Aura. Compete for prizes. 90d Lock — Eligible for Milady raffle in 10 days 60d Lock — Win exclusive 1/1 Remilux 30d Lock — Raffles include Common, Uncommon & Rare Remilux Security is a top priority. We engaged @octane_security to provide an AI-powered security analysis of the codebase along with a manual audit. @burraSec also provided a manual audit by @windhustler.
Remilux tweet media
English
18
14
78
4.9K

Keşfet

@centrifuge @lifiprotocol @PancakeSwap @zama @LayerZero_Core @axelar @AcrossProtocol @wormhole