c3phas

@0xSmartContract @code4rena it was a great ride

@code4rena officially shuts down today. I have been competing on Code4rena since 2022, and Web3 security became much more meaningful for me because of this platform. This platform gave me many memories and introduced me to many wonderful people. I met amazing people, joined great events, and admired some of the smartest people I have ever seen in my life. I feel that a big part of my success came from the inspiration I received from them. @cmichel ➡️ I learned I this field under your leadership, and you inspired me a lot. @0xRajeev ➡️ Secureum was like a school for us. You coached us so well there, and that training made our fingers stronger. @trust__90 ➡️ Your reports, your speed, and your strong escalations sharpened me. You showed me that there is no real limit in Web3 security. @pashov ➡️ It was a great pleasure to compete together. Later, seeing you build your own audit firm and grow on this path became an inspiration for me. @gpersoon ➡️Your high-quality style has always been an example for me. @IllIllI ➡️ We all learned from your QA and Gas reports. Almost everything I know about Gas came from your great reports. @jeiwan7 ➡️ I learned the deep parts of Uniswap from you. @GalloDaSballo ➡️ As a judge, you gave me a great perspective. I learned how to judge audits from you. @0xSorryNotSorry ➡️ My dear brother, thanks a lot @IAm0x52 ➡️Your style and your game-breaking mindset taught me a lot. @sw0nt ➡️ I was inspired by you to think at the bytecode level. @c3ph_ — We improved each other a lot through Gas reports. With Code4rena, one era has ended.See you in the next one. 🫡 Proud to be part of the C4 journey since 2022. Thank you @code4rena

@0xcastle_chain 0xFrankCastle

when you think about Solana security and audits, what's the first thing that comes to mind?

‼️ MAJOR ANNOUNCEMENT TLDR: - Trust Security is now TrustSec. New name, new logo, new website. - We’re setting industry standards on how security teams communicate their work. Our entire portfolio is now on open display - every audit, bounty, contest win. Full transparency, zero gatekeeping. - Going further, we present every competitor audit ran in parallel to us, on same commit. No cherry picking. It’s a pure measure of skill, and the results are conclusive. - Same team, same standard, same depth. The quality never changed. Now the visibility catches up. Everything's in place to hit entirely new ceilings. Full breakdown below ⤵️

Announcing the Solidity Testing Handbook ✨ Fully free, one-stop resource for Solidity developers and security researchers. Resources are currently scattered across blogs, docs, and forums. I found it difficult to keep track of everything in one place. This handbook aggregates all testing patterns from basic unit tests to advanced mutation tests into a single, well-organized guide for quick reference. It’s built from my own learnings and best practices observed in popular codebases. soliditytestingbook.com

@0xriptide Not same guy, Nagli is a very good web2 hacker(million $ + earned)

same guy?? bounty hunting masterclass 4 sale

@arsen_bt Defendor

I want to start a community dedicated to Web3 security auditors. It's becoming harder to enter the field and find complex, valid bugs. This will be a space for sharpening security skills, studying attack patterns, real exploits, and current attack techniques. Comment "Defendor" if you want to join and I'll DM the link

@shealtielanzz @sigp_io @andyfeili @kirkthebaird Congrats mate

I am now Officially a full time Security Engineer @sigp_io ⭐️. 🤩 Enjoyed and learnt a lot from my internship! Now time to upscale myself and get better at what I do. Special thanks to Jesus, @andyfeili @kirkthebaird 😁 Let’s keep protecting the web3 security space with 💗

We are cooking

most people don’t fail to learn web 3 security. They fail to decide. 1) dude, make working 2-4 hours rational, not romantic. Love of the stuff gets you started; logic keeps you in the game. Pick one thing, (e.g Solana and Rust, solidity + EVM) and one outcome (find 1 real bug in a public repo). stop everything else. I did that 1 year ago. 2) failing is part of our job. “No idea” “no time” “No money” “No mentor,” “No confidence.” cool. AnticiPate it, plan around it, keep moving. 3) kill the five excuses Time: You don’t need more hours; you need fewer distractions. Do 60 minutes/day, timer on, phone in another room. grow from there. money: Free repos, free write-ups, free CTFs exist. Pay later if you want speed; start now regardless. Check Solodit, Rareskills, Cyfrin Updraft.... etc Fit: “I’m not technical enough.” You will be technical, bro, after 20 focused sessions. Not before. dig deep first. Authority: Stop asking the timeline for permission. Ask for feedback after you ship a PoC. Avoidance: “I’ll think about it.” No. Decide: 30-day sprint, or don’t do it at all. 4) learn like a small boy every bug starts as a dumb question: “What happens if this state flips between calls?” Keep asking until the code taps out. 5) record everything. screen-record audits. Hot streaks have patterns (where you paused, what you probed). Rewatch your hot tape. iterate. May be write in a book or a journal on the wall. 6) build the trust bridge (with yourself) Do you believe this process will make you better? Do you trust your plan enough to execute it for 30 days? Do you believe it will work for you, not just for “smart people”? If any answer is “no,” fix that first; tools won’t save your doubt why do you want to be a security researcher? will you make more money to buy your mum her house? do you want to marry? do you want to own your car? whatever.. 7. direction > perfection. Your first wins are tiny: a failing test, a weird invariant, a reproducible edge case. stack them. Directionally right beats eternally waiting for “the perfect course.” 8) New identity, new priorities. You’re the kind of person who reads code daily, writes tests, and proves claims. Spend time/money accordingly. If it doesn’t move you toward “find 1 bug,” cut it. 9) Mini-playbook (30 days): Days 1-3, Environment + repo anatomy. Read one protocol end-to-end; map state variabless & trust boundaries. Days 4-10: Attack surface: auth, price oracles, reentrancy, rounding, share accounting, upgrade hooks. Write one failing test per vector. Days 11-20: Deep study 1 module. threat-model it. Try to break invariants. Document every failed attempt (gold for future you). Days 21-27: Pick one credible vulnerability pattern; hunt it across two more repos. Days 28–30: Package findings: minimal PoC, impact, fix suggestion, reproducibility. Publish or submit where appropriate. 10) Commit line (copy-paste this somewhere visible): “Indecision is a decision. I’m choosing progress for 30 days. One hour. Every day. No Excuses.” Just do the work and post your learnings. If it helps, you’ll know, because your code will start bleeding less. If you have any question my dm is open.

🏆 @neutrl Audit Contest Results 🏆 Congrats to: $118,000 rewards ➡️ $16.4M+ paid out in rewards.

The @OpenEden_X crowdsourced audit is complete! ✅ 186 reports submitted ✅ 6 valid findings accepted ✅ $5,000 in rewards allocated Congratulations to all researchers — and special kudos to top hackers like @0xTonraq and @nem0thefinder.

@shealtielanzz @sigp_io @andyfeili Congratulations mate

I feel so honored to be accepted into the @sigp_io Internship program. And I would like to extend my gratitude to @andyfeili for this bringing me into this space. My life change when I submitted a QA in the method he specified to earn the first time ever in my life! Thank you!

@shafu0x Does building my life count

Just made my first angel investment. Looking to do more of these. Reach out if you are building something interesting.

@BowTiedDravee @nisedo_ @WhiteHatMage Rest assured I read them even if no one else does :)

@nisedo_ @WhiteHatMage It's exactly what i did tbh justdravee.github.io It was very easy to setup. But you won't have traffic data and such. I have absolutely no idea if anyone in the world has ever read my articles 😂 Probably worth digging in the other alternatives if you want the data

@shealtielanzz @0xMackenzieM @lonelysloth_sec Now you get it

@0xMackenzieM @lonelysloth_sec I should delete twitter?

Some people will make $2.6M on Immunefi and never make a twitter account ... actually @lonelysloth_sec had over $1M before spinning one up. Lesson in there

@0xOwenThurm @GuardianAudits dm'ed

Security Researchers! I'm proud to announce that @GuardianAudits has opened our Web2 Security roles to public application! Want to join our mission to secure the full stack of revolutionary financial applications & institutions? → Comment below → & Shoot me a DM

🧵For 2 years (2023-2025), @ether_fi conducted 18 audits More than 25+ High vulnerabilities were found. Here is a short, simple explanation of the 16 most important findings. 🔖Bookmark this thread or read it now👇

@MVadivalan More learning happens on that application part

30 Days of Learning: Smart Contract Security Researcher Journey 🛡️🛡️ Day 26 🔥 studying more vulnerabilities from different resources and trying to apply it in codebase.

@shealtielanzz Good to see you overcome that mate, to more accomplishments 🥂

Biggest Milestone of my Life🎉 Nobody might care about this but 10 years ago, someone older than me allowed me access to explicit videos, which almost ruined my life. After years of trying to stop and gain control over myself in order to quit the addiction. Watched so many videos and tried a lot of things but every effort proved obsolete. Making money from web3 made it even worse as money fuels uncontrollable desires. It was bad enough for about 3 days of self control was impossible for me but I believed by turning to God through Christ. This year was that of reckoning, prayed a lot, sleepless nights praying, multiple 3 days and nights of dry fasting with no food and water, since this year, I ate no food on all Tuesdays, and will continue that. When I tried to change every month of the year, something would come and cause me to fall back but I choose to turn everything to God. To be able to do my 1001 days challenge I had to first be rid of the addiction that wants to ruin me, I found out that it wasn’t normal but powers and forces unseen causing such violence to humans, as explained by Christ. It was also a deep sin against the body and God, I watched multiple videos and learnt a lot. As David said “ Oh lord your word have I kept in my heart that I might not sin against you” The word of God brings life so I read 5 chapters of the Bible everyday, it was part of my challenge but I choose to keep it secret hehe by The Inspiration of the Holy Spirit. After years of struggling, I decided that believing and trust in God, it would be the first thing I gain power of in my 1001 challenge and finally. 30 days of No more addiction 🍃 This is the biggest thing I’ve achieved in my life yet. More to come by God’s grace. All Glory to God through Jesus Christ. You can do it! Don’t quit, sharing even though I don’t want to in order to inspire others. Now more energy to focus on bigger goals and avoid falling back ever again In Jesus Name! Amen 🙏