DemoreXTess

New milestone unlocked: I’m now officially an LSW at Sherlock DeFi after securing 1st place in the recent “Burve” contest with a solo high-severity finding. This is just the beginning. Holding this title requires consistency, and I’m fully committed to maintaining the standard. Big thanks to @sherlockdefi for the opportunity. I’ll do my best not to let anyone down.

🥷One-shotting Threat & Trust models, invariants (stated & inferred), Git History & tests analysis and much more within a sub-10min run. This is the new "X-Ray" tool on pashov/skills. Free & Open Sourced. Let us know if we should keep building these🫡

@Fav_Truffle Stay on cash 💵

Crypto is dropping. Gold and stocks are dropping too. Real estate in Turkey looks similar. What do we buy now?

🚨Solidity Devs: this FREE AI security tool's been used by 1000+ people and has found tens of Critical/High vulns in real codebases. solidity-auditor v2 is OUT - now with 7 specialized sub-agents on top of v1. Free. Open Source. 1min install. Pls share if you find it valuable🫡

@Fav_Truffle We still face with multi million dollar hacks which lives for 4 years in old projects. I keep getting surprised by this.

What keeps surprising you in 2026 security researchers? On the business side, I keep getting surprised by how many teams value audit reports more than the actual findings lol.

@0xSilvermist Coverage is good but more context is needed, what did it miss ?

Is 18 out of 23 bugs good coverage for an AI? Asking for a friend 🤔

There is no best time to start. The best time to start is always right now.

@Fav_Truffle @sherlockdefi 😍

Fav Junior is 3.5 months old already 😎 The best present from the best team - Thanks @sherlockdefi 🤍❤️

@philbugcatcher @Certora Congrats mate 🥳

I'm happy to share that I've been promoted to Senior Security Researcher at @Certora!!! 🎉🎊 Now I have twice as many bugs to catch Back to work

@MartinMarchev @Certora Congrats!

I am happy to share that I have been promoted to Senior Security Researcher at @Certora. Huge thanks to the team for the trust, support and for setting the bar high every single day 🫡 Onward. Plenty more work to do 💪

@vinicaboy Of course, especially if the guy is vinica boy. 🥳

seems like you can still make some money from contests

@0xCharlesWang Nope, you're not the only one. But I think the problem is not the function, solidity extension in vscode, it would be good to see it can forward to correct one

Am i the only one who dislikes it when there are same function names with different parameters? It really becomes confusing if there are suddenly three internal functions with the same name but different parameters

@s4muraii77 It makes sense, a little unlucky from your side 🫤, I wish you find Critical next 🐐

@demorextess it is because even though the manager is not considered trusted in regards to not stealing funds, he is still a manager and not just everyone can steal the funds. This is explained in the project's bounty page, so it is the fair decision.

@infosec_us_team @only01Essential @immunefi This is the only message which all the bounty hunters to read

This is why I think @immunefi mediation is mostly pointless. if the project doesn't pay well,or doesn't want to pay at all, you are on your own. For this project I found a bug in their in scope assets, were a user loses funds for a certain product type. It was clearly critical, so I submitted it as one. Few days later they acknowledged the bug then told me they don't currently use such products that it was implemented for the future usage, then lowered severity to Medium. Given their reward tiers 25k+ for highs, and the severity of the bug, I was hopeful, that they will pay well, ladies and gentlemen, I was in awe when they marked my report as paid, and what they sent me was $300. The most annoying part here is how they completely ignored me, they ignored all prior questions I asked, even when immunefi tagged them to respond, they still ignored, until they paid $300 they never responded even once to my comment. Given that their program shows they are willing to pay over a million for critical findings, then paying $300 for one, it was a very painful experience. Now, three months after requesting mediation, immunefi left without a word. In cases like this, it makes you wonder if you should have just withheld the bug, cause most of this projects are monsters, all your time and efforts means nothing to them. I have learnt not to trust this projects and the platforms, so always explore other options and see what works. Through out December I focused mostly on @xyz_remedy bug bounty, they work fast, but their SLA is hardly adhered to. Currently, i think when it comes to feedbacks and support @HackenProof is the best right now. I don't know about you guys, but having your report closed for a very stupid reason then having to request mediation inorder to comment is a pain. And mediation takes a very long time, or sometimes forgotten, like my case. Though there are projects that wait for your input before closing on immunefi.

@Fav_Truffle @OptimismGov That's awesome, congrats mate 🥳

I'm excited to announce that 5 out of 6 teams awarded @OptimismGov Season 8 OP Audit Grants is coming from me 😎

@s4muraii77 @sherlockdefi Congrats mate! 🥳

Happy to share yet another win 🫡 This is now my 5th consecutive @sherlockdefi win.

Ready for the battle 🫡

@cvetanovv0 I feel like that's my photo which is taken with you 1-2 weeks later 😂

@0xSimao Where should I sign ✍️

The audit is only finished once you've memorized the codebase entirely, no excuses

@Fav_Truffle @sherlockdefi Omg, that's best thing that I have seen today. Congratulations Fav Daddy 🥳🎉

The @sherlockdefi family just got a new (tiny) member! 👶❤️