Jordy

I Exploited CVE-2025-55182 (React2Shell) and Got Shell Access! How? Read it here → jordydekoning.com/blog/react2she…

for N4A I’m looking for a marketing partner, would be great to connect

testnet launch is coming. it’s time for decentralised bug bounties

24 3 26

🚀Dear builders and auditors, your Claude Code sub just became a 100x audit team. Up to 95 specialized AI security agents running in one orchestrated autonomous pipeline. Fully open-source. "Plamen" is live 🔥🐉

@d0rsky paid submissions will be a logical path to go and prevent ai slop. got some ideas for N4A too

Paid submissions? Let’s talk We need to be honest about what’s happening to bug bounty right now We live in AI era, where submission volume is growing fast, but signal is not A lot of reports getting lost, delayed, or stuck in review loops And this hurts everyone - especially professional whitehats with real findings Over the last months, we’ve been trying to fix this step by step Reputation points system was first you submit spam → you get penalty points → you lose ability to submit simple incentive on quality Then - MCP Which helps teams triage faster, identify duplicates, reduce review time. Many companies already using it. And now we are introducing a new option - submission fees. We’ve been hearing this request from many companies and honestly, it feels like a next logical step to make the game more fair for everyone. This is optional, not default, and not something every company will enable. Fees going to be small ($1-$5), so this is not about monetization too This is about adding a bit of friction, so people think twice before submitting something they are not confident in Because today, there is almost no downside to spam. With $20 subscription, any user can generate thousands of reports even without understanding of them. At the same time, we fully understand concerns, whitehats are our biggest asset and we still want new researchers to join the space, so we added: • free credits for new users (via coupons) • support for high-signal researchers Goal is very simple - improve signal without losing important reports I will keep you in a loop once any of HackenProof clients will enable it Lets fix bug bounty together

everything set for the @ValvesSec audit, redeployed another update for internal test session and if everything goes well testnet might be just around the corner

@coingecko need4audit.xyz

What project are you most bullish on now?

will try to post more content in the next coming weeks, focussed on need4audit development and progress.

this demo shows how SRs/Bounty Hunters are able to submit reports on the platform. slowly we're working towards a more stable release for testnet. next video will cover how judges can review these reports and initialize onchain payouts, keep an eye out for updates.

wanted to post another video covering submitting bounty reports on need4audit. spent almost 3 hours on a wrong config address resulting that the tx kept reverting. set during an old deployment and logged during new deployment so it looked the address just got deployed. 3 fucking hours -.- video is coming tomorrow

We have published a new security audit report for univoucher.com 🙌 Overall, it was a solid codebase. We managed to identified 1 High and 2 Medium severity issues, along with two more Low/Info findings. See the full report below 👇 github.com/Valves-Sec/rep…

@al_f4lc0n @immunefi another story thats just criminal. take care of your bounty hunters! Need4Audit fixes this with decentralized bug bounties and independent judging

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

@coingecko secure web3, decentralised bug bounties need4audit.xyz

Explain your project in under 5 words.

this weekend is focussed on preparing the Need4Audit smart contracts for @ValvesSec audit next week. 4 ai audits with pashovAI and nemesisAI + an internal review from @0xbube discovering multiple issues. security is important!

watch how easy it is to create bug bounty program on Need4Audit. we're working towards a stable testnet release and its coming in the next few weeks. i'll release more videos the next coming days sharing more info about the platform.

this might be small related to other problems, it’s still not how you treat your users

if you haven't seen this yet, a quick demo video how easy projects can create a bug bounty program on Need4Audit. decentralized bug bounties are coming!

this is not something i would normally do, but @LayerBankFi is letting me no other choice. don't put your money in this protocol. they are an absolute shame to the defi space. they call themselves permissionless on-chain bank but act as centralized assholes, they deprecate chains, don't communicate with users asking for help and mute when i speak up in their discord. i have been trying to connect with their development team and it took 29 days before they took action. on discord the issue is still not fully solved, they mute me when i point it out in the community chat. i have documented everything and will publish if they don't come up with a solution. i have been patience, and came up with a very reasonable solution for layerbank, still they choose to ignore me and sent stickers, what a joke. again, don't use this protocol and please share this story.

editors are cooked, this is recorded + added voice over in 20 minutes using with ffmpeg, edge-tts and claude