André

Secured 1st place in Sherlock's @aegis_im contest 🥇 A year into full-time Web3 security, and I've landed my first proper contest win. This comes after: - 10+ Top 5 finishes; - 100+ C/H/Ms; - Thousands of hours spent auditing; And I’m just getting started.

Absolute banger

@p_tsanev Changing the security game 🫡

🚀Dear builders and auditors, your Claude Code sub just became a 100x audit team. Up to 95 specialized AI security agents running in one orchestrated autonomous pipeline. Fully open-source. "Plamen" is live 🔥🐉

@p_tsanev Chad

Every AI auditor now does the same boring thing. So I went and fused the 4 security pillars into a singular pipeline: - Static analysis - RAG vulnerability search - Recursive depth analysis - Fuzzing and testing Fully autonomous 🤖 Fully open-source 🔓 Going live tomorrow 🚨

@Certora is the place to be if you want to work with the best people in the space, as well as the top protocols. We are still looking for talented SRs to join us, so feel free to reach out if you want to be at the forefront od web3 security.

Since Monday’s @Balancer v2 exploit, we’ve worked hand in hand with their team to develop the first root-cause analysis of the issue, identify all affected and potentially vulnerable pools, and determine whether v3 was susceptible to the same attack. Our analysis breaks down what happened, how v3’s redesign prevents it, and key takeaways for DeFi security. certora.com/blog/breaking-…

@0xGivn @code4rena @FlareNetworks @alex0ppg This is awesome, congrats bro 🫡

Got to 3rd place in the recent FAssets contest on @code4rena. I’m grateful for the opportunity to prove myself and stand beside elite researchers in a big and well written protocol like @FlareNetworks. Shoutout to @alex0ppg for judging - your efforts are seen and appreciated 🙏

@MartinMarchev @citrea_xyz @cantinaxyz @tqkve @AifosSi What a chad 🫡 congrats bro

First Rust contest. First L1 contest. First place. I am really happy about this one! Tough competition, deep codebase and a lot learned along the way. Big thanks to @citrea_xyz and @cantinaxyz for the opportunity 🔥 And huge shoutout to @tqkve and @AifosSi for the solid judging 🫡

👀 @ETHSofiaBG had a special vibe! Thank you @vdramaliev! And ofc, the panel discussion with @0xriptide, @iamandreiski, and @faizannehal1 😎

Grateful to be part of such an awesome event 🫡

Honored to be part of the @ETHSofiaBG speaker roster, and this panel.

If you want to make DeFi safe and assist the most interesting protocols with sophisticated technology and security services, this is your dream job.

Finished a Move on Sui audit with @certora It's fulfilling to review a project & weeks later an additional component of the same project It's like seeing a kid grow, following & supporting his journey Was also my 1st collab with @iamandreiski and this was literally us:

@tpiliposian @certora Thanks ser, glad that I am part of it 🫡

@iamandreiski @certora welcome to the team, ser 🫡

After almost two months of radio silence, proud to announce that I have recently joined @certora as a Security Researcher. Looking forward to the next chapter of securing web3, and working alongside with some of the brightest people in the industry. 🫡

@dobrevaleri @certora Thank you brother 🫡

@iamandreiski @certora Congrats bro! 👊

@0xMackenzieM @certora Haha thanks ser, it’s definitely the place to be if you are a top SR 🙏🏻

@iamandreiski @certora congrats. feels like half of top SRs are employed at Certora these days!

@0xnorah23 @certora Thanks ser 🫡

@iamandreiski @certora Welcome ser!🤝

@auditsbydanny @certora Thanks brother

@iamandreiski @certora Best of luck mate

@SagivMooly Thank you 🙏🏻, hope so as well and happy to be part of the team

Welcome on board. Hope to meet you soon.

Hot takes that I think shouldn’t be hot, and should be “the default” 1. The contest platform is ultimately responsible for the payout. It is the contest platform that promises payout, so if a platform doesn’t pay out, no matter the drama, it is the platform’s fault. 2. The auditors are the workers, and should be treated with the same respect as you would someone on your team. Changing goal posts in the middle of a review, allowing your team to be taken advantage of by allowing clients to dismiss submissions for any reason, or even giving the opportunity for a client to ruin the integrity of a contest (sharing results that could be leaked before contest ends, allowing the protocol to fix the bug and then close the issue because “oh it’s fixed now”) isn’t acceptable. Team > Client. With this, you end up giving the client better output because the team actually cares. Changing the rules of a competition that pays out money could even be considered illegal in some cases. 3. Exclusivity deals on bounty platforms are the antithesis of security. Imagine finding a live crit and not being able to report it because you have an exclusivity deal. 4. Despite all this, bug bounties and competitive audits are still the best way to get into the industry. Don’t let this be the excuse you give to platforms to treat you like dirt, but also keep in mind, many of them are trying their best. Unless they violate one of the statements I made above, in which case they may not be.