naman

2.7K posts

naman banner
naman

naman

@namx05

Security Researcher | Smart Contract Auditor: Solidity, Rust 🦀 | Portfolio 👇

Katılım Nisan 2016
402 Takip Edilen1.1K Takipçiler
Shieldify Security
Shieldify Security@ShieldifySec·
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄| Need More Auditors |__________| \ (•◡•) / \ / —— | | |_ |_
English
20
8
130
6.9K
chrisdior
chrisdior@chrisdior777·
Web3 Security Contests 2024 vs 2026
chrisdior tweet media
English
9
10
117
8.6K
Aditi
Aditi@OnchainAditi·
what’s expensive but a 100% worth it?
English
43
1
55
9.9K
naman
naman@namx05·
This is indeed true. In fact, I’ve seen firms judging performance based on the number of AI tokens utilised. However, it’s not possible to force auditors to use AI; it would decrease performance and increase reliance on AI.
WhiteHatMage@WhiteHatMage

None of the people I admire and respect are impressed by the performance of LLMs in security. Codebases are full of bugs and latent vulnerabilities. There are simply no incentives to look for those issues or report them most of the time. All projects, including OSS, are "unsafe" in some way. Fortunately, we have built a lot of safeguards, sandboxes, upgrade mechanisms, and tooling to minimize the damage in traditional software. It's not impressive to find such vulnerabilities. The only difference is that any script kiddie can find them now without even knowing how to code. The case with Web3 is even more hilarious. The risks are higher, and there are fewer actual experts than in traditional software, though. Projects spend so much money on frozen-code audits, and yet so many criticals still slip through. This only speaks to the low level of Web3 security. It's a young industry with a lot of innovation. But it's just not that good for the problems crypto tries to solve or its inherited risks. This includes devs, auditors, tooling, infra, and languages. On the other hand, I'm glad that some automated tools are starting to gain traction via LLMs. There hasn't been any incentive to build such things until now. This can help both devs and security folks more reliably grasp ideas they hadn't thought of or examine areas they hadn't paid attention to. It may be helpful for scanning lots of codebases to find LLM low-hanging fruit. I see many wise hunters making money with this strategy. I'd just be wary of anyone who is truly impressed by the outcomes of an LLM, its novel ideas or how good it is in security. I find them cute.

English
0
0
4
215
naman
naman@namx05·
@pashov Duplicate marked issues don't always means that it's a valid. It can be a duplicate of an invalid issue. Hard to know 🫠
English
1
0
2
132
pashov
pashov@pashov·
Some guy ran pashov skills on bug bounty programs on HackenProof and reported 3 valid vulnerabilities, although duplicates. Was about time to get something that delivers, is free and easy to use for devs and security researchers🫡
Harvesto | McDonald arc 🍔🍟@Harvesto12

Update on the valids I got from @pashov's AI solidity-auditor and submitted: ALL 3 of them were duplicates. That means the 3 bugs were real, just that other researchers got there first. I'm going to go with the approach of looking for protocol specific logic flaws instead of generic patterns. Exciting times!

English
9
1
52
6.3K
naman
naman@namx05·
Swappable report skeletons for different platforms (Cantina, Your personal template, etc.) Supports Solidity + Rust/Solana. Contributions welcome 🛡️ github.com/namx05/vuln-re…
English
0
0
2
67
naman
naman@namx05·
Just open-sourced a Claude skill for writing smart contract vulnerability reports. It handles the formatting so you can focus on finding bugs, titles, severity matrix, PoCs, diff-block recommendations, all consistent every time.
English
1
0
5
178
naman retweetledi
CredShields
CredShields@CredShields·
Manual Audit Completed ✅ @Ardentisio’s smart contracts have undergone a detailed manual audit by CredShields, reinforcing their security and reliability while strengthening their blockchain ecosystem. Read the full audit report here: github.com/Credshields/au…
CredShields tweet media
English
15
46
59
1.6K
naman retweetledi
CredShields
CredShields@CredShields·
Audit Status: Complete! ✅ The manual security audit for @mercurifinance has been successfully completed. CredShields ensures precision, robust protection, and a secure foundation for their blockchain ecosystem. Read the full audit report here: github.com/Credshields/au…
CredShields tweet media
English
16
35
49
2.2K
naman retweetledi
CredShields
CredShields@CredShields·
Security Check: Complete! ✅ CredShields has successfully completed a manual security audit for @BlockWillio, strengthening the security and reliability of their smart contracts. Read the full audit report here: github.com/Credshields/au…
CredShields tweet media
English
20
30
41
2.3K
naman retweetledi
0xrudra
0xrudra@0xrudrapratap·
I vibecoded a Solidity diagram extension similar to a Miro board but with additional features. You can import any function or data type with a single click. It was tedious to screenshot every function or data type detail into Miro before. It's interactive, allowing you to create notes, labels, and build graphs for inner functions too. It's not even close to perfect, but it works for now. I'll improve it when I can. github.com/0xrudra99/Soli…
0xrudra tweet media
English
7
8
106
5.5K
naman retweetledi
CredShields
CredShields@CredShields·
$3.6B in losses, 134+ incidents that shook 2025. From mega breaches to systemic control failures, 83% was driven by access control and infrastructure failures, not smart contract bugs. CredShields has worked on a State of Web3 Security Report for 2025. This report documents the end of the audit-only era, what must change next and what's needed in 2026. Download the full report → #state-of-web3-security-2025" target="_blank" rel="nofollow noopener">credshields.com/resources#stat
CredShields tweet media
English
26
39
68
9.1K
Saksham
Saksham@SakshamGuruji·
Super stoked to announce that I have joined @Certora as an SR! This past year has been absolutely crazy with lots of ups and downs and I had to lock in hard and quit CT for most the year Will forever be grateful to @zokyo_io for believing in me so early in my auditing journey and being super supportive whenever I wanted to participate in audit contests, built so many solid friendships and relations with some of the top clients in the space. For the past ~7 months I have been constantly working with @bailsecurity and its safe to say the environment and energy at bail was something else. @0xCharlesWang is definitely one of the most genuine, hardworking and talented auditor/sensei in the space and the core reason that helped me level-up like crazy these past months. Plus being constantly booked at bail is an achievement in its own😂 Working at Certora had been a dream of mine for years and now that I have been onboarded it feels surreal! Special thanks to @tpiliposian and super excited for the journey ahead🫡
English
13
3
45
1.8K
Vitto Rivabella
Vitto Rivabella@VittoStack·
Creating a PRIVATE Telegram group for people to learn about AI and vibe coding. We’ll talk about what we’re building, revenue, favorite AI tools, plugins, Claude Code, new releases, marketing, content, X, etc. Comment ‘AI’ if you want to join. I'll DM you the link.
English
5.5K
193
4.4K
391.5K
naman
naman@namx05·
Nice way to close out the year! 
 Nothing beats this kind of message, which motivates you to keep pushing. Grateful for the trust and excited for what’s next. 👀🔥
naman tweet media
English
1
1
7
354
naman retweetledi
CredShields
CredShields@CredShields·
Security Check: Complete! ✅ CredShields has successfully completed a manual security audit for @CryptoriaHQ, strengthening the security and reliability of their smart contracts. Explore the full audit report here: github.com/Credshields/au…
CredShields tweet media
English
0
2
7
237

Keşfet

@ShieldifySec @chrisdior777 @OnchainAditi @pashov @Ardentisio @mercurifinance @BlockWillio @HeyElsaAI