Raj Shah

If your MOM is still alive, retweet this.

Exactly! Sponsor thinks public contest are not necessary and they only believe in AI scanning or just 1 Private audits but audit with that same expense or less there are 1000+ Security Researcher's thinking come in play when they do contest audit.

Thank you @code4rena . End of an era and now what's next ?

@sherlockdefi Is there any upcoming public contest ? @sherlockdefi

Sherlock created an audit team assembly system based on deep performance data. Most security firms rely on fixed in-house teams or assign researchers based on availability. Over time, we kept seeing the same gaps: auditors placed on codebases that didn’t match their strengths, and blind spots no small static team can realistically cover. Every researcher in our network is scored on accuracy, severity classification, specialization, and false positive history. When a private audit starts, we assemble audit teams based on who is most likely to catch what matters in that specific codebase.

Last day of @revertfinance contest on @cantinasecurity platform, so wrapping my leads and going deep to find real bug Also thinking for edge cases and looking for integration issue & analysing docs deeply but code is really looking solid

One of the toughest months Web3 has faced. April 2026: • 30+ security incidents • ~$630m drained This chart shows the hacked projects, estimated losses, and the cause behind each incident.

Today i am starting audit of @MonetrixFinance on @code4rena platform - Reading docs deeply and understanding its full flow that how its work - Also analysing areas to focus and known issue related bugs which is previously found by other SR

Most security firms are quietly moving away from audit competitions. This is one of the biggest mistakes happening in crypto security right now. There is a simple way to think about audit value: what does it cost to find a critical vulnerability? We looked at the actual data on what it costs to find critical bugs in crypto, and the numbers are not surprising. Finding a critical vulnerability in an audit competition costs $6,548 on average. The exact same severity bug through a bug bounty program costs $114,000. That is 17x more expensive for the same result. Now look at the traditional audit model. Some top firms charge $100 per line of code. Others charge as high as $25,000 per auditor per week. A single engagement can easily run $200k to $500k+, and you are getting maybe 2 to 4 people looking at your code. But cost per critical is not even the most interesting part. The interesting part is the structure of who is looking at your code. When you hire a firm, you get 2 to 4 auditors. Maybe they are great. Maybe one of them is having a bad week. You are making a concentrated bet on a small number of people. An audit competition attracts hundreds of security researchers. These are some of the best hackers, people who have found real vulnerabilities in major protocols. These hundreds of researchers are now armed with AI tools. They understand codebases faster. They write PoCs faster. They find bugs that would have taken DAYS in just hours. Think about what that means. You are not just getting hundreds of humans. You are getting hundreds of AI-augmented humans, each running their own workflow, each with their own intuition about where bugs hide. The scaling dynamics are extraordinary. The firms moving away from competitions are optimizing for predictable revenue, not for their clients’ best outcomes. That is understandable from a business perspective. But if you are a project choosing where to spend your security budget, you should optimize for bugs found per dollar spent. Audit competitions now also have scaling pots. The prize pool grows with the scope of the codebase. This aligns incentives in a way that fixed-fee engagements never can. But what about AI spam, low-quality submissions, and the time it takes to triage all of those submissions? Immunefi is addressing these with mechanisms like pay-to-submit, managed triage, and AI triaging agents, which are already showing very strong promise. The best security strategy is not either or. But if you have a limited budget and you want the most eyes, the most diverse skill sets, and the best cost per finding ratio, audit competitions are still the obvious choice.

Been digging into the XRPL contest on @sherlockdefi , and almost every bug or lead I find turns out to already be a known issue 😅 Still a great learning experience which helps refine my approach and think deeper.

@hugoderby230593 @KannAudits Sure, fisrtly let's connect on social media platform

@rj_eth26 @KannAudits Congrats king, are you open let's work on a bounty together

Completed Solidity2 smart contract audit codebase Submitted 8 findings: 5 High, 1 Medium, 1 Design-choice, 1 Informational. A solid result from a private audit engagement during my internship. Looking forward to deeper audits ahead. @KannAudits thank for an opportunity

@sherlockdefi Hi team, are there any upcoming Solidity audit contests scheduled? I would love to participate. Thanks!

Sherlock has completed a collaborative audit for AeroBoost. 🤝 AeroBoost automates voting on Aerodrome & Velodrome without locking rewards, and they’ve now opened public release for the first 100 locks. Check them out here: aeroboost.eth.limo Happy Boosting!

|￣￣￣￣￣￣￣￣￣￣￣￣| Ai will NOT protect your smart contracts |＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

Polkadot(@Polkadot) has been exploited. 🚨 The attacker minted 1B $DOT and dumped it all in a single transaction for 108.2 $ETH($237K). etherscan.io/tx/0x240aeb9a8…

Today i am still auditing @Superfluid_HQ protocol on @sherlockdefi But still i didn't got any H/M bug, scope taken is too small and still trying to find some hint form code audit

Today i am continueing audit of @Superfluid_HQ protocol on @sherlockdefi Now i am entered in code audit, so now my focus is to find some hints which can be converted into real bug.

Today i am sarting new contest @Superfluid_HQ on @sherlockdefi platform So now i am firstly analysing its doc to understand whole design and full flow Once its done i will be enter in real code auditing and try to finding some leads.

Week-2 day 1 in @KannAudits internship - Starting audit of new protocol - Understanding design deeply

Today's update: - Continuing manual review of @revertfinance on @cantinaxyz platform. - I got some hints but lastly it converted into nothing or low at best and focusing more preciously @0xSimao

Continuing my audit of @RevertFinance on @CantinaXYZ today. Diving into the codebase and analyzing the full execution flow step by step, understanding how each function interacts, and tracking state changes across the system @0xSimao