RNemes - Auditifu.com

I've been working on a new learning platform for auditing @auditifu. Rather than just reading audit reports, we take them and create structured courses with lessons for each finding. Check out the introduction here: link.medium.com/KS5M3sJG6Ob auditifu.com

@HackenProof Eternal loop if you hit isBroken

Spot the Bug 🧠 Token Continuation Skipping What’s the issue in this code?👇

I just received 50 Hunt Points on @immunefi! #immunefitribe immunefi.com/s/hh?ht=666228…

@RealJohnnyTime $25

I’ve been experimenting this month - trying to cover all my daily expenses purely with crypto. I’ve already earned around $961 in cashback, which is way beyond what any traditional card would give me. You get 3% cashback from day one, can borrow against your ETH, earn ~10% yield on stables. If you want to try it - comment “$25” below, and I’ll DM you a special link to get $25 for free to start spending.

@NathieVR Another way to make them work harder

Amazon just unveiled their own smart glasses that are being tested by their delivery drivers. These wearables have built-in navigation and can scan packages.

Been a bit slack recently, but 1 more lesson to complete to get to 200. Promise myself to do @auditifu lessons everyday from now on

Been working on an MCP server for @auditifu for the last 2 days. Learning a load about MCP, they are a lot more powerful than I realised

@QuillAudits_AI @AptosLabs @AptosInsights @movementlabsxyz @SuiNetwork Do you have a link to an example of this from an audit?

1. Lack of generic type checks Move lets you pass generic types to public functions — but if you don’t check them, attackers can break logic. Example: in cancel_order, if you don’t check that T matches the stored type, users can withdraw coins they never deposited. Fix: assert type_of() == expected_type_info

Writing in Move doesn’t make you immune to bugs. After 100s of audits, we’ve seen certain mistakes appear again & again in move contracts. Here are the top 5 bugs we keep reporting & how you can avoid them. 🧵👇

@0xFlint_ @jack__sanford That doesn't work on the hats platform, i think it needs to be a little higher

@jack__sanford I vote $0.1 Creating friction is sufficient to stop 99% of AI slop since it's only submitted due to it being free.

The time has come for this conversation. What should be the fee to submit a finding in an audit contest?

Top tip for a quick test coverage check. Just stick an assert(false) in the path you want to check and run the test suite. If there are no failures, the path is not covered

@CodeHawks @Eman_Herawy @AptosLabs I enjoyed this, was my first First flight and 3 weeks after looking at Move for the first time. Got 1 H, 1 M and my medium got selected

First Flight #46: Secret Vault on Aptos🤝 is now closed! Thanks again to @Eman_Herawy for the submission and @AptosLabs for their commitment to web3 security! Top 5: 🥇imod7 - 480 XP 🥇0xrektified - 480 XP 🥈r4y4n3 - 448 XP 🥉seenu1947 - 444 XP 🏅manuel0254 - 404 XP (1/2)

Took a day off auditing to play around with Langchain, been locked in all day

@0266GrimSec No I went down it whilst looking at the kuru audit. It was interesting, never came across using rpc with msg.sender == address(0) for debuging live code before

Just been down a rabbit hole of why people might use msg.sender == address(0)

@owanemi_ Thankyou

@rnemes4 Happy birthday bro!

Today is my birthday got up -> Full English breakfast -> finished off the Cyfrin First Flight Move secret vault -> Hunting on Immunefi -> Sherlock Neutrl Protocol -> Swim and Sauna -> now off out for Mexican and Margaritas

I have been coding for many years and I can say that every project I worked on had bugs, no matter how many we fixed. So just choose a project, go deep and find the bugs

@0xMackenzieM @0xriptide @riproprip @usmannk I'll go in with any of those three 😋

Anyone interested bughunter reward sharing? ie. 3 SRs team agree that if any get a bounty they'll give 20% to the other 2 I want to encourage top bughunters to feel it's worth it to collaborate together @0xriptide @riproprip @usmannk wdyt?

@0xriptide Definitely one of my favs

breakfast of champions

@0xGreed_ @SuiNetwork I've been doing the same, look forward to your insights and hopefully I can provide some too

Been doing a lot of Move on Sui lately and love the way it works It feels like you are granted new powers once you get a hand on its features Will share core concepts and differences with EVM soon so if you are also bullish on @SuiNetwork stay tuned

That nearly killed me, I was hurting for a week. I can do a 10s handstand now tho

First Calisthenics class today, now I feel ready to hunt some bugs