Anatomist

56 posts

Anatomist

@th3anatomist

Solana RCE | 1st place @ Immunefi Ethereum Attackathon | DM for Private Web3 Security Audits

Taipei, Taiwan Katılım Ekim 2024

42 Takip Edilen855 Takipçiler

Sabitlenmiş Tweet

Anatomist@th3anatomist·22 May

🥇 first place at the @Ethereum Attackathon! huge shoutout to @immunefi and everyone who made this comp legendary. we’ll be breaking down some of our most interesting findings next. Stay tuned👀

Immunefi@immunefi

The $1,500,000 USD @Ethereum Attackathon is finished, and the full results have been posted. $500,000 of the reward pool has been paid out! 🥇 @th3anatomist: $148,677 🥈 @robinrobin99020: $146,250 🥉 CertiK: $90,801 4️⃣ Franfran : $33,750 5️⃣ @blobismdev: $33,750 Check the link below for the full leaderboard and bug reports! 👇

English

102

11.8K

Anatomist@th3anatomist·18h

🚀 Big breakthroughs since our record AI finding We're opening up a limited number of free vulnerability scans DM us before spots run out! (TG: @th3anatomist in case it gets buried in the inbox 🫣)

Anatomist@th3anatomist

🚨 New record for AI vuln scanning 🚨 $400K bounty, found by our AI agent. Possibly the largest bounty credited to an AI agent. And this was just the prototype.

English

688

Anatomist@th3anatomist·16 Mar

(7/7) Security is hard, especially when subtle changes happen underneath the hood. Keeping up with all the nuances exacts a heavy toll on developers. This is where experienced security auditors come in. Leave the security to us, so you can focus on shipping the next feature.

English

123

Anatomist@th3anatomist·16 Mar

(6/7) The new clique-based analysis only targets non-atomicity involving hot potatoes and certain shared object usages. Other non-atomic patterns, like this call sequence (x.com/0x158_/status/…), are no longer disallowed. We reached out to Sui, confirmed the change is intentional, and flagged the outdated docs.

Killua | Move SR@0x158_

@th3anatomist correction , sequence= propose->validate->propose->execute->finalize.

English

204

Anatomist@th3anatomist·16 Mar

(1/7) Time to reveal the answer! The contract is actually secure. But only up until this recent Sui PR: github.com/MystenLabs/sui… Here's what changed and why it matters. 🧵

Anatomist@th3anatomist

Can you spot what's exploitable here? Comment below and explain the bug! Not an easy one Hint: Great security auditors must understand blockchain internals at a deep level Not just taking the docs at face value #FindTheBug #Sui #SmartContracts #Web3

English

2.4K

Anatomist@th3anatomist·10 Mar

@0x158_ Kinda This is actually where things get interesting We'll post the answer in a few days, stay tuned

English

Killua | Move SR@0x158_·9 Mar

@th3anatomist I guess second sequence is probably safer, as we don't hold a hot potato (until 'execute' is called), incase if there are any rules that prevent us from calling entry functions once a hot potato is acquired.

English

Anatomist@th3anatomist·8 Mar

English

Anatomist@th3anatomist·9 Mar

@0x158_ Yes! The second one works, the first one doesn't But can you explain why?

English

Killua | Move SR@0x158_·9 Mar

@th3anatomist correction , sequence= propose->validate->propose->execute->finalize.

English

299

Anatomist@th3anatomist·9 Mar

@rashmor_eth propose_strategy(1) will fail in this call sequence Try digging deeper!

English

rashmor@rashmor_eth·8 Mar

@th3anatomist but in reality those fuctions are still callable in ptb after validate, so attacker can drain treasury like this: propose_strategy(100) validate execute(receive 100) propose_strategy(1) finalize (return 1) profit 99

English

Anatomist@th3anatomist·27 Şub

@0xnirlin Hoped you enjoyed :) We'll post more findings about SUI's consensus very soon!

English

107

Nirlin - Security Auditor@0xnirlin·27 Şub

Super dense writeup, learned quite a few things about Sui consensus and DAG-based consensus in general. Thanks @th3anatomist anatomi.st/blog/2025_12_0…

English

849

Anatomist@th3anatomist·21 Şub

@hexific This is true when hunting for bounties. In audits, however, we go beyond finding vulns. We dig deep into the codebase to achieve full coverage. Clients gain a much deeper understanding of their own code, knowing under what assumptions it works and in which edge cases it may break

English

Hexific@hexific·21 Şub

@th3anatomist Awesome findings even with AI. The main focus is to find the vuln with whatever you use

English

1.2K

Anatomist@th3anatomist·20 Şub

🚨 New record for AI vuln scanning 🚨 $400K bounty, found by our AI agent. Possibly the largest bounty credited to an AI agent. And this was just the prototype.

English

423

50.8K

Anatomist@th3anatomist·21 Şub

@vince_lauro That's one major use of AI. But we discovered some edge cases where AI might perform better than humans

English

745

Vince Lauro@vince_lauro·21 Şub

@th3anatomist This is exactly the kind of use case people underestimate. AI agents excel at repetitive, pattern-based work — scanning for vulnerabilities is a perfect fit. The human still designs the strategy. The agent does the grunt work 24/7.

English

981

Anatomist@th3anatomist·21 Şub

@HusselZach75195 This sounds like an interesting work

English

840

the ViSaGe@HusselZach75195·21 Şub

@th3anatomist Enjoy it, I've sidestepped AI and instead used mathematics to devise a way of ingesting a contract and finding every possible bug in it with mathematic certainty. I just finished the protoype of the interface that will peed up feeding it, as doing it manually via CLi was too much

English

1.4K

Anatomist@th3anatomist·21 Şub

@sooyoon_eth Having deep, full understanding of the codebase is still an edge human auditors have. For us, we're using AI agents to cover different layers and dimensions of the security

English

1.3K

Soo Yoon | FailSafe Ecosystem@sooyoon_eth·21 Şub

@th3anatomist 00k bounty found by AI? honestly impressive. but also means human pentesters need to level up fast. AI finding vulns is one thing - understanding business context + explaining risk is still human work (for now)

English

1.8K

Anatomist@th3anatomist·21 Şub

@EvanKlein338226 It's a loss of availability vuln. From our testing, we'd say both are correct. It did find bugs that are very hard for humans to discover, and we're pushing the limits towards this direction

English

920

Evan Klein@EvanKlein338226·21 Şub

@th3anatomist This is wild. AI excels at pattern matching across massive codebases - exactly what access control auditing requires. What class of vuln was it? Curious if it's finding the logic bugs humans miss or just scaling existing techniques faster.

English

1.2K

Anatomist@th3anatomist·21 Şub

@OthelloOcho We gave it a specific codebase and verified the findings, the rest are fully automated

English

964

othelloOcho@OthelloOcho·21 Şub

@th3anatomist Curious about the workflow, was this the agent scanning autonomously and flagging the vuln, or did a human point it at a specific codebase? If it's fully autonomous scanning that changes the math on bug bounties pretty drastically

English

1.2K

Anatomist@th3anatomist·20 Şub

If you're shipping a protocol, DM, we'll get you secured.

English

4.5K

Keşfet

@0x158_ @rashmor_eth @0xnirlin @hexific @vince_lauro @HusselZach75195 @elonmusk @BarackObama