Catowice

We just published a new article about an edge case that allowed to drain 100k+ from different morpho vaults as a result of the resolve hack. There are still countless morpho vaults vulnerable to the same exploit/architectural weakness. scauditstudio.com/blog/Resolv-Ex… As soon as the next "stablecoin" goes bust, the same thing will happen all over again

Hot take: the main reason why contests are dead is because they became free. - There is less incentive to convince a customer to host a contest when you are not going to make money out of it, especially when there are more lucrative alternatives you can sell. - There is less incentive to allocate resources to improve a product you don't earn money from. - In addition to contests becoming free, the % going to judges has been decreasing over time, and meanwhile LLM spam has only gone up which only increases judging cost: this contest only had a disproportionate 4K judging pot, while the contest pot was 500K - and this is a complex codebase with 164K lines of code; If perhaps 30K was allocated to 2 or 3 senior judges + a cheaper presorter (remember C4 lookouts?) which could spend more time on judging maybe the story would be different.

@cvetanovv0 Hi mom I'm on TV🥲

Three years ago, I received my first reward from Web3 Security, marking the beginning of an incredible journey.

@krikoeth Smh not even 25 hours

Did 20 hours of work on my first day lol

@pkqs90 What were you doing when I was carrying Peapods and doing Eigenlayer at the same time sir

Fun facts: - Teamed up with @thekmj_ earlier this year and together we achieved our worst contest result ever: last place with a solid 0 findings 💀

Stats for 2025: - Completed 20+ audits with @sherlockdefi / @blackthornxyz - Won 2/4 contests I competed in - Grabbed 3 H/M bounties

@0xCharlesWang Depends on whether the "state transition in between" uses (directly/indirectly read/writes)/depends on the "global state value". This is the heuristic for thinking about re-entrancy. Fun question, where is this from?

„What happens if global state value is increased and then decreased again but a user was able to execute a state transition in between?“

We're excited to initiate @Zippel_Labs audits, a cryptography security led by I. ZKP's security is extremely important to build secure pillars of Privacy. *Currently most zkVMs are not fully audited, & for them offering subsidized audits.

@sherlockdefi @summit_defi Why wasn't it there last year I want one of these🥲

Auditors, stop by our booth @summit_defi for a special gift 👀

@chrisdior777 There are duplicate valid (found by multiple people). 84 submissions are valid and rewarded, but there are 4 distinct issues in total. The 735 is the number of non-reward submissions. 90% is still pretty high though.

@thekmj_ lol Out of 819 total, 735 were invalid - that’s already ~90%. Sherlock only counts Medium or higher as valid and there were just 4 of those. 4 valid out of 819 means 815 invalid. That’s 99.5% invalid.

@oot2k1 Let's open a polymarket market on how many more prediction markets you're getting this year

I just realized I have audited 5 prediction markets in total. 3x Gnosis conditional token framework and 2 based on own logic / just order book. 3 of these audits where in the last months. Prob. nothing 👀

@philbugcatcher Why are you training an AI for free

If you ever complain that judging takes long, it is because judges have to waste time with clowns like this: Researcher: there should be price bounds to the oracle price Me: the oracle is the source of truth, not an arbitrary price bound Researcher: *AI slop saying Aave uses price bounds* Me: share link to AaveOracle (v3), showing there are no price bounds Researcher: *AI slop saying they dropped it on v3 but had it before* Me: share link to Aave oracles from v1 and v2, no price bounds in sight

@banditx0x Honestly just qualifying for the IMO from a half-decent country means you're likely good enough to do a PhD in the future

IMO gold medalists are cracked

@philbugcatcher Joke's on you for using metamask

Does anyone know why metamask does this?

@ihtishamSudo @immunefi :catthink:

another one :catthink: @immunefi immunefi.com/s/ss/?severity…

@crypticdefense @cantinaxyz Well done fren!

Alhamdulillah ☝🏼 Thank you for the opportunity @cantinaxyz

@KhanAbbas201 @ethereum This is huge. Congratulations!

JOINING EF TO SUPPORT FOUNDERS 🚀 I’ve joined the @Ethereum Foundation to help launch a new initiative called Founder Success because I’m passionate about Ethereum and the possibilities it unlocks for founders. Ethereum isn’t just technology. It’s the foundation for the next generation of products, communities, and organizations. I believe it’s the best place in the world to build, and founders are at the heart of making that future real. With Founder Success, our mission is to make sure builders have the connections, guidance, and resources they need, whether that’s fundraising, GTM, mentorship, or launching new products. Ethereum grows when we build together. 🌱

@thepantherplus @lmanualm Cat city cat city cat city

@lmanualm @thekmj_

VigilSeek alert bot now in Discord! DM me if you want to add it to your Discord server

@0xnevi I run a community, does that mean I'm your least favorite SR

My favourite security researchers are the ones that are the quietest on here, either they are drowning in work being too good or they are working so hard to prove themselves. If you think thats you it probably is 😊