TheNaubit

@14si20 This is an amazing post, we have talked together about this topic several times and I always keep in my mind that this is not a race but a marathon and your main competitor is yourself; thanks for reminding us this again!

@14si20 To be honest, that sounds like a really smart choose. Plus you will really enjoy Rust, I have worked on and off in projects using Rust and it is amazing to use. Btw, this was a really fun way to start learning it: app.codecrafters.io/tracks/rust

I decided to distill some of my random thoughts into articles, first one on my plans for 2024! mirror.xyz/0xDa99Dee8420b…

@cantinaxyz @superformxyz Hi @CantinaBouncer , could we join the party?

Oh... is that another competition? Welcome @superformxyz to the Cantina 🪐 📍 @cantinaxyz 💰 Pot Size: $140,000 🗓️ November 27th - December 11th (We've been swamped with invite code requests, so here's another opportunity below 👇)

@14si20 A bit busy past weeks working with a team in some internal (long) audit but now back to the arena. Now I am picking which contest to join 👀

@thenaubit Hey mate, how's it going? Been a while since I saw you post.

Weekly Update is Back! 1. Time worked Slowly ramping up again, I should be able to do 15-20 hours next week if everything works out fine. There's another project that takes about 40% of my time, I'll post about it later this week. 2. Physical Exercise I got a personal trainer, so 2x2h weightlifting under supervision with some running/cycling added. And 2x 2h sauna. 3. Earnings Well the $1.4k from chainlink was very welcome 😆 4. Contests So following my research on niches & market segmentation, I've decided to solely focus on lending protocols. Which means that I'm currently doing the Morpho Blue contest with @cantinaxyz. I have no financial goals this time, I just want to learn as much and as deeply as possible. Hopefully they have community judging or a public finding repo so I can study all the submissions, but so far I couldn't find any information concerning that. I'm halfway beating Wojak!!!👊

I have been away for several weeks not doing contests nor tweeting, I was working with a company in some audit of a really cool project merging somehow AI and crypto, gonna be cool once released! Now back to audits and contests! 🫡

I have been these days super busy with the private audit I was finishing, reviewing the updates for thenfoxes the project implemented. Now everything is done, right in the perfect time to start with the zksync audit! (Although I have a finding for @immunefi that I want to finish the POC asap)

@0xMackenzieM I will, thanks!

@thenaubit Hopefully it's just a temporary pausing. Most of the time it's at their own request to make some change ... though sometimes darker reasons are afoot Skim the channel where we post these updates to see if said anything about he project discord.com/channels/78709… otherwise DM me

I was going to submit a finding to a project in Immunefi and I just found it was removed 🥲

@14si20 It was a determining moment. Maybe it is mot a crazy amount or an amazingly complex finding but it was the moment I said: “oh s***, I really want to keep doing this!” Probably you thought that too! 😂

First time I get named for a high finding in a C4 report, together with my buddy @thenaubit (Team_FliBit). It's a slow grind, but at least it's going upwards! 😁

@trachevgeorgi I love the short and concise playlists the channel has, I have used it a lot of times to introduce me quickly to new concepts 🫡

The Smart Contract Programmer YouTube channel is undeniably one of the most beneficial resources for both smart contract developers and security researchers. Make sure to check it out👇 @smartcontractprogrammer" target="_blank" rel="nofollow noopener">youtube.com/@smartcontract…

@tpiliposian For sure! Luckily I got two projects with a similar issue. One of them is out but the other is up so… not bad!

@thenaubit That is unfortunate. Keep hunting, there are plenty more bugs out there! 🙂

@optimizoor Be ware, that is the first question into a rabbit hole in the React community!

What is a useEffect?

@cmichelio The problem is when they interact with external contracts, isn’t it? 😂

bugfree contracts have been achieved internally

@realgmhacker It is a rollercoaster of emotions! 😂

@thenaubit That's true. So often one thinks the vuln really exists, then runs a POC and finds out there was some small code thing prevent the exploit from happening.

Nothing increases your chances of getting a payout more than a good working PoC. Particularly in the bug bounty world, be sure to: - prove the maximum possible impact - challenge all your underlying assumptions and be objective about them - detail attack feasibility

@sstrenev @ljmanini @immunefi I always feel like this 😂

pov : you submitted a bug to @immunefi and are waiting on the project to respond to the escalation

@zzykxx Lots of times is complicated to keep posting and at the same time to be productive in other things. But hey, if it is because you are looking for a critical, it is completely worth it! 🫡

multiple people are asking me why I stopped posting stuff: I'm busy failing at finding a critical in production

Exactly! In a contest is better to focus just in the one you started. You could think: “hey, if I do two contests I can earn more” but it is not real: If you focus in only one you have higher chances to find a unique, which pays way more than you finding issues like “use safeTransfer instead of transfer”!

2 things not to do while doing audit contests: 1. Switching contests in between, i have failed victim to it many times. Do audit contest start to finish and than think about some thing else. 2. Don't try to do do each and every contest, trying to go fast. In auditing slow is fast, more time you will spend deep diving, probability of high payouts will increase proportionally too. Going too fast will make you miss the interesting bugs 🐛

@SakshamGuruji That channel is a hidden gem, I always learn a lot with them 🫡

The yacademy's zk videos on Youtube barely cross 1k views some with > 100 views and videos telling how to be a millionaire quickly through web3 security crosses 1M easily . Most of the crowd quit at the first step itself ,only the consistent ones succeed🤝 #Web3 #Audit