Velev | 🏖️ 💻

302 posts

Velev | 🏖️ 💻 banner
Velev | 🏖️ 💻

Velev | 🏖️ 💻

@velevvv

⚒️ Smart Contract Security Researcher | 💻 Full-Stack Developer |🕵️‍♀️ Private Audits | 🤖 AI Audits & Engagements | 🏆 Public Contests

Katılım Nisan 2025
272 Takip Edilen149 Takipçiler
Sabitlenmiş Tweet
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
Another 🏆 - Top 10 out of 1009 auditors. There were days I didn’t feel like doing this at all. Still showed up. That’s the difference. Go get your W. Thanks @sherlockdefi 🫡
Velev | 🏖️ 💻 tweet media
English
15
1
119
1.9K
Tha Real Angel👼
Tha Real Angel👼@devil_in_guise·
@velevvv Lool. What I want to know is if it also affects bug bounty. If one finds a valid, then pay the $250 for submission and is rewarded would it be locked too?
English
1
0
1
29
Velev | 🏖️ 💻
Sherlock won't reward you for your work! I've spoken with a guy at Sherlock about their rules. More specifically, the ratio rule that locks your money until you fix your rate. Let me explain... 🙃 If you still don't know, Sherlock has crafted a ratio in your profile that tracks how many of your findings are valid and invalid, by which it calculates your "accuracy rate." The reason for creating it was the large amount of low-effort submissions and spam with shitty findings. It's obvious that if you don't have something to lose, you spam tons of shitty findings. But if you get your rewards locked due to a screwed rate because of being lazy or crappy, you would work your ass off next time. In my case, what screwed my rate was the learning part of my journey. When I started back in 2025, I really didn't have a clue how the platforms worked, how the issues were being judged, and let's be honest, I was dumb as hell at auditing. But how you got your ratio screwed doesn't matter that much. Yes, it still matters because if you can't fix it, you might need to go back and learn again, but in general, my point is different here. My point, and basically the discussion with the guy at Sherlock, was whether this rule still applies and works fairly for SRs. Imagine that your rate is screwed (my case, and surely the case for a lot of SRs). You have a few rewards, but because of the rule they are locked, and now you should fix your rate. According to the current market (and in my opinion, the future one as well), where there are barely any contests - like one every few months from a specific platform - fixing your rate can take a really long time. Let's suppose there are 10 contests in a year (IMO this would decrease in the future, not the opposite), and let's imagine that you submit 3 findings, 2 of which are valid and 1 is invalid. These are actually pretty good results, to be honest. I've seen top SRs miss these targets, which is totally fine. So with simple math, you understand that you need to grind for around a year in order to unlock what you've already worked for and won, and eventually any newer rewards. Well, let's be honest, with AI, competitors that try so hard to invalidate your issues for their own bigger rewards, and judges, this can be extended indefinitely. So you grinded, you won, but you're not going to receive your money (kind of okay depending on the rule). But the frustrating part is that there are no options to get what you've worked for and leave. You are attached to it, forced to keep participating, or you lose your money. This whole post is not about feeling sorry for me. It's not about spitting on Sherlock's name. It's not about "crying" for money or making excuses for me being dumb when I started. It's about fairness for the SRs in the space. It's about getting what you've won, earning what you've worked for, and getting paid for the value you provided. So what is a potential fix for this situation - even though I know that @sherlockdefi might not implement it? Limit the submission count of SRs based on their ratio instead of locking their money. Similar to CodeArena, where if you submit too many sh*tty findings, your available submission count decreases. What are the results? The spam is still reduced and controlled, SRs are rewarded fairly, and they have the option to participate or not participate. What are your thoughts on that? Are you in such a situation, or do you know someone who is? What is your solution? Should it be changed to be fairer for SRs? A repost would help me reach more opinions! 🙏
English
5
3
21
1.8K
Velev | 🏖️ 💻
There is no problem with the rule itself. The problem is that it no longer fits the current contest market. Take into account that CodeArena has closed. You can imagine that contests won't get better or remain the preferred way of conducting security. That being said, your money is effectively locked indefinitely because you don't know when the next contest will happen. Moreover, you're "forced" to participate in order to receive what you've already won. At a time when a few contests were starting every single week, the rule made sense. Now, when contests barely start every few months, it's no longer a practical solution.
English
0
0
5
128
playboi.eth
playboi.eth@adeolRxxxx·
@velevvv But this rule was made open before you joined so what’s the problem
English
1
0
1
240
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
I shipped 4 triages and 1 PoC write-up last month, and I really enjoyed the work.🔥 I believe this IS future. The more we rely on AI, the more we'll need people who can understand, validate, and judge the issues it produces. AI is good then - and only then -when you confirm that it is good.
English
0
0
3
73
SBSecurity
SBSecurity@SBSecurity_·
SBSecurity website has a new look - Totally new design - Processes, previous work, and testimonials - Blog posts and technical articles coming soon (and an SB AI bug bounty disclosure once we're cleared to publish 👀) sbsecurity.net
English
2
2
19
1.8K
forefy
forefy@forefy·
We've created an obsidian brain for smart contract audits and the results are shocking 🫣🫣 No AI fluff - only all the crits from @SoloditOfficial and @RektHQ scraped to markdown files, and extrapolated to: - protocols from bounty platforms, rekt, selected public audit portfolio reports - complex ai-based tagging system dividing bugs into sectors - methodologies and checks that would've prevented each bug - language specifics, protocol specifics, l2 specifics and more - who reported the bug - who missed the bug AND MUCH MORE! A common use case: > We start an audit on a zk-heavy protocol > Load the obsidian vault locally > tag:#sector/zk AND path:classifications/bug/check this extracts all zk-tagged CHECKS, meaning all the checks corresponding to critical issues in the vault, that are to be checked against zk sector auditing staking pools? prediction markets? multisig? gaming protocols? etc. same for auditing rust? anchor? stylus? cairo? yul?! Best part - it lets your AI agent save enormous amount of tokens by using obsidian's wikilinks feature to simply get highly relevant data. I personally use this at the start of every new audit and improve it gradually. Would you use something like this? should I make it open source? Retweet this post and spread the word to let me know‼️
English
18
20
161
24.1K
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
I'm happy to share that I placed 7th on Reserve Governor contest (as well as 40 other people 🤣). A friend of mine told me, "I hope money doesn't change you." 🤣 Contests these days can be funny lmao.
Velev | 🏖️ 💻 tweet media
English
2
0
18
655
Pyro
Pyro@0x3b33·
@velevvv hmmm, you must have clicked on the wrong link, try again
English
1
0
1
203
Pyro
Pyro@0x3b33·
Claude Code Fable 5 is insane I know NOTHING about coding. ZERO. and it just built 3 fully functioning web apps in 30 minutes http://localhost:3000/ http://localhost:3001/ http://localhost:3002/ check them out!
English
15
3
90
4.1K
Blckhv
Blckhv@blckhv·
@velevvv Have you benchmarked yours against the others?
English
1
0
0
103
Blckhv
Blckhv@blckhv·
Devs and auditors: Which AI tools are you using in your smart contract security workflow? Shill me the ones that actually work 🤝
English
10
1
38
3.4K
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
I was invited as Triage at @PashovAuditGrp. It was really nice. My teammate was awesome. Thanks for the opportunity, more to come.🫡
English
2
0
43
1.9K
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
The end of Code4rena. This was the place where a lot of normal people become one of the stronges SR in the space. Sad times. 🫥
Velev | 🏖️ 💻 tweet media
English
0
0
21
486
Whitehat Bandit
Whitehat Bandit@banditx0x·
Trying my AI vulnerability researcher 🤖 in the wild. 0 LOC read by a human.
Whitehat Bandit tweet media
English
8
1
172
11.4K
Velev | 🏖️ 💻
Velev | 🏖️ 💻@velevvv·
I think I fell in love with creating AI and Security. The ways you learn about AI and then apply your ideas to improve security are truly addictive. The funny thing is that sometimes AI throws such nonsense that makes me laugh with tears. #Security #AI #Building #Audits
English
1
0
5
257
Guild Academy
Guild Academy@GuildAcademy_·
GM everyone 👋 We’re excited to announce that we’ll be having a Guild Academy community call tomorrow (the 13th of May) by 4PM (GMT+1). During the call, we’ll be discussing upcoming cohorts, new updates within the academy, community growth, opportunities ahead, and the next steps for members looking to grow and stay active within the ecosystem. Guild Academy continues to focus on learning, collaboration, and creating opportunities for members to level up, and this call will give everyone a clearer view of what’s coming next. Make sure to join in, we look forward to having everyone there 🚀 Check the announcements channel on our discord community to join.
English
7
7
36
2K