Keyword 💙🛠️

--- Real Talk --- "If I want to be a Web3 Security Researcher, where should I start?" I get this question pretty often from people who want to go full-time into Web3 security. I feel humbled by the question every time because I'm not like some of the people out here who make 50K/month from this job or who make 500K+ in Bug Bounty programs ... yet 😁 I have no idea why some of you guys ask me this question, but I figured that I can write a post and put together a "roadmap" on "how to become a Web3 SR" starting from zero today. Some of you already know this, others don't, but I'm a BIG fan of @PatrickAlphaC and all of his courses. For me, @CyfrinUpdraft is THE PLACE to start learning. There are other resources out there, like @TheSecureum, Solidity by example solidity-by-example.org, but I like watching videos. I retain information a lot faster than reading, so for me, Updraft is perfect. You can sign up on Updraft and start learning today. ALL of their courses are FREE. It's crazy. **Disclaimer** I am not paid, not affiliated, and have NO sponsorship from Updraft (or any other company that I may mention here) in any way, shape, or form. I genuinely believe that they are the best place to start learning Web3 DEVELOPMENT or SECURITY.

Not encouraging at all

@ExitLiqCapital I can confirm that gas prices did go up at the pump stations 30%+ over the last two weeks

Europooors in shambles

@pashov :salute:

@xKeywordx Abso-fkn-lutely Need a new category for "AI audit platforms" as well I believe

@pashov ser, I found out that you created this great GitHub repo with a collection of the currently available AI tools: github.com/pashov/ai-web3… However, Nethermind's AuditAgent is not part of the list, and our agent cries in its own corner because it was excluded from the playground by the other kids. Is it possible to add it, please? auditagent.nethermind.io My colleagues are also opening a PR for this.

@pashov iykyk

@xKeywordx AWP/m4a1

At least 7 "wrench attacks" since the start of the month, 5 of which in France. A "$5 wrench attack" shows that your crypto can often be stolen by bad people with malicious intent and just $5 "weapon" like a wrench. Learn personal OpSec. Protect your data and stay safe.

@pashov Guns then?

@xKeywordx Funny to think kickboxing prevents this attack sir.

@BugUnstuck Real

@xKeywordx Momentum days are real. Once you get into the flow it's like your brain switches into exploit mode.

Today is one of those flawless days. 13 PM and I already have 10+ confirmed bugs in my list, all proven with POCs. Great for me, bad for the protocol. I'm happy and sad at the same time. Auditors can relate!

@lonelysloth_sec True

@xKeywordx It's good for the protocol -- you caught it before the criminals.

@thepantherplus I'm in this case. I created my account and I have 80 rep. I can not hunt anything ...

finally, sanity wins. I like this model the old rep score model was stupid imo. imagine a new security researcher joining HackenProof and a bounty program requiring 150 score and default is 80 gatekeeping hunters with impossible rep walls was peak nonsense. this new system lets real talent actually play.

@talfao1 Congrats! Waiting to read about it

Disclosure of live medium bug I found soon :) completely different feeling. I now understand these bug bounty guys! (It is a different feeling than in Web 2)

@pashov So I'm not the only one :))

@xKeywordx 🤣

I always confuse these 2 guys because of their pfps. Anyone else?

@BensonDynasty_ The protocolis not safe

@xKeywordx Why would you be sad?

@HYDNSecurity I'm thinking about the fix reviews and "how can I make sure that I don't miss anything". Most of the time, after fixes are applied, the code will be very different, and new edge cases may appear.

@xKeywordx yeah it's a double edged sword, on the one hand it's always nice to prove your value to projects by finding lots of issues/criticals/highs, but on the other hand you're thinking "hmm, not sure these guys are going to make it..."

@0xriptide Thanks for the encouragement, though

@0xriptide Then 20 is the 1% of the 1% :))

13:51 ristretto 20 pull ups back to the blockchain

@0xriptide Would love to, but I won't be there. I can only do 15 now. I have to catch up to you.

@xKeywordx ofc pull up comp in cannes if you're in

@protoguard_xyz This one is a private audit. If a live protocol had this many issues, it would've been long gone

@xKeywordx Where are you hunting at? I doubt its still Immunefi