@mamoud___ Faudrait que je commence je me fais peut être une fausse impression
Français
fuzz755
15.8K posts
@mamoud___ T’es chaud, j’aimerais bien m’y mettre mais ça donne pas envie quand je vois la syntaxe sans comprendre
Français
Y’a des sénégalais qui peuvent me dire s’ils connaissent cette école ? itd-hub.com
J’arrive pas à savoir si c’est une vraie ou un faux site
Français
Announcing First Flight #58: NFT Dealers!
Thank you to @ZhivkoNiko40281 for this submission and their commitment to Web3 Security 🙏
nSLOC: 253
Start date: March 12, 2026 Noon UTC
Duration: 1 Week
Get real auditing experience!
Check it out! 👇
(1/2)
English
fuzz755 รีทวีตแล้ว
fuzz755 รีทวีตแล้ว
I Saved Injective's $500M. They Pay Me $50K.
I like hunting bugs on @immunefi . I'm decent at it.
- #1 — Attackathon | Stacks
- #2 — Attackathon | Stacks II
- #1 — Attackathon | XRPL Lending Protocol
- 1 Critical and 1 High from bug bounties (not counting this one)
Life was good. Then I found a Critical vulnerability in @injective .
This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk.
I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity.
Then — silence. For 3 months. No follow up. No technical discussion. Nothing.
A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either.
I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten.
I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve.
Full Technical Report: github.com/injective-wall…
English
1. Get a shitty intel NUC
2. 2TB SSD
3. Let LLM follow docs
4. Profit
vitalik.eth@VitalikButerin
I feel like at every level we've implicitly made this decision that running a node is this oh so scary devops task that it is ok to leave to professionals. IT IS NOT. We need to reverse this. Running your own Ethereum infrastructure should be the basic right of every individual and household. "The hardware requirement is high, therefore it's okay for the devops skill and time requirements to also be high" is not an excuse. Even people who can afford high-end hardware, dedicated staking boxes, etc often do not have a lot of free time. Nodes should be easy.
English
@0xsadikbaba It will never overflow it’s EVM. There is not enough ETH in the world to make it overflow
English
Two major issues in this contract
Unchecked deposit can overflow
The deposit function uses unchecked when increasing the user balance.
This removes Soliditys overflow protection and could cause the balance to wrap if extreme values are used.
Broken balance logic
the increaseBalance function lets anyone increase their balance without sending ETH.
This means a user can artificially inflate their balance in the contract state without actually depositing funds.
Contract accounting becomes unreliable
Users can create fake balances
The system’s business logic breaks
Always ensure balance updates are tied to real value transfers and avoid unnecessary unchecked blocks.
Sadik@0xsadikbaba
WHO CAN SPOT THE BUG ?
English
Mettre un repo en privé par peur de se le faire voler… Un bon entrepreneur doit rêver de se faire voler son projet
Pashov Audit Group@PashovAuditGrp
If you are not slightly scared of releasing your work to the public, because it's "too good", you are doing it wrong Chase this fear and tame it to serve you. Open Source.
Français
