Jeff Security

Made $60k last month from audit 😎 What about you?

Uniswap V2 forks are still a goldmine for weird edge cases. This breakdown of the Phantom Liquidity bug shows exactly how reserve math gets wrecked. A top tier case study for DEX auditors. 🦄 aurastack.substack.com/p/uniswapv2-ph…

@ShieldifySec 🫡

You’re entering the most abundant, opportunity-filled phase of your life. Believe in something. Web3 security.

Damn

@ShieldifySec 🫡

Many Web3 security researchers feel anxious about AI. Don’t. Do what you’ve always done—learn it, use it, make it work for you. AI is leverage, not competition. Real security talent will be needed more than ever 🫡

That $50M loss wasn't a hack. It was just a brutal lesson in MEV. EigenPhi breaks down the slippage mistake that searchers jumped on. A prime case for why we need encrypted mempools ASAP. 🛡️ open.substack.com/pub/eigenphi/p…

🚨KeomProtocol was exploited for $94k on Polygon ZKEVM A logic bug in KToken.redeemFresh() caps redeemTokens to the user’s cToken balance after calculating totalSupplyNew with the uncapped value, and never recalculates redeemAmount. This results in minting a tiny amount of cTokens and draining the market’s entire cash balance via redeemUnderlying(). This is a straightforward issue that an audit would catch. Stay safe. 🫡

Fuzzing for Security Researchers 🤠 Starting with basic and fuzz testing in Foundry, then moving to stateful fuzzing with Echidna, Alex shows how stateless and stateful fuzzing can uncover bugs that traditional imperative tests often miss youtu.be/3A7aa5B8aak

Solana auditors: 1-byte event discriminators in Anchor are a total collision trap. The resource covers how it can mess up dispatching and confuses off-chain indexers. 👇 exvul.com/blog/anchor-on…

@ShieldifySec 👀

Smart contracts were just the beginning. Now, we’re securing the AI layer. 🛡️ We are looking for elite AI Security Auditors to join us: - Experienced in AI/ML vulnerabilities - Web3 native - Ready to ship high-impact audits Think you’re a fit? Our DMs are open. 📥

@ardosino 🫡

@jeffsecurity 💯

Stop ignoring the frontend. 🛡️ You can have 5 audits on your Solidity, but if your web app or DNS is a mess, it doesn't matter. This piece on the DeFi "weakest link" is a must-read for researchers. zealynx.io/blogs/weakest-…

@evilcos 🫡

@jeffsecurity Thanks for your tweet☺️

Planning to use OpenClaw? Make sure you read this safety guide from SlowMist first!!! github.com/slowmist/openc…

🚨 SOMEONE SWAPPED ~50.43M $aEthUSDT (from Aave) swapped via CoW Protocol for 327.24 $aEthAAVE (~$35.9K value) For $50M+ orders, always verify min received & paths—DEX liquidity can't handle it without massive loss Source: etherscan.io/tx/0x9fa9feab3…

@ShieldifySec 😅

added @cantinaxyz scan + @certora formal verification + @joranhonig grimoire skill run making moloch/majeur the most AI audited code - ever.

Open rates for cold reachouts to protocols were sitting at 2%, so I had to escalate. If this doesn’t get me a discovery call, nothing will.