said

@LZ_security @immunefi thank you!

@saidamdev @immunefi Congrats bro!

I just found a confirmed bug on @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@TheTradMod @immunefi thank you 🫡!

@saidamdev @immunefi awesome! congrats mate

@0xfrsmln @immunefi thank you!

@saidamdev @immunefi congrats sir 🔥

@pashov @immunefi 🫡

@saidamdev @immunefi 🔥

@juggernautVoC @immunefi thank you!

@saidamdev @immunefi Congrats om. 🔥

@0xdemonnn @immunefi Thank you!

@saidamdev @immunefi congrats sir 🔥

I've got students messaging me asking if cybersecurity is still a "safe" field to go into because of the advancements of AI Dawg, our career value has fucking EXPLODED. Are you fuckin' with me right now? - AI vibe coded slop as far as the eye can see - AI deep fakes as far as the eye can see - AI written emails, scams, as far as the eye can see On top of that, due to how accessible the internet is now, there is a "cyber attack" literally every god damn second. It's nonstop. The internet is still very much the wild, wild, west. Like, bro, this shitty little malware website I run brings in 20,000+ malwares a day with a budget of $15, a slice of pizza, and cat pictures. Do you have any fucking clue how widespread cybercrime is? Don't even fucking start me on crypto theft I'll lose my mind writing this post, bro. It's literally nonstop, around the clock, weekends and holidays. It never ends. Cybersecurity is only getting bigger.

1. hey guys 👋 🛡️Introducing SoloAudit — a public-good platform to make solo audits accessible for every Web3 project. We’re live 👇 soloaudit.com

As both pools have available HYPE liquidity, users will see that liquidity is allocated across markets to optimize for yield/rewards. This upgrade was also audited by @zenith256, the full report can be found here: github.com/zenith-securit…

✅ Capital V2 Audit Complete @zenith256 audit is in — paving the way for billions in new assets to join @MorpheusAIs 🔐 Security first → Public bug bounty next 🚀 The next era of decentralized AI capital is almost here 📄 Audit link below ⬇️

To demonstrate @burraSec's expertise, we’re offering a free full-day security review/consultation for projects integrating with LayerZero or Arbitrum—whether you’re already deployed or still in development. We’ll thoroughly review: LayerZero: Configuration (DVNs, Executor, and overall integration), functionality (LzRead, OFTs, vanilla OApps, and more). Arbitrum: Native bridge or token bridge integrations, use of retryable tickets, or custom Orbit chains (e.g., custom gas tokens, USDC bridge standard). DM me to schedule your review!

We are excited to announce that Stream Protocol has successfully completed its audit with Zenith. This audit was completed by Zenith Security Researchers: @saidamdev & @windhustler We commend the @StreamDefi team for their commitment to security!

Cove officially finished its second audit! This audit was by @PashovAuditGrp and focused on the core smart contracts. ⚡️​ All findings have been resolved, next step is staging deployment! (soon anon 👀)

New security audit report published, this one was for @PeapodsFinance🤝 Was a multi-week review, with 4 security researchers, and codebase was partly audited already - we still did impressive work here🫡 Read the report below👇 github.com/pashov/audits/…

Introducing Zenith: an auditing firm that delivers good, affordable audits ASAP. Teams want to ship this week, not next month. And without critical bugs. We pick a team of top auditors and manage the audit. It's hassle-free. No more waiting: we can start at a moment's notice.

💣 The MOTHER of ALL ALPHA is here. I officially present to you: THE ART OF AUDITING web3-sec.gitbook.io/art-of-auditing The first community-driven resource that consolidates thousands of hours of expertise from the sharpest minds in the industry. I have spent the past 3 months scraping the leaderboards, collecting wisdom from some of the best in the game. After nearly 80 DMs and countless inspiring conversations, the final product is here for everyone to explore and benefit from. 🔥 What’s inside? Lessons from 52 top-performing, highly-respected auditors, including: - Multi-million-dollar bounty hunters - Multiple competition winners - Leaders at the top of all-time rankings 📗 KNOWLEDGE THAT IS EVERLASTING Over 2,500 years ago, Sun Tzu wrote The Art of War, and its lessons remain timeless. Inspired by that legacy, we created The Art of Auditing - a resource designed to capture knowledge that stands the test of time. Platforms will evolve, judging criteria will shift, and bugs will come and go—but the core principles outlined here will always hold true. 🧠 REAL VALUE FOR EVERYONE The Art Of Auditing has the specific goal to deliver ALPHA and INSPIRATION to EVERYONE, even the TOP-tier auditors.That’s why every contributor is a proven expert with a stellar track record. 🛠️ NEVER ENDING PROJECT I thought I could reach all the great auditors out there in one go, but it turned out there are too MANY of them and I am just ONE guy. I'm not sure if I even covered 50%🤯 There’s still an immense wealth of knowledge waiting to be added to this project. Every experienced auditor with achievements is INVITED to contribute to this collective knowledge base at ANY TIME. 💪 CREDITS All credit and recognition go to the 52 incredible auditors who made this resource a reality. Each of them committed to contributing and each of them DID. Despite this being one of the busiest periods in the industry, they gave their most precious resource - their time. Having experienced it firsthand, I can confidently say that each one of them has extreme integrity and a deep sense of responsibility. If you plan to work with any of them, rest assured: 🫡 These auditors DELIVER I'm tagging all the great names below👇

Introducing Code4rena Pro League 🏆 ⭐ All-star auditors 🔒 Custom security services 🥇 The best security talent including @cmichelio, @samczsun, @hellocccz, @IAm0x52, @xuwinniexu, @zachobront, and more! Read more: code4rena.com/blog/introduci…

Want to know what an elite security researcher’s unique findings look like? We deep dive into two of our most talented, @saidamdev and @Xc1008Cui’s High Risk finding within the @code4rena INIT Capital invitational audit. @hansfriese was the judge for this contest. INIT Capital is a web3 protocol that allows users to Lend, Borrow & Access Strategies with Liquidity Hooks. The finding in question related to a vulnerability where an attacker could exploit the tokenOut function and replace the intended token to be transferred out with an arbitrary (high-value) token. In this case the exploiter would be a malicious order creator. Vulnerability Deep Dive When an order is created, there are 4 required validation checks. One of them is to check whether the order.tokenOut is equal to marginPos.baseAsset or _tokenOut is equal to marginPos.quoteAsset. 
This validation is crucial for ensuring that only valid tokens, specifically those that are part of the margin position being created, can be used in the order creation process. Unlike during the creation of the order, where certain conditions are checked to ensure that tokenOut matches specific assets, there are no such constraints when updating tokenOut within the updateOrder function. 
 This lack of restriction means that any token can be chosen or specified arbitrarily.
The ability to change tokenOut to any token of choice opens up the possibility of exploitation. Attack Vector Just before the order is filled, the creator (=attacker) can front-run the operation by changing the order.tokenOut to a token with a high value, leveraging their knowledge of impending market movements. The executor is likely to approve the hook with multiple tokens and transfer the amount using this new high-value token. Recommended Mitigation To validate the new token when updateOrder is called: By ensuring that the token used for the order update is one of the two assets associated with the margin position, the contract prevents attackers from manipulating the order to their advantage.

Awards have been announced for the $83,600 USDC @renftlabs audit 🥳 Top 5: 🥇sin1st3r__ - $4,493.00 USDC 🥈@juancito - $4,065.97 USDC 🥉@0xEV_om - $3,730.94 USDC 🏅@saidamdev - $3,124.22 USDC 🏅@10xhash - $2,733.70 USDC (1/2)