We bring in the best and top talented in web3sec , invest in their growth in , and then watch them deliver. That is how we operate.
English
TheSeersec
35 posts
TheSeersec
@TSeersec
Expert Audit & Pentesting crew. Securing DeFi, blockchain,Web and AI Pentest. Uncovering vulnerabilities and fortifying systems. DM for audit
Tham gia Eylül 2025
10 Đang theo dõi3 Người theo dõi
Now, This inverted rounding made nextSqrtP from calcFinalPrice slightly exceed the tick boundary, and then calcReachAmount concluded and thinks the threshold was not reached. And then the fund drainage begins.
We distilled you logics and cover edge cases. Just a DM ..,
English
while calcReachAmount() function determines the input needed to hit the next tick boundary, and calcFinalPrice() derives the price given the actual input. Then both depend on estimateIncrementalLiquidity() for fee-based deltaL, which rounds down.
English
This is just the close summary of kyberswap attack. Difference perser issue.
The Elastic's computeSwapStep() function calls two functions that each compute a price from swap parameters:
0xaudron@0xaudron
@nnez/different-parsers-different-results-acecf84dfb0c" target="_blank" rel="nofollow noopener">medium.com/@nnez/differen…
@__nnez solid writeup on different parser causing different result resulting in critical security issue. It reminded me of @orange_8361 ‘s research of SSRF where different parsers parsed input differently leading to bypass of protections for SSRF. If you’re interested in learning more about research: youtube.com/watch?v=R9pJ2Y… English
TheSeersec đã retweet
Two often-overlooked 4626 invariants:
redeem(maxRedeem) should always succeed
withdraw(maxWithdraw) should always succeed
BengalCatBalu😽@BengalCatBalu
For the last time I've been working on a large audit of a protocol built on multiple interacting ERC-4626 vaults. One observation that keeps proving itself: understanding the difference between max* and preview* functions is essential for any auditor working with 4626. The key distinction — preview* functions are pure math. They convert between assets and shares at the current exchange rate, accounting for entry/exit fees, but they ignore all global constraints on the vault. max* functions are the opposite — they return the actual executable limit right now, factoring in pauses, deposit caps, and most interestingly, liquidity constraints. The heuristic: if a protocol evaluates the result of an operation using a preview* function but never checks the corresponding max* — that's a bug. A vault's previewRedeem might say your shares are worth 1M in assets, but maxWithdraw returns 20k because the underlying lending strategy is at 98% utilization. The protocol trusts the preview, calls withdraw, and reverts. 4626 keeps surprising me with new dimensions where bugs can hide.
English
TheSeersec is made up many Web3 security expert.We don’t just audit smart contracts. We fortify entire ecosystems against the exact class of attacks that just cost the industry another $292 million.
We treat security as a holistic, living system , not a onetime report.
English
Protocols has to know that smart contract audit is still necessary But they are now table stakes. This like locking the front door while leaving the back gate wide open to the infrastructure and third-party stack.
OpenZeppelin@OpenZeppelin
English
4 steps that make ECDSA recover secure
• Ensure it's 65 bytes long
• Check that "s" is in lower half-order
• Ensure "v" is exactly 27 or 28
• Check signer returned isn't address(0)
Utilise ECDSA.tryRecover library, instead of reimplementing the wheel
English
TheSeersec đã retweet
this is the three goto model for this .. question why it works, what assumptions it’s making, and how they could be broken .. thank you @0xFlint_
Flint@0xFlint_
English
Be curious. Read widely. Try new things. What people call intelligence just boils down to curiosity. This is brief life of Security researcher.
English
Auditing client codebase,and i saw the fear and determination in both face.Project dreams can turn into nightmares .A single vuln can drain project's liquidity. This is why ,We audits with a stress test model to break smart contracts logics because we know what is at stake
English
Happy to announce, ily2 and I work together. We are gonna be glad to work with you. DM for you audit .
Immunefi@immunefi
Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2
English
TheSeersec đã retweet
TheSeersec đã retweet
149 Million Passwords LEAKED
A massive data breach has exposed 149 million credentials from Gmail, Instagram, and Facebook. Discovered by Jeremiah Fowler, this info-stealer malware leak is critical—check your security now.
English
Our researchers just wrapped up another private audit 🔥 Report dropping soon
@smartdeckk , kills it all and rare gem .. Cheers
English
Security review checklist that catches 90% of issues:
• Can funds be drained by anyone?
• Can state be corrupted by non-owners?
• Can the protocol be DOS'd cheaply?
• Are all external calls handled safely?
• Do economic incentives align with intentions?
English
TheSeersec đã retweet
While auditors glance 2-3 times, TheSeersec Guardians stare deep, exploring every edge case to fortify your code. We’re the black hat nightmare, keeping threats at arm’s length....
English
TheSeersec đã retweet
We turned down a 2-week Solidity audit yesterday, even though it was probably a lucrative opportunity.
Why? we already committed to a 5-week protocol review, and trying to juggle both at once would be unwise.Based on my past experiences, I believe this was the correct choice.
English
Auditing Tip
Do reductionism. try and break function in smaller path. Understand it, analysis it and then try to go back and understand the whole complex situation. Check what happen when you go back to put everything together..
English