Certora is hiring!
Who wants in?
Impress my DMs
certora.com/careers
hake
1,417 posts
- Auditing can seem daunting, but it’s pretty simple: 1. Understand the code. 2. Check if code does what it is supposed to do. 3. Brainstorm adverse scenarios under which intended functionality would break down. That’s it.
- Patrick's course were my window into web3 that allowed me to eventually become a security researcher. Today I came full circle and had an interview with him. Logged in and won forever.He who requires no introduction. The one we don’t deserve. Join the chat with @PatrickAlphaC! Some topics we touch on: 🔴 What Drives Him To Make Content 🔴 How To Get Hired As An Auditor 🔴 What Makes CodeHawks Special 🌶️ And Much More! 🔗 Links in Bio -> Available on all
00:00 - Bug hunting with `quickpoc` from @zachobront feels like cheating. Just type -> quickpoc 0xcontractAddress And get a fully-working-ready-to-exploit foundry repo github.com/zobront/quickp…
- For all dunking on @trust__90 chasing clout: The amount of funds he lost to MEV is a joke compared to the amount of funds he saved so far in his career. Trust is at the top of the industry, obviously was well intended, but just like any human he makes mistakes.
- Different audit models and their issues: Pay-per-finding: - No guarantees of any findings. You pay what you get Traditional auditing firms: - No guarantee that any real effort has been put in C4, Sherlock: - No guarantee talented auditors will show up
- chatGPT might lead to more exploits than anything we have ever seen yet. It makes it easier for inexperienced devs to write Solidity contracts and can give them a false sense of security. This will translate into more exploits in the wild and increase demand for audits.
- Whenever I see an auditor saying they secured X billion dollars I think of a dude standing in front of a huge vault aggressively yelling at curious passersby to get lost
- Glad to have meaningfully contributed to the security of @CantoPublic with a 3rd place at @code4rena ! Getting some $CANTO in the process was pretty sweet too :)
- First USDC depeg, now SHA-3 is broken. No such thing as "unlikely" edge case. Expect the unexpected. Develop and Audit accordingly.Vulnerability in implementations of SHA-3 eprint.iacr.org/2023/331.pdf
- There are two $100k contests for formal verification coming up. Only a handful of people can/will be meaningfully competing in them. This is the tweet.
- For anyone who missed DSS, this is the TLDR: For everyone who made it, it's been good, we can pack it up now.
