Web3 Security Researcher and Master in AI 🧑‍🔬 Working with @sherlockdefi and @cyfrin 🦅 @DefendersAudits chaindefenders.xyz

Another day, another win! 🏆 I’ve managed to find a High vulnerability in one of the biggest projects in the web3 space @usualmoney! Thanks for the opportunity 🫡@sherlockdefi If you want me to secure your protocol, don’t hesitate to contact me! 🔥
11
2
126
8,291
Can you identify the bug that led to someone being awarded over $1,000?🪲 In the next 48 hours, you can leave your comments down below.
28
23
227
23,846
First second place in @code4rena. I promise next time to be first. 😈 #web3
16
3
161
9,021
🧲Can you spot the bug 🐛 Let's secure this block of code together.
26
14
152
17,861
Can you spot the bug here ❓ This critical could lead to significant loses for other types of protocols 🐛
21
10
124
13,145
Today I'm going to show you a bug, which total reward was 3300$! 🧐 The problem here lays in the setting of repaymentListener by the loan lender. If the loan lender is malicious, he can set a contract, which can be then removed by him, using selfdestruct. ☠️ This will force the borrowers to be unable to repay their loans and eventually their position will be liquidatable.
3
6
128
6,244
I'm sharing you now, TOP resources to kickstart your journey with rust and solana! 🔝 1. An introduction to developing on solana helius.dev/blog/the-solana-p… 2. Beginners guide to building solana programs helius.dev/blog/an-introduct… 3. Introduction to anchor anchor-lang.com/
2
22
129
5,681
🚀Managed to finish on a 5th place and finding a SOLO high in the @soon_svm competition, auditing only the solidity code. Thanks @cantinaxyz for the opportunity! @ChDefendersEth
7
3
116
2,522
Another day, another challenge 🥇 Can you spot the problem here? 🐛 I will repost the correct best answer and tag the researcher, you have 48 hours to found it 🕐
14
4
101
7,574
A lot of people are asking me, how to start with web3? 1. If you don't have any knowledge in solidity, start with solidity course in @CyfrinUpdraft. 2. Then continue with the security course in @CyfrinUpdraft and @0xOwenThurm youtube channel.
4
8
97
3,867
One thing that I told myself at the end of 2024 is to start learning Rust and the solana env. Send me the best resources you have.
7
4
90
6,609
📢📢📢One CRITICAL vulnerability that I'm seeing over and over. Wrong order of parameters. Instead of passing param1 and param2, often happens the order to be param2 and param1.🐛
2
5
83
3,757
A lot of people are asking me, how to start with web3 and auditing. Start with learning Solidity, consume as much as possible content from @PatrickAlphaC. And then deep dive into contests, start with smaller ones and try to understand as much as possible the code. 🪲
1
2
80
2,948
Solodit is pretty cool tool, but I suggest you to go directly to @code4rena. 🧐 1. Choose a past contest of your choice. 2. Download the report and the codebase. 3. Now you have the full context and you can easily understand the issues and you can go deep⌛️
3
6
71
2,884
I'm seeing more and more Rust, Cairo, and Golang audits and fewer Solidity audits. If you want to progress as an auditor, you shouldn't be stuck with just Solidity🚣‍♀️
4
2
59
2,880
I’m frustrated with myself because I knew about Web3 since 2️⃣0️⃣2️⃣0️⃣ but only started diving deep into it two months ago. It feels like a huge missed opportunity, but now I'm more motivated than ever 😈
9
52
4,014
Sir, do you want to be my 1000 follower? Thanks 🙏
5
51
4,296
I'm happy that in the last contest in @CodeHawks we managed to achieve 🥈 place! We found all high vulnerabilities and 4 out of 7 of the mediums in the @swanforall contest. 🏆 #web3 #security @ChDefendersEth @1337web3 P.S Check our website and book a private engament: chaindefenders.xyz/
3
4
56
2,190
During every code audit, I step back after fully understanding the codebase and think through edge cases—most bugs are unveiled this way. 🐛 Bonus: I draw schemas on draw.io to map out logic visually. It's a game-changer for catching hidden problems. 📈
2
2
51
1,893
Fuzz fuzz fuzz!!! 🔨 If there is a code block that you can't understand and you want to be sure it's working as expected, write fuzz tests! Fuzz tests can unveil in many situations, edge cases which are not handled properly. 🧪
49
1,296
Two best decision I made this year: 1) Jump in the web3 space 🚀 2) Start investing in different assets 📈 2025 will be a great year 🫡
5
48
1,744
We managed to achieve 4th place in the lambo competition. Unfortunately we didn’t manage to find the unique bugs. 🐛 Small win, but the money are not enough for a lambo 😀 @ChDefendersEth
45
1,370
The best decision I made in the last couple months is to join the web3 universe. 🛩️ The opportunities are limitless. 🌄
6
41
2,836
Wow 🎉 We are in the top 3 in the last 30 days in the @CodeHawks. And over the last 90 days, we’ve climbed to 14th place on the leaderboard.🏅 #web3 #audits #security @ChDefendersEth @1337web3
2
1
43
1,489
One thing that helps me during audit is using paper and pen. I prefer to write down all my thoughts, you can try this strategy 🫡
5
1
42
1,571
Someone asked me, what is my goal for 2025. 1. Buy house similar to this ues.bg/bg/bgr/sofia-dragalev…
4
1
39
2,689
Do you switch from audit to audit? ❓ I'm seeing myself doing this and I want to stop it, but with so much contests in parallel, the FOMO is .... 🫣
7
1
38
2,846
Are you looking for web3 guy who is: - highly motivated - young - hungry for new opportunities - with knowledge of web3 auditing - senior web developer If you need this kind of guy, you can contact me and we can discuss, how I can help you 🫡
6
1
35
3,437
I've been asking myself in the last couple of days, why I'm still staying in my web2 job. I'm spending a lot of time there, instead in web3. I will do my best in 2025, auditing to be main income! 🫡
3
36
1,351
A lot of people asked me in the past hours about tips and I will share my two that can boost you: 1️⃣ Always try to fully understand the protocol and don’t stop. Most bugs are uncovered after that 🐛 2️⃣ Read at least one past audit a day. But not just read it, understand it 📕
6
3
33
1,610
Things that helped me a lot in my web3 journey. 🧵 - Previous web2 experience working at @SAP and @VMware 👷‍♂️ - Strong math background ➕ - Learning and reading about web3 every day in the past 6 months 🤓 - Auditing every free minute 👌 #web3 #security
2
1
30
1,661
When you are not motivated enough: 1) Step back and relax for a few minutes 🧘 2) And then sit on your a** and do your job 👨‍🔧 Thank me later 👋
1
2
29
601
What I like the most about web3 auditing? 🤠 Every new audit is a new project with a different idea and different problems. It’s a never-ending challenge!🎇
2
30
978
Hmmm which language do you prefer to audit except solidity ❓
8
1
28
2,734
⏰ After 7 days of doing audits every day, in the last 24 hours, I read a lot of reports. Some of the findings that I saw, will help me to find more bugs in the future 🐛
3
26
1,123
I had a drink with a friend of mine and I we talked about the IT sector. No one knows about web3 and you are not late, just keep pushing! 🫡
1
1
27
678
📢One thing that I'm seeing over and over, when I read issues during PJQA. There are some real vulnerabilities reported by SRs, but the quality of the report is low and it gets invalidated. ↘️ Junior researchers should understand that writing good report is extremely important❗️
2
3
29
1,419
One small win for us. We've spent just one day at this, so we are happy with the result. @code4rena @secondswap_io @1337web3
We at @ChDefendersEth finished 8th on the @secondswap_io contest on @code4rena. It was a pleasure! 🚀
2
29
1,436
Do you have a problem with focus? 🧘 I have a solution for you. Install a focus extension to your browser. 👨‍💻 Benefits: - You will know exactly how much time you spend doing your work - You will not take longer rests 25 minutes focused work 5 minutes rest Key to success 🔑
1
26
1,101
A lot of correct answer, but the best one was by @svetborislavov. 🎉 "There are 2 issues - missing check for the bid amount - a user can become the highest bidder if he provides the same amount as the highest bidder "
Can you spot the bug here ❓ This critical could lead to significant loses for other types of protocols 🐛
1
2
26
1,926
📕 One mistake that most auditors make repeatedly is that they never check the integration of the code with external libraries.
2
3
26
786
After I started doing audits, my code reviews on my regular web2 job are getting better and better. 👨‍💻
3
26
650
One thing I didn’t like about the contests is that if you find something unique or with few duplicates, other researchers will try to invalidate it. One thing that I appreciate, you can't escalate someone else issue @cantinaxyz
1
1
22
1,050
One thing that I noticed and I want to mention, is the smooth integration between @CodeHawks and @SoloditOfficial! ⛓️‍💥 Now it’s a lot easier to read old reports on your phone. So you can do it during fitness, eating etc. I appreciate that 👏
2
23
802
48 hours have passed, a lot of people gave the correct answer, but the most detailed one was by @0xSilvermist This bug was found in a @sherlockdefi competition. You can check it here github.com/sherlock-audit/20…
Can you identify the bug that led to someone being awarded over $1,000?🪲 In the next 48 hours, you can leave your comments down below.
1
21
1,308
One small win that I'm happy about, this protocol was very well written and I manage to find 1 meduim out of four! @cantinaxyz @symbioticfi
1
19
567
❓If the answer is "Yes" for both of the next two questions, you should contact me ASAP: 1. Are you looking for auditors who are ready to work day and night to unveil all vulnerabilities? 2. Do you care about quality, edge cases, etc? #Web3Security #Blockchain
1
1
18
1,298
I've learned a lot in the past few months, but I'm not happy with this result. One of my reported issue was invalidated due to a small error, which is frustrating. However, it's a reminder to give 100% effort in my reports from now on and it's a good lesson.
19
882
A lot of people are messaging me for advices or about securing their protocol. 🫡 I’m trying to answer to everyone, so if you don’t received an answer, you can contact me again and I will do my best to help you. 🙏
1
16
1,032
A lot of right answers, congrats guys! 👏 For me the best answer was by @Tigerfrake: "Anyone granted a Role can always renounce it. The "BLACKLISTED_ROLE" is granted just like any other role would. This maybe used to restrict some users from performing certain operations. However, a user can very well renounce it and bypass "_onlyNotBlacklisted"."
Another day, another challenge 🥇 Can you spot the problem here? 🐛 I will repost the correct best answer and tag the researcher, you have 48 hours to found it 🕐
1
1
15
996
If you saw our recent results, I think you should consider contacting us, I'm here to assist you! 💁‍♂️
⚠️You are a protocol owner and you need an audit? Go to our DMs or website and contact us, we will do the rest! 🔍
2
1
17
863
We are extremely happy to announce this colab @SizeCredit
🤝We are excited to announce our collaboration with @SizeCredit on an audit of their protocol’s modifications. 🚀We managed to find some minor issues and give some valuable feedback on their update! 🔍You can expect the report in our portfolio soon… @PeterSRWeb3 @1337web3
3
1
16
834
🔥
We @ChDefendersEth managed to score place number 6 at the recent @zarosfi contest on @CodeHawks 🚀 We were able to identify multiple H/Ms, two of which were solo! 🫡 Onto to the next one!
1
16
717
In the last couple of weeks, I've been working less on my web2 job, and my colleagues have started to notice. A couple of days ago, the team lead asked me about it. I mentioned that it's summer and gave some other excuses. Soon I will be 100% in web3 🫡
1
16
961
Two things that I hate the most: 1) Writing reports 📝 2) Leg days 🏋️ Still after 6+ months of auditing, I still prefer writing reports than leg day
2
15
648
Am I do only one who is reading past audits between the sets in the gym? 👀 Don’t miss a minute 😎
4
14
675
So if you are planning to visit @web3amsterdam, me and @1337web3 will be there. We can have a talk about web3, security and many more. Don't hesitate to contact us, we will be wearing @ChDefendersEth merch! 🎃 We will be for 7 days in the Netherlands, so if you are not planning to visit the event, we can still meet. 🤝
1
14
907
Replying to @pashov
🫡
3
107
Always verify that the contract adheres to the EIP it claims to implement! 🐛
Let's talk about an issue we identified in the @Sablier contest at @CodeHawks. ‼️Our team noticed that the SablierFlowBase contract isn't quite playing by the ERC4906 rulebook.
1
13
665
Starting your week with good gym session 😇
11
627
Thanks for the opportunity @CodeHawks
Awards have been announced for the Swan: Dria contest🤝 Top 5: 🥇 @ljjeth - $4,045.72 🥈 PeterSR & Emil Yordanov of Team ChainDefenders- $3,289.32 🥉 n3smaro - $2,979.44 🏅 foxb868 - $2,880.38 🏅 neilalois - $2,029.78 (1/2)
12
486
Wow, I won my first award in my first ever contest, which took place one month ago at @loopfixyz. I was one of the people to find the only ONE high vulnerability! Starting my web3 journey just two months ago, this is a huge win for me. This reward isn't just mine; @ChDefendersEth
1
2
12
787
Yesterday I started my first security audit on @cantinaxyz, and today I joined the discord channel, pretty cool atmosphere and very well described repos. 🫡
2
1
12
1,696
I'm realizing how important it is to have good support from sponsors during a contest. It's puzzling why some sponsors launch a contest, pay a lot, but aren't there to answer questions. 🧐
2
11
724
If you're feeling unmotivated, remember that even the rulers of Rome preferred to avoid procrastination. 👑💪
1
11
593
I want to see us in the top 1, as soon as possible, but top 5 it’s not bad at all
🏁 The results of the Vultisig competitive audit are in! Congratulations to everyone who submitted valid findings, especially to @juancito for their largest earnings yet! Big appreciation to @Vultisig for their commitment to the best security outcomes Full winner list 👇
2
11
1,190
I read my first lines of solidity code on 15 april, more to come! 🫡
Another small WIN for our team at @code4rena! We reviewed the entire code in the last two days but didn't get to the Go code at all. Every bit counts! 🫡 @1337web3 @PeterSRWeb3
2
11
593
Are YOU a web3 company, which is looking for a professional and reliable audit? 👀 Contact me now and I will tell you more about our process and answer all of your questions. I’m waiting for your DM ✉️ P.S We created a brand NEW design for our reports 👌 @ChDefendersEth
1
9
805
Sherlock broke my assumption of valid finding. Even though I found more valid findings in the protocol, I thought that they will be not valid.
10
626
In the last few days, I'm auditing @SizeCredit. This contract is very well written and the guys are ready to help you all the time! 👏 @code4rena
1
10
483
One thing that I really appreciate about the web3 space is that you can work from any point of the world. 🌍 This is benefit that we should be thankful! 🙏
1
9
253
Replying to @pashov
I think now it’s the best time to start your journey in Web3, happy that I started three months ago, thanks to your community!
9
444
Rust is pretty interesting language and I’m looking forward to work on a audit on the Solana ecosystem in the next few weeks. 🫡
8
467
⚠️⚠️⚠️Look at this opportunity 👇
We're hiring! @ChDefendersEth is looking for a BD Lead to help drive our business development and partnership initiatives. This is a commission based job where you will receive a given percentage of every deal you close (without a base pay). If you have a strong background in Web3, BD and in Sales - DM me here or in Telegram with an attached CV and let’s roll!
1
9
515
Check them 👇
‼️ We uploaded the reports of our findings in the @phi_xyz, @zarosfi, @QuantAMMDeFi and @secondswap_io contests. They contain some interesting findings and some unique ones too 👀 📷 You can find them here: github.com/Chain-Defenders/p…
9
659
Happy to hear such a kind words ☺️
Nothing better than a happy client! At @ChDefendersEth we look after our clients and we ensure top quality in the services we provide! If you want your protocol secured - DM me and leave the rest to us! 🤝
9
536
Why autumn and winter are the best seasons? Because you can stay more at home and auditing! Look at how many different and interesting project we have out there. 🤑 Only limit is the sky! 😈
9
437
3. Start reading old reports on @SoloditOfficial or directly read reports from one of the platforms(@code4rena, @CodeHawks, @sherlockdefi)
7
575
We are planning to visit Amsterdam for the @web3amsterdam. 🚲
What will the most attended web3 events be this year? We at @ChDefendersEth are looking at the @web3amsterdam event. 🤔 Who is going to be there?
8
557
I asked grok to create a portrait of me and this is how grok sees me.
1
8
587
Again thanks for the opportunity! 🫡 @ZacK_3939 @phi_xyz
‼️We are happy to announce our collaboration on a private audit with @phi_xyz. It was such a pleasure working on such a professionally written protocol. Thank you for the opportunity @ZacK_3939! 🧐You can expect the report in our GitHub in the coming days. @PeterSRWeb3 @1337web3
8
379
I’m looking for a book or course for marketing, because I’m seeing how important is to be good at it in 2024. 📚📈
8
335
First small win on cantina platform, two more will come soon. 🫡 We've managed to find 5 high risk vulnerabilities and 1 medium. This is not just my win, but ours @ChDefendersEth @1337web3
8
536
Face reveal 🐶
9
341
Happy to share our year 🚀
2024 is and will be the most important year for our team. It is the year in which we gathered and created this amazing thing that we called Chain Defenders. All of these stats are just rookie numbers as I believe that in 2025 a lot is awaiting us! @PeterSRWeb3 @1337web3
7
428
"I wanted to build something that was my own, something I could point to and say: I made that. It was the only way I saw to make life meaningful." 🌅- Phil Knight
1
7
289
I'm looking for a position as web3 developer/auditor. I'm planning to completely move from the web2 space to web3. If you are interested about having me in your team, text me directly and I will provide you more info about my past experience and knowledge. #web3 #job
1
6
643
One thing that I learned the hard way is that I should describe my findings as simply as possible so that even people who are not familiar with the codebase can understand the issue easily. 🫡 #web3 #solidity
7
261
Replying to @hrkrshnn
This year I will celebrate Christmas with my @cantinaxyz family 🎄
1
7
242
@CodeHawks Hope you fix your leaderboard for teams for the next contest 😔
✅ Another day, another win! The StakeLink contest on @CodeHawks was great. ‼️We were able to find 3 Ms and finish in the top 10 contestants! Spectacular work by @PeterSRWeb3 and @1337web3
1
7
130
Well done @MrPotatoMagic
🏆 The results of the $30,000 Phi competitive audit are in! Big congrats to everyone who submitted valid findings Especially to @MrPotatoMagic for their first 1st place finish, as well as taking top hunter, top gatherer, and best QA report! Full list of winners in thread 👇
1
7
580
We are happy to announce our collaboration 🥳
🤝We are excited to announce our collaboration with @bidBlackhole on an audit of their protocol. 🚀We managed to find some issues and give some valuable feedback on their protocol! Users were secured! 🔍You can expect the report in our portfolio soon @PeterSRWeb3 @1337web3
7
654
In the last week, I spent all my spare time auditing code. Today, I spent some time going through old reports, and I'm realizing how much I'm learning from this! 🫡 #web3
1
1
7
336
Part of the verified club! 🫡
1
7
223
You can check our audit and give us a feedback. 📞
‼️We uploaded the report of our review of the @phi_xyz's airdrop contract. 🔗You can find it here: github.com/Chain-Defenders/p…
5
415
When you receive this type message, you realise that all of your work that you put into auditing is helping businesses to be more safe and the whole web3 space at all🫡 @ChDefendersEth
1
5
604
I will do my best to secure your protocol 🫡
1
6
129
#Web3 wardens, how do you feel when you're auditing a competitive protocol with no documentation? 🧐 1⃣ Ask questions to the team? 🙏 2⃣ Abandon this audit and start a new one? 🐭 3⃣ Add another answer below👇
6
203
🚨FREE AUDIT ALERT!🚨 🚀 Web3 Innovators, Listen Up! 🚀 Are you the mastermind behind the next Web3 revolution? 🌐🔥 Here's the deal: @ChDefendersEth is ready to BOLT your project's security to the moon, and guess what? It's on the house! 🛡️✨ The Only Rule: Your Solidity protocol must be lean and mean, with less than 700 non-commented lines of code (nsloc). Why Bother? Security: Lock down those bugs before they lock you out. Trust: Show your community you mean business with a legit audit. How to Lock It Down? Slide into our DMs - ping @1337web3 or @PeterSRWeb3 First 72 hours only - we're picking the sharpest code in town! Let's make your project unhackable together. Time's ticking! ⏳🚀
2
6
2,055
Communication is the key. If more sponsors are like this we will have a more secured web3 space. 🫡🙏
7
306