Another day, another win! 🏆
I’ve managed to find a High vulnerability in one of the biggest projects in the web3 space @usualmoney!
Thanks for the opportunity 🫡@sherlockdefi
If you want me to secure your protocol, don’t hesitate to contact me! 🔥
Today I'm going to show you a bug, which total reward was 3300$! 🧐
The problem here lays in the setting of repaymentListener by the loan lender. If the loan lender is malicious, he can set a contract, which can be then removed by him, using selfdestruct. ☠️
This will force the borrowers to be unable to repay their loans and eventually their position will be liquidatable.
🚀Managed to finish on a 5th place and finding a SOLO high in the @soon_svm competition, auditing only the solidity code.
Thanks @cantinaxyz for the opportunity!
@ChDefendersEth
Another day, another challenge 🥇
Can you spot the problem here? 🐛
I will repost the correct best answer and tag the researcher, you have 48 hours to found it 🕐
A lot of people are asking me, how to start with web3?
1. If you don't have any knowledge in solidity, start with solidity course in @CyfrinUpdraft.
2. Then continue with the security course in @CyfrinUpdraft and @0xOwenThurm youtube channel.
📢📢📢One CRITICAL vulnerability that I'm seeing over and over.
Wrong order of parameters.
Instead of passing param1 and param2, often happens the order to be param2 and param1.🐛
A lot of people are asking me, how to start with web3 and auditing.
Start with learning Solidity, consume as much as possible content from @PatrickAlphaC.
And then deep dive into contests, start with smaller ones and try to understand as much as possible the code. 🪲
Solodit is pretty cool tool, but I suggest you to go directly to @code4rena. 🧐
1. Choose a past contest of your choice.
2. Download the report and the codebase.
3. Now you have the full context and you can easily understand the issues and you can go deep⌛️
I'm seeing more and more Rust, Cairo, and Golang audits and fewer Solidity audits. If you want to progress as an auditor, you shouldn't be stuck with just Solidity🚣♀️
I’m frustrated with myself because I knew about Web3 since 2️⃣0️⃣2️⃣0️⃣ but only started diving deep into it two months ago. It feels like a huge missed opportunity, but now I'm more motivated than ever 😈
I'm happy that in the last contest in @CodeHawks we managed to achieve 🥈 place! We found all high vulnerabilities and 4 out of 7 of the mediums in the @swanforall contest. 🏆
#web3#security
@ChDefendersEth @1337web3
P.S Check our website and book a private engament: chaindefenders.xyz/
During every code audit, I step back after fully understanding the codebase and think through edge cases—most bugs are unveiled this way. 🐛
Bonus: I draw schemas on draw.io to map out logic visually. It's a game-changer for catching hidden problems. 📈
Fuzz fuzz fuzz!!! 🔨
If there is a code block that you can't understand and you want to be sure it's working as expected, write fuzz tests!
Fuzz tests can unveil in many situations, edge cases which are not handled properly. 🧪
We managed to achieve 4th place in the lambo competition. Unfortunately we didn’t manage to find the unique bugs. 🐛
Small win, but the money are not enough for a lambo 😀
@ChDefendersEth
Wow 🎉 We are in the top 3 in the last 30 days in the @CodeHawks. And over the last 90 days, we’ve climbed to 14th place on the leaderboard.🏅 #web3#audits#security
@ChDefendersEth @1337web3
Are you looking for web3 guy who is:
- highly motivated
- young
- hungry for new opportunities
- with knowledge of web3 auditing
- senior web developer
If you need this kind of guy, you can contact me and we can discuss, how I can help you 🫡
I've been asking myself in the last couple of days, why I'm still staying in my web2 job. I'm spending a lot of time there, instead in web3.
I will do my best in 2025, auditing to be main income! 🫡
A lot of people asked me in the past hours about tips and I will share my two that can boost you:
1️⃣ Always try to fully understand the protocol and don’t stop. Most bugs are uncovered after that 🐛
2️⃣ Read at least one past audit a day. But not just read it, understand it 📕
Things that helped me a lot in my web3 journey. 🧵
- Previous web2 experience working at @SAP and @VMware 👷♂️
- Strong math background ➕
- Learning and reading about web3 every day in the past 6 months 🤓
- Auditing every free minute 👌
#web3#security
What I like the most about web3 auditing? 🤠
Every new audit is a new project with a different idea and different problems. It’s a never-ending challenge!🎇
⏰ After 7 days of doing audits every day, in the last 24 hours, I read a lot of reports. Some of the findings that I saw, will help me to find more bugs in the future 🐛
📢One thing that I'm seeing over and over, when I read issues during PJQA. There are some real vulnerabilities reported by SRs, but the quality of the report is low and it gets invalidated. ↘️
Junior researchers should understand that writing good report is extremely important❗️
Do you have a problem with focus? 🧘
I have a solution for you. Install a focus extension to your browser. 👨💻
Benefits:
- You will know exactly how much time you spend doing your work
- You will not take longer rests
25 minutes focused work
5 minutes rest
Key to success 🔑
A lot of correct answer, but the best one was by @svetborislavov. 🎉
"There are 2 issues
- missing check for the bid amount
- a user can become the highest bidder if he provides the same amount as the highest bidder "
One thing I didn’t like about the contests is that if you find something unique or with few duplicates, other researchers will try to invalidate it. One thing that I appreciate, you can't escalate someone else issue @cantinaxyz
One thing that I noticed and I want to mention, is the smooth integration between @CodeHawks and @SoloditOfficial! ⛓️💥
Now it’s a lot easier to read old reports on your phone. So you can do it during fitness, eating etc. I appreciate that 👏
❓If the answer is "Yes" for both of the next two questions, you should contact me ASAP:
1. Are you looking for auditors who are ready to work day and night to unveil all vulnerabilities?
2. Do you care about quality, edge cases, etc?
#Web3Security#Blockchain
I've learned a lot in the past few months, but I'm not happy with this result. One of my reported issue was invalidated due to a small error, which is frustrating. However, it's a reminder to give 100% effort in my reports from now on and it's a good lesson.
A lot of people are messaging me for advices or about securing their protocol. 🫡
I’m trying to answer to everyone, so if you don’t received an answer, you can contact me again and I will do my best to help you. 🙏
A lot of right answers, congrats guys! 👏
For me the best answer was by @Tigerfrake:
"Anyone granted a Role can always renounce it. The "BLACKLISTED_ROLE" is granted just like any other role would. This maybe used to restrict some users from performing certain operations. However, a user can very well renounce it and bypass "_onlyNotBlacklisted"."
Another day, another challenge 🥇
Can you spot the problem here? 🐛
I will repost the correct best answer and tag the researcher, you have 48 hours to found it 🕐
🤝We are excited to announce our collaboration with @SizeCredit on an audit of their protocol’s modifications.
🚀We managed to find some minor issues and give some valuable feedback on their update!
🔍You can expect the report in our portfolio soon…
@PeterSRWeb3@1337web3
We @ChDefendersEth managed to score place number 6 at the recent @zarosfi contest on @CodeHawks
🚀 We were able to identify multiple H/Ms, two of which were solo!
🫡 Onto to the next one!
In the last couple of weeks, I've been working less on my web2 job, and my colleagues have started to notice. A couple of days ago, the team lead asked me about it. I mentioned that it's summer and gave some other excuses. Soon I will be 100% in web3 🫡
So if you are planning to visit @web3amsterdam, me and @1337web3 will be there. We can have a talk about web3, security and many more. Don't hesitate to contact us, we will be wearing @ChDefendersEth merch! 🎃
We will be for 7 days in the Netherlands, so if you are not planning to visit the event, we can still meet. 🤝
Let's talk about an issue we identified in the @Sablier contest at @CodeHawks.
‼️Our team noticed that the SablierFlowBase contract isn't quite playing by the ERC4906 rulebook.
Awards have been announced for the Swan: Dria contest🤝
Top 5:
🥇 @ljjeth - $4,045.72
🥈 PeterSR & Emil Yordanov of Team ChainDefenders- $3,289.32
🥉 n3smaro - $2,979.44
🏅 foxb868 - $2,880.38
🏅 neilalois - $2,029.78
(1/2)
Wow, I won my first award in my first ever contest, which took place one month ago at @loopfixyz. I was one of the people to find the only ONE high vulnerability! Starting my web3 journey just two months ago, this is a huge win for me. This reward isn't just mine; @ChDefendersEth
Yesterday I started my first security audit on @cantinaxyz, and today I joined the discord channel, pretty cool atmosphere and very well described repos. 🫡
I'm realizing how important it is to have good support from sponsors during a contest. It's puzzling why some sponsors launch a contest, pay a lot, but aren't there to answer questions. 🧐
🏁 The results of the Vultisig competitive audit are in!
Congratulations to everyone who submitted valid findings, especially to @juancito for their largest earnings yet!
Big appreciation to @Vultisig for their commitment to the best security outcomes
Full winner list 👇
Another small WIN for our team at @code4rena! We reviewed the entire code in the last two days but didn't get to the Go code at all. Every bit counts! 🫡 @1337web3@PeterSRWeb3
Are YOU a web3 company, which is looking for a professional and reliable audit? 👀
Contact me now and I will tell you more about our process and answer all of your questions.
I’m waiting for your DM ✉️
P.S We created a brand NEW design for our reports 👌
@ChDefendersEth
One thing that I really appreciate about the web3 space is that you can work from any point of the world. 🌍
This is benefit that we should be thankful! 🙏
We're hiring! @ChDefendersEth is looking for a BD Lead to help drive our business development and partnership initiatives.
This is a commission based job where you will receive a given percentage of every deal you close (without a base pay). If you have a strong background in Web3, BD and in Sales - DM me here or in Telegram with an attached CV and let’s roll!
Nothing better than a happy client!
At @ChDefendersEth we look after our clients and we ensure top quality in the services we provide!
If you want your protocol secured - DM me and leave the rest to us! 🤝
Why autumn and winter are the best seasons?
Because you can stay more at home and auditing!
Look at how many different and interesting project we have out there. 🤑
Only limit is the sky! 😈
‼️We are happy to announce our collaboration on a private audit with @phi_xyz.
It was such a pleasure working on such a professionally written protocol. Thank you for the opportunity @ZacK_3939!
🧐You can expect the report in our GitHub in the coming days.
@PeterSRWeb3@1337web3
First small win on cantina platform, two more will come soon. 🫡 We've managed to find 5 high risk vulnerabilities and 1 medium.
This is not just my win, but ours @ChDefendersEth @1337web3
2024 is and will be the most important year for our team.
It is the year in which we gathered and created this amazing thing that we called Chain Defenders.
All of these stats are just rookie numbers as I believe that in 2025 a lot is awaiting us!
@PeterSRWeb3@1337web3
"I wanted to build something that was my own, something I could point to and say: I made that. It was the only way I saw to make life meaningful." 🌅- Phil Knight
I'm looking for a position as web3 developer/auditor. I'm planning to completely move from the web2 space to web3. If you are interested about having me in your team, text me directly and I will provide you more info about my past experience and knowledge. #web3#job
One thing that I learned the hard way is that I should describe my findings as simply as possible so that even people who are not familiar with the codebase can understand the issue easily. 🫡 #web3#solidity
✅ Another day, another win!
The StakeLink contest on @CodeHawks was great.
‼️We were able to find 3 Ms and finish in the top 10 contestants!
Spectacular work by @PeterSRWeb3 and @1337web3
🏆 The results of the $30,000 Phi competitive audit are in!
Big congrats to everyone who submitted valid findings
Especially to @MrPotatoMagic for their first 1st place finish, as well as taking top hunter, top gatherer, and best QA report!
Full list of winners in thread 👇
🤝We are excited to announce our collaboration with @bidBlackhole on an audit of their protocol.
🚀We managed to find some issues and give some valuable feedback on their protocol! Users were secured!
🔍You can expect the report in our portfolio soon
@PeterSRWeb3@1337web3
In the last week, I spent all my spare time auditing code. Today, I spent some time going through old reports, and I'm realizing how much I'm learning from this! 🫡 #web3
When you receive this type message, you realise that all of your work that you put into auditing is helping businesses to be more safe and the whole web3 space at all🫡 @ChDefendersEth
#Web3 wardens, how do you feel when you're auditing a competitive protocol with no documentation? 🧐
1⃣ Ask questions to the team? 🙏
2⃣ Abandon this audit and start a new one? 🐭
3⃣ Add another answer below👇
🚨FREE AUDIT ALERT!🚨
🚀 Web3 Innovators, Listen Up! 🚀
Are you the mastermind behind the next Web3 revolution? 🌐🔥
Here's the deal: @ChDefendersEth is ready to BOLT your project's security to the moon, and guess what? It's on the house! 🛡️✨
The Only Rule: Your Solidity protocol must be lean and mean, with less than 700 non-commented lines of code (nsloc).
Why Bother?
Security: Lock down those bugs before they lock you out.
Trust: Show your community you mean business with a legit audit.
How to Lock It Down?
Slide into our DMs - ping @1337web3 or @PeterSRWeb3
First 72 hours only - we're picking the sharpest code in town!
Let's make your project unhackable together. Time's ticking! ⏳🚀