Founder of @ZealynxSecurity. 10 years QA → 4+ years Smart Contract Security. Building an audit firm in public. Building academy.zealynx.io for Web3 builders

Book an Audit →
I'd like to introduce Zealynx Insiders Membership. The web3 market is brutal right now. Teams are shrinking, strong engineers are stuck in limbo, and founders are shipping with less support than ever, leading to insecure protocols. When the market contracts, the people who come out ahead are the ones who keep learning and stay connected instead of grinding alone. That is the entire reason we built this. ------------------------------------- What it is Zealynx Insiders is a membership for people building and securing web3. Not a course you finish, and not another Discord or Telegram group where the good stuff scrolls away by morning. It is a place to belong for the long run, a room where developers, founders, and auditors keep getting better, together, month after month. You do not graduate from it. It gets more valuable the longer you stay. It is built by Zealynx Security, a web3 security firm trusted by 30+ protocols across 42 audits. The room is run by people doing the work right now, not influencers or course sellers. ------------------------------------- Why a membership, and why it is paid Most security learning is lonely. You study alone, the good answers disappear the day they are posted, and you never really know if you are getting better. A membership fixes that. It holds your progress, your people, and your work in one place, and it gives you a reason to show up every week. And the fact that it is paid is a feature, not a barrier. A price filters for people who are serious. No lurkers, no tourists, just members who show up, contribute, and want to make the most of it. That commitment is the one thing a free channel can never manufacture. ------------------------------------- Who it is for One room, with a door for each kind of member. • Builders and devs. Ship secure code and be the engineer your team cannot afford to cut. Build your own AI auditor agent, get the latest tools and prompts, secure-pattern playbooks, and Krait on your code. • Founders and small teams. Get audit-ready and cut your rekt-risk without hiring a security team. A founder networking channel, deeper eMBA business topics, 1:1 advisory with a working auditor, Krait runs on your contracts, and a founding discount on a full Zealynx audit. • Auditors. Stay sharp between engagements, build a public track record, and plug into a network that trades leads and vouches for each other. • New to security. Start with a room instead of alone. A clear path, real accountability, and people a step ahead who remember what it was like. ------------------------------------- What is inside • Zealynx Live. Weekly hosted sessions where the whole room works through real content together, with timed questions and a live scoreboard. Taking part advances your real progress. It is not a passive webinar. • 1:1 advisory with a working auditor. Direct guidance on your code and your decisions, not a comment lost in a feed. • Krait on your code. Hands-on security support with our own AI auditor, and help folding AI auditing into your workflow. • A real platform. Organized spaces, courses, a member directory, messaging, a mobile app, search, and a weekly digest, under one branded Zealynx home. • Support across the whole Zealynx stack. The Academy, Audit Grants, and Krait. ------------------------------------- The founding offer Founding members lock $20 per month for life, for as long as they keep their membership. The founding rate ends July 16, after that it moves to $50 per month. Founding seats are limited. Joining the waitlist is free, and there is no charge until we open. The waitlist gets the invite first. This is where people building and securing web3 keep growing together through the bear market. ------------------------------------- Come grow with us. Reserve your seat: academy.zealynx.io/membershi…
4
13
29
3,469
Web3 security isn’t about being the smartest person in the room; it’s about being methodical and thorough. Great auditors aren’t born—they’re made through practice and persistence. Dream big, Merry Christmas!
5
12
189
5,713
In April of this year, I took the step of getting full-time into Web3 and founding @ZealynxSecurity with @Seecoalba ​ In 4 months we have reached $70k of earnings and we have been able to cover this work for our clients: ​ • Solidity Audits • Solana Development • Testing Campaigns (Fuzzing and Formal Verification) • NEAR Audits • Solidity Development • Pentesting • Static Analysis Development ​ Soon, we will be able to offer Uniswap Hooks Development as well, once we finish the Uniswap Hook Incubator. ​ We have always adapted to the budget of our clients, so don't hesitate to reach out, we will always get to an agreement. ​ 🚨 🚨 🚨 LIMITED OFFER 🚨 🚨 🚨 ​🚨 🚨 🚨🚨 🚨 🚨🚨 🚨 🚨🚨 🚨 🔥 We will offer a FREE Smart Contract Audit to the first 3 projects that DM me ​ 🔥 A FREE Testing Campaign for the first project that DMs me ​ For anything else, reach out, and let's talk. ​ 🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 ARE YOU AN AUDITOR?🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 🎆 This is your occasion to gain experience in private audits!!! ​ If you would like to participate in these Audits: 1. Quote Retweet this post 2. Like it 3. Comment "Zealynx Security" And if they contact me thanks to your tweet I will include you in the team for the audit.
27
18
175
20,098
Today is a turning point. I no longer have a 9 to 5 job!! It’s Web3 full-time now🔥🔥🔥🔥 It’s scary but extremely exciting. I finally have a chance to give it my full attention. After a year being only able to spend 2-4 hours daily on this I managed to ⭐️ Grow my brand with nearly 3K followers on Twitter and almost 1.5K Subscribers on YouTube. ⭐️ I had the chance to make private audits and help improve the security of a total of 6 different DeFi protocols. And had the luck to join forces with @Seecoalba, and start an exciting journey offering: ⭐️ Fuzzing and Formal Verification for Smart Contracts as a service to so far 2 protocols. ⭐️ Solidity Development where we’ve been implementing a Staking contract for an existing DAO. ⭐️ Solana development with a recently closed deal which we’re currently working on. ⭐️ Other amazing collaborations on the Web3 education side that I’m not able to share yet. And there’s so much more yet to come… And as always, I’ll do the best I can to share my learnings so I keep connecting with lots of great people and help them progress through their journey. Wish me luck and don’t be a stranger, reach out to chat anytime.

ALT Gogeta Dragon Ball Z GIF

37
6
168
20,226
How can I learn about Smart Contract Auditing from zero? I have started a series of articles where I will publish ordered material (a roadmap) every week for anyone who wants to become a smart contract auditor and needs guidance on what to tackle next. Who wants to see it?
13
41
168
16,126
Ready to learn Rust? I have prepared the most comprehensive guide to building an NFT with Rust. After watching this guide you will be able to understand every single line of the Smart Contract. This can be the beginning of your Crypto project, or it can get you started to understand how to prepare to audit Smart Contracts with @rustlang Go quickly to my YT channel 🔴 (find the 🔗link on my profile bio) and start your journey! If you want me to continue creating Rust material for smart contracts, leave a comment or just a 🦀 so that I know you're interested.
7
27
171
10,778
I felt ashamed to share it for some reason when I published that I'm going full-time on Web3... I'm ready to share it now I was laid off from my last full-time job. Yup, I didn't plan to leave this job, as did the 20 other people who were laid off with me. I must say it was very scary and hurtful to go through that. Why? Because, first of all I had never been fired before and it got me real bad and second because I had by then a 2 months old baby girl and at that stage what you want is stability. I remember I went through multiple phases that same day. First, I felt strong sadness and fear right away. That feeling of uncertainty of what comes next was killing me. Second, when I shared the news with my wife there was some relief after seeing and having her support. Since she new that in my free time I was studying and doing some things in blockchain, she asked me how was it going and if I had made some money that month. Third, after that question, it is when something started to click, that month I actually had closed 2 new clients and earned $8k, so when I shared that we both realized that actually that could potentially be what I should focus 100%, instead of looking for another silly job in Web2. Fourth, I shared the news with @seecoalba, he had been my partner at blockchain for already 3 months and I wanted to share my situation and my ambitions, and plan with him all next steps. And that's when we started to dream and a feeling of hope and excitement started to grow. A few days after that we founded @ZealynxSecurity and started a journey that I'm sure is going to last for very long time. I must admit that I kept for much longer a feeling of anger towards the company for making me feel as they did in the way they did, but at this stage I believe it is one of the best things that could have ever happened to me. Now it's been 6 months that I wake up every day excited to sit with my laptop to work and learn as much as I can and that I close the laptop feeling that I could continue for 8 more hours. I might not be the best in the web3 space at what I do yet, but I am sure there are not many people with more passion, dedication and plans to grow than I do. As I always say, I'm not in a hurry, I'm here for the long term, and I'm going to make sure I use the opportunity I have to place us at Zealynx as a Top Blockchain company. I hope that if anyone reading this finds himself/herself with the same situation I had, finds the courage that he/she has inside and turns this around as I did. The easy choice is to feel sad, say that everything is unfair and try to get another job. You need to fight those first thoughts and feelings, and start taking steps towards your real goal. I'm always a message away, I enjoy chatting with anyone in the space about anything connected with blockchain, web3 and auditing. So, just reach out to say hi.
Today is a turning point. I no longer have a 9 to 5 job!! It’s Web3 full-time now🔥🔥🔥🔥 It’s scary but extremely exciting. I finally have a chance to give it my full attention. After a year being only able to spend 2-4 hours daily on this I managed to ⭐️ Grow my brand with nearly 3K followers on Twitter and almost 1.5K Subscribers on YouTube. ⭐️ I had the chance to make private audits and help improve the security of a total of 6 different DeFi protocols. And had the luck to join forces with @Seecoalba, and start an exciting journey offering: ⭐️ Fuzzing and Formal Verification for Smart Contracts as a service to so far 2 protocols. ⭐️ Solidity Development where we’ve been implementing a Staking contract for an existing DAO. ⭐️ Solana development with a recently closed deal which we’re currently working on. ⭐️ Other amazing collaborations on the Web3 education side that I’m not able to share yet. And there’s so much more yet to come… And as always, I’ll do the best I can to share my learnings so I keep connecting with lots of great people and help them progress through their journey. Wish me luck and don’t be a stranger, reach out to chat anytime.

ALT Gogeta Dragon Ball Z GIF

22
11
162
9,345
MY NEW WEB3 SECURITY YOUTUBE CHANNEL 🥳🥳🥳🥳✨✨✨✨ I've finally taken the step. This is very new for me and it was stressful to finally start it. But here it is and it starts with a session of Smart Contract Shadow Audit of a @code4rena contest. piped.video/J0oX_9bPq64
14
23
157
17,459
If one of your goals is to start auditing Smart Contracts and you are planning to start with @code4rena, this is for you. Your report might not get accepted! It is important to understand how to write your Gas Optimization report. Let's go through the main points to consider🧵
10
33
152
17,552
Web3 Security Roadmap 2023⚡️🚀 Become a Smart Contract auditor with this FREE content This is a roadmap based on my personal path and improved by my experience. So that you can get to learn faster than I did. Ready to learn from the best in the web3 community? 🧵 👇
5
34
135
18,093
I'm beyond thrilled to announce my close collaboration with @UniswapFND team to write Uniswap v4 guides for the Official Documentation site Huge opportunity to work with the best and to learn about Uniswap v4 even more Check out my first released guide docs.uniswap.org/contracts/v…
11
8
141
8,259
Do you want to succeed as a Web3 Security Researcher? If you're new to auditing and you've seen how much money other people are making, don't take that as your motivation. Learn to enjoy improving your skills as a smart contract auditor. Be here for the long run!!
6
5
128
5,649
91% of the Introduction to Python and Vyper course from @CyfrinUpdraft completed!! Almost there. It is a nice intro to Vyper and Python, but also to blockchain and contracts in general.
11
6
136
6,384
LEARN RUST for Smart Contracts 🦀 Recently, I discovered that the demand for Rust smart contract developers and auditors is much higher than I expected, and since learning Rust has been rounding my mind for a while I decided it’s time to start. The approach I chose to learn @rustlang is not going step by step but I want to go all in directly to understand how to write and audit smart contracts. And since I have a Solidity background I decided that I would start by grabbing a Smart Contract written in Solidity and implementing it in Rust. I had a good experience learning in public as it encouraged me and others to keep pushing for more, so this time, I started to log every single step I took and every single thing I’d learned about smart contracts with Rust. I uploaded this video to my YT channel go ahead. WATCH IT and SUBSCRIBE for more 🔗Link to my YT channel on my profile's bio
I must say it’s pretty exciting to learn Rust by grabbing a Solidity Smart Contract and start converting it. I have to do a tone of research in what is the equivalent between them and how to properly write it in Rust. The good thing is that I’m writing down every single thing I’m learning in a way of journey more or less. I’m writing it as a draft in my Medium account. I’m actually wondering if there would be anyone interested if I would record a video every now and then going through my learnings… It would not be too fancy, but if you ever considered learning Rust, this will be helpful for sure. I’ll make it easy: If you like the idea, just write in the comments “I like the idea 💡” Otherwise, I’ll just keep it for myself.
8
26
129
18,878
You don’t need to be a genius to be a great security researcher. You need a sharp eye, relentless curiosity, and the patience to dig deeper than others.
3
11
128
5,030
Uniswap V4 is taking DeFi to the next level, and one key player in this evolution is ERC-6909. Let's dive into how this new standard helps reduce gas fees and streamline operations.
2
19
133
6,900
Want to level up your Web3 security skills? The Web3 Security Resources Hub is a treasure trove of curated tools, guides, and best practices. Perfect for auditors and developers alike. 👉 github.com github.com/Raiders0786/web3-…
2
20
126
5,307
Roadmap to become a Smart Contract auditor is now on my YouTube channel If you're just starting and want to follow a step-by-step guide to gain the right context of Blockchain and Web3 This is for you!!! 👉Link to channel on my profile bio 🔗
3
18
120
10,599
🚨 Are you unintentionally letting users bypass deposit limits by splitting their deposits into smaller amounts? ➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖ Context: When you set a cap on individual deposits (or even non‑deposit functions), checking only the amount submitted in a single transaction can be exploited. A malicious user can simply break up their deposit into multiple transactions to exceed the intended cap. ➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖ Example Vulnerable Code: ➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖ Mitigation: Maintain a cumulative record of each user’s deposits. For instance: ➖➖➖➖➖➖➖➖➖➖➖➖➖➖➖ Takeaway: Always consider cumulative state when enforcing limits. This small change can prevent attackers from circumventing deposit caps through multiple small deposits.
11
10
117
7,779
I'm feeling kind of overwhelmed. I am currently: - studying web3 sec - auditing - writing articles - being active on Twitter - and meanwhile handling my full-time job And I actually feel I'm not being really productive at any of those. I'm truly doing many things anyways, but the truth is I need to change something to be more productive. I have created a schedule in my calendar and will try to stick to it as much as possible from tomorrow! An important thing I have added for every day is a 45 minutes workout. I will keep you updated on this experience. How do you organize yourself to be the most productive? I'm curious and open to suggestions to any kind of app, routine, advice or anything that can help! LFG 🔥
32
6
112
13,865
My plan to become a good Solana Auditor in the next 2-3 months is: - Use the fact that in @ZealynxSecurity we have been intensively building some Solana projects for our clients - Start reading Solana Security resources (any recommendation?) - Read @0xcastle_chain reports 🙌
5
12
110
6,603
My Book collection for the next few months: - AMM maths - Advanced DeFi - Cryptography - Rust Hacking/Security What are you currently reading or planning to read?
13
12
112
10,056
Audit Audit Audit Audit Audit Audit Audit Audit Do you want to get more opportunities in Web3 Security? Audit more Do you want to get better at what you do? Audit more Do you want to be at the TOP of the leaderboard? Audit more ⏳
5
8
108
3,447
Are you learning how the EVM works? What if I tell you that learning about it can get you some $ by reporting some gas optimization issues? Check out these tips to save gas in your smart contracts and learn something new about how EVM works. medium.com/@bloqarl/solidity…
3
15
107
7,013
If you love Fuzzing with Foundry you should check how powerful is the Fuzzer with Echidna in Assertion Mode. In the second chapter of my Echidna tutorial on my YT channel, I am going through a few different ways you can execute Echidna in assertion mode to test your Smart Contracts. Go ahead and check out the video. You can find the playlist in my YT channel, 🔗 link in my profile bio.
2
16
107
6,471
a RED FLAG 🟥 while auditing a smart contract would be when... you know the code is using an Oracle to get a token's price Why? It can be exploited and cause a DoS attack! Let's continue in the thread, and I'll show you what to keep an eye on and how to avoid it.
7
12
98
11,605
No one becomes an expert in web3 security overnight. Study past hacks, practice on real projects, and immerse yourself in the community. Expertise is built one vulnerability at a time.
5
9
100
3,158
Want to understand the math behind bonding curves, staking and tokenomics? Then, you should read the book 📕 "Economics and Math of Token Engineering and DeFi" This book dives deep into the mechanics of DeFi and token engineering, helping you build and secure smarter systems
3
7
100
4,131
Become a Smart Contract Auditor. ⭐️ ⭐️ Where to start? Here is the material for your second week toward learning to hack Smart Contracts. Learn about Blockchain, DeFi, EVM and Solidity "How can I learn about Smart Contract Auditing from zero? Week 2" medium.com/@bloqarl/how-can-…
3
22
89
7,452
I learned yesterday something not too pleasant about Solana. I was trying to help a friend of mine find the code of the Solana program deployed for his dApp. At first, I thought that since in Etherscan you can always search for the contract's address and usually get to see the verified code of the contract it would be the same in Solscan... To my surprise, tracking addresses and finding information about Solana programs (smart contracts) is actually not possible in the way it is with Ethereum. In Solana if you have the Program ID, which would kind of be equivalent to the contract address in Ethereum, it leads to compiled bytecode, not the human-readable source code. So, even if we had the Token addresses, Program ID and other things we were not able to find more about it... 🤔🤔🤔🤔🤔🤔🤔🤔🤔🤔🤔🤔🤔 I wonder, since Solana is a Blockchain after all, why isn't its code public? Why can't you just search for a token address and have it lead you to the contract to verify if it's safe or if it does what it claims??
24
10
95
14,277
Shadow Auditing is one of the most convenient ways to improve your auditing skills. Why? - You're actually auditing a codebase - You're studying past contest reports Now... Would you like to study with me? I decided to record myself and start a series of videos Interested?
13
8
91
7,337
I'm proud to announce the launch of The Blockchainer Hub theblockchainerhub.xyz/ Besides enhancing Web3 Security by auditing smart contracts and Mastering DeFi by writing articles my goal is to build on-chain and this site is a step closer to that Here's what you'll find 🧵
21
12
90
13,461
Are you willing to learn Rust? but, finding it complicated to understand its syntax? In my next article & video, I will explain every part of every expression, while building an ERC-721, so that you gain confidence in recognizing what lines like this one are about. `from != Some(AccountId::from([0x0; 32]))` I am not only explaining what each part is but also giving you the equivalent of Solidity, so you will easily get to the 'ahaa' moment and learn at a higher pace.
7
10
86
7,532
Solidity devs: beware of ecrecover vulnerabilities in your smart contracts. ecrecover() can return the same signer address for different signatures, making your contracts susceptible to replay attacks. This isn't theoretical - it's a real issue that has affected way too many projects. Switch to libraries like OpenZeppelin's ECDSA that check signature uniqueness. Your users' security depends on it.
4
12
90
3,863
8 articles explaining DeFi protocols from their Smart Contracts... And I wrote them in not more than 2 months This is a work in progress of The Blockchainer Hub website. Any suggestion to increase this list? 🦄
I am creating TheBlockChainer hub website 💻 where I’m going to organize per topic all my articles. So far I’m splitting in: 🔹My journey 🔹Smart Contracts 🔹DeFi Protocols 🔹Web3 Security 🔹Roadmap This will make it more visible and accessible for everyone to read what interests you the most. Eventually, I will be sharing there my audit reports as well. I’m wondering what other type of information/material do you guys think would be interesting to share there. I’d tremendously appreciate any feedback! ♥️ 🙏🏼
9
17
83
13,301
The Swap routing guide is ready. I am grateful to work closely with @UniswapFND and @AtriumAcademy to also write the official docs for Uniswap v4 during 2025. This guide covers: • Setting up Universal Router for v4 swaps • Implementing proper command and action encoding • Configuring swap parameters • Executing swaps with the recommended patterns docs.uniswap.org/contracts/v…
I continue collaborating with @UniswapFND and @AtriumAcademy to write the official docs about Uniswap v4. Having the team review my guides is an honor and an incredible way of gaining a deep understanding. In this guide, we dive into the details of: - Custom accounting - Hook fees - Custom curves - Return deltas Let’s explore how these features work in Uniswap v4 docs.uniswap.org/contracts/v…
8
9
91
4,809
Learn how to test Smart Contracts with Echidna 🟢 New Video on my YT channel 🔴 I've decided to continue with my commitment to sharing my learnings. So, I've started a series of videos to show how to use Echidna. My idea is to create short videos with specific features of the tool. Stick around and you'll be learning as much as I do, but without the hours of research and struggle. Find the 🔗link to my YT channel on my profile bio! 👇👇👇👇👇👇👇👇👇👇👇👇👇👇👇 Let me know in the comments if you're interested in this content, otherwise, I might not continue.
5
13
88
5,153
I’m getting a car from my earnings on Web3 Security. Don’t miss this advice and you will as well. A few months back I wrote an article about the stage I found myself in and the current Web3 Security income sources I had. The goal was to speak about the importance of grinding in Web3 because even if you've only been learning for a few months, there are multiple ways you can get some extra money in your pocket. I have never experienced this before while learning anything else. medium.com/@bloqarl/im-getti…
12
4
91
5,836
And just like that, we won the Uniswap Hook Incubator Hackathon by @AtriumAcademy and @UniswapFND!! 🏆🏆🏆🏆🏆🏆🏆🏆🏆🏆 🪝🪝🪝🪝🪝🪝🪝🪝🪝🪝 🦄🦄🦄🦄🦄🦄🦄🦄🦄🦄 Congrats to the other two winning teams!
Uniswap Hook Incubator finalists @mevquant @Seecoalba @TheBlockChainer casually dropping a new uniswap math primer for hook blders everywhere at the end of their demo today github.com/scab24/univ4-risk…
14
6
94
8,628
If you want to improve as a security researcher, study past hacks. Recreate them, understand them, and ask yourself: ‘What would I have missed?’ That’s how you level up.
4
7
90
3,685
I must say it’s pretty exciting to learn Rust by grabbing a Solidity Smart Contract and start converting it. I have to do a tone of research in what is the equivalent between them and how to properly write it in Rust. The good thing is that I’m writing down every single thing I’m learning in a way of journey more or less. I’m writing it as a draft in my Medium account. I’m actually wondering if there would be anyone interested if I would record a video every now and then going through my learnings… It would not be too fancy, but if you ever considered learning Rust, this will be helpful for sure. I’ll make it easy: If you like the idea, just write in the comments “I like the idea 💡” Otherwise, I’ll just keep it for myself.
19
10
81
25,930
I'm humbled to have had the chance to Audit with @cyfrin team during these past 5 weeks. At the same time, I am proud of myself for the huge work I've put in and the amount of value I managed to bring, not only with critical issues found but with fuzz and invariant tests
Shout out to @TheBlockChainer who put in valuable work helping out on a Cyfrin private audit. This audit had a lot of tricky external integrations and @TheBlockChainer was a test writing machine helping us to get those integrations tested and finding some great bugs! 🫡
5
4
81
7,397
Less than a month ago I went all in on Web3 Security and co-founded @ZealynxSecurity While it is still concerning to not have fixed salary I can’t really complain of our first month payout. The potential of opportunities in Web3 is immense and I hope we get to do much better. So far we managed to get this payout by working in multiple projects for both Web3 Security and Solidity and Solana Development. I must say it is exciting although it requires a lot of focus and dedication. Ever since I am 100% in Web3 I’m consistently waking up at 6am even if I am sleeping less than 7 hours. I always said I’m here in Web3 for the long run, so it’s important to not get frustrated and to be consistent and improve every day. I am confident that with hard work more opportunities will come and I’ll stop calculating for how many months I have margin before starting to look again for a 9-5 job. This is just the beginning.
4
5
85
5,370
I've been pretty busy auditing during June and July: As independent auditor contractor: - 3 Audits with @PashovAuditGrp (2x Solidity and TypeScript) - 1 Audit with @Composable_Sec (Solidity) Under my own company @ZealynxSecurity: - 2 Audits through @immunefi Audits Program (2x Solidity) - 1 Audit from a lead from the ETHCC (Solidity) For now one more Dapp (TypeScript) Audit booked for first week of August.
8
4
94
5,804
Web3 security is a never-ending battle. The more you learn, the more you realize how much more there is to learn. Keep sharpening your skills—your knowledge compounds.
3
4
77
2,454
How long did it take me to start making money in Web3 Security? When you’re dedicated fully to learning something new for a professional career change, the money factor is often important. So, I would like to share my experience on how long it’s taken me to start making money since I got into Blockchain. ⚠️ I’m going to go through: 1⃣ My background 2⃣ When did I start to get involved with Blockchain? 3⃣ When did I actually start learning? 4⃣ When did I get into Solidity? 5⃣ When did I focus on Web3 Security? 6⃣ How long did it take me to make money and in which ways? ⚠️ 1⃣ My background Before starting to learn about Blockchain I had no past experience in web security and while I knew some programming languages, I was not a developer. I am a technical person and I have been working in a software-related job for the last 8 years. 2⃣ When did I start to get involved with Blockchain? Around 7 months ago I started to occasionally watch some YouTube videos about Blockchain. A bit later I started to read some books about Blockchain, in order to try to understand better what it is and if I actually like it. I was trying to understand if this is a career path that would work for me. 3⃣ When did I actually start learning? I joined a course to learn about Blockchain, Web3, and DeFi around 5 months ago, as a good friend of mine was a teacher there, and I knew I could trust her. It was live sessions 3 classes per week of 1–2 hours each. 4⃣ When did I get into Solidity? While participating in the course I did check things about Solidity but probably I can say I started actually learning Solidity with Patrick’s 32 hours course 4 months ago more or less. 5⃣ When did I focus on Web3 Security? So, I remember joining my first community on the Discord from @0xOwenThurm, where I found out more things about Web3 security. But it wasn’t until I joined a bit after the Smart Contract Hacking course from @RealJohnnyTime that I went all in with learning about smart contract hacking, attack vectors, Defi exploits and learning about auditing DeFi protocols. 6⃣ How long did it take me to make money and in which ways? Writing ✍️ So, a month after getting into the Smart Contract Hacking course, or also, 2 months ago I started to make some money from my articles on Medium. How? I have been sharing everything I learn, recommending material, and doing some tutorials on Medium. But also, I’ve been doing all that on Twitter where I‘ve reached 1000 followers in these past 2 months. Why are those followers important? The more audience, the more chance they read and share my articles. 🗒️ Auditing Smart Contracts 🔍 👀 After 3–4 weeks of learning about attack vectors, practicing smart contract hacking, and connecting with the Web3 community on Twitter and Discord, I decided to take the step and start participating in Code4rena public audits. 👨‍💻 First Course Ambassador Student 👨‍🎓 I was promoted as the first course ambassador student on the Smart Contract Hacking course which allowed me to start monetizing with my recommendations in articles and on Twitter. 📚 Consultations Being active on Twitter and Medium has allowed me to connect with very skilled and amazing people. And I have been fortunate enough to have the chance to help others and monetize from it as well. 📱 To sum up It took me 5 months of learning about Blockchain, Solidity, and DeFi until I got into Web3 Security. From the moment I started learning Web3 Security with the Smart Contract Hacking course it only took me one month to start making money. Of course, I combined the course with consuming a lot of different material from other fellow colleagues in the community and a lot of research on my own.
4
5
76
8,506
1/7 - Do you know how the UniswapV2Route smart contract works? Let's dive into its function `addLiquidity()`! Understanding how to add liquidity to a UniswapV2 pair can be quite complex. I'm here to make it easier for you Time to learn about @Uniswap DeFi protocol. Let's go
2
18
79
13,811
If you’re a Web3 Auditor or bug hunter, check out Awesome Web3 Security. It’s packed with tools and materials to help you spot vulnerabilities and keep projects safe. 📚 github.com github.com/Anugrahsr/Awesome…
1
10
76
2,402
I've just finished my first Solo Private Audit I've raised 4 Highs, 2 Mediums, and 3 Lows I feel satisfied but have some tiny bitter-sweet feelings I am under the impression that with more time I could have found more. Do you think audits should not be time-based?
12
6
73
8,745
Sunday morning: 🌅 - Woke up - Sat on bed with my phone - Opened the Github’s repo we’re auditing for a quick check - 30 minutes later, 2 High Vulnerabilities detected - Sent to my mate to run the PoC on the laptop and confirm - Vulnerabilities valid 🙌🏻 - Let’s start the day🫡
1
1
75
4,139
The best smart contract devs think like attackers. The best auditors think like architects. Security isn’t just about finding exploits—it’s about designing systems that are hard to break.
2
8
77
2,565
🌟 🌟 Learn about Smart Contract Auditing from zero! Week 3— Proof of Stake, Lending Protocols, Opcodes, Foundry… 🌟 🌟 medium.com/@bloqarl/learn-ab…
3
16
71
6,392
Is anyone interested in learning how to implement an NFT in Rust? I'm preparing an article, which will later become a YT video on my channel explaining every line from an ERC-721 built with ink! Would you like to be able to create one yourself or understand it properly to start auditing such contracts? By the way, let me know in the comments what you guys find more useful for learning: - The article - The video - Having both
12
6
71
3,493
I think I am not aware of how much some of my articles have helped devs and auditors since I wrote them.. In two days, I have come across 3 people who have found my articles (especially those from the beginning about Uniswap and Aave) very useful. I hope I can continue to help
1
1
65
2,996
Why do I audit Public Contests for as little as 1 hour per day? 1. LEARN. Above all, I plan for 2025 to keep improving my auditing skills by studying every single bug I miss in the contests 2. I make sure I do what I love, and what I'm good at every single day 3. Prove myself
2
1
71
3,286
THE FUZZING TUTORIAL NO ONE HAS EVER CREATED 🟧🟧🟧🟧🟧🟧🟧 Introduction to Fuzz Tests and Foundry 🟧🟧🟧🟧🟧🟧🟧 Now on my YT channel (link on my profile bio)
2
5
68
8,931
Who needs help creating PoCs to confirm their Audit finding? If you've got a High Vulnerability and you can't figure out the PoC implementation DM me! We will prove it right/wrong with Invariant tests with Echidna/Medusa/Foundry with Formal Verification with Halmos/Kontrol
6
8
68
6,855
🟧 Foundry Fuzz test challenge for beginners 🟧 Do you know why this foundry fuzz test works even if no one has funded the account that transfers ether? why does 'SafeTest' contract have a non-zero balance at the very start of testWithdraw()?? Shouldn't it be using "vm deal" to add some ether? 🧐🧐🧐🧐🧐🧐🧐🧐🧐🧐🧐🧐🧐 Give it a thought and try to find out! ➖➖➖➖➖➖➖➖➖➖➖➖➖ Keep reading to find out the answer from the Fuzzing God The unexpectedly high balance is due to the nature of how Foundry sets up the testing environment, particularly for contracts inheriting from forge-std/Test.sol. Here are some key points to consider: 🟠 Initial Balance in Foundry Tests: When you run tests using Foundry, each test contract is endowed with a large amount of Ether by default. This default behavior is part of Foundry's design to simplify the testing process. It ensures that the test contracts have sufficient funds for various operations without the need for explicit funding in each test. 🟠 Understanding the Balance: The balance 79228162514264337593543950335 seen in your logs is actually 2^96 - 1 Wei, which is a deliberately chosen high value. This large balance is intended to simulate a rich account, allowing you to test transactions and interactions without worrying about running out of Ether. 🟠 Implications for Testing: When writing tests, especially those that involve Ether transfers or balance assertions, it's essential to account for this initial endowment. Tests should be designed with the understanding that the test contract starts with this high balance. 🟠 Modifying the Test for Clarity: To make the test more explicit and clear about the initial conditions, you can log the initial balance at the start of the setUp() function. This will make it evident to anyone reading the test logs that the contract starts with a non-zero balance. 🟠 Further Considerations: If the default balance behavior is not desirable for a specific test scenario, you can manipulate the starting balance by using Foundry's cheat codes, like vm. deal(address(this), amount), to set a specific balance before the test begins. In summary, the non-zero balance is due to Foundry's testing environment setup. It's a feature, not a bug, designed to simplify testing scenarios but requires careful consideration when writing balance-related assertions in tests.
2
9
67
6,497
In January I had the opportunity to prove my worth as an auditor by joining @cyfrin for 5 weeks and went amazingly well. Now I have the next 2 weeks to prove my Smart Contract Auditing skills with @PashovAuditGrp I’m ready!

ALT Lord Of The Rings Ghost GIF

4
8
70
5,319
There we go! My first audit results from @code4rena are out! My QA report and low severity issues seemed to be successful! ✌️ From here, it can only get better!
17
1
68
5,067
It's officially been one year since I went full-time on Web3 and on building my own company @ZealynxSecurity It's been an incredible year of learning and enjoying working on what I love And not only that, but I managed to make x4 more $$ than I did before. We managed to have 30+ clients during this first year, some of them long-term collaborations. We have had the chance to help our clients: ⭐️ Secure the DeFi Protocol they love with our Audits ⭐️ Build the DeFi Protocols they love with our Solidity and Rust expertise ⭐️ Integrate our Uniswap hackathon's winning solution into a DeFi Protocol that trusts us I know that this second year is going to be even better, and the chance we have to continue to work and grow together with our partners will be a game-changer. This year is the time to grow as a company.
Today is a turning point. I no longer have a 9 to 5 job!! It’s Web3 full-time now🔥🔥🔥🔥 It’s scary but extremely exciting. I finally have a chance to give it my full attention. After a year being only able to spend 2-4 hours daily on this I managed to ⭐️ Grow my brand with nearly 3K followers on Twitter and almost 1.5K Subscribers on YouTube. ⭐️ I had the chance to make private audits and help improve the security of a total of 6 different DeFi protocols. And had the luck to join forces with @Seecoalba, and start an exciting journey offering: ⭐️ Fuzzing and Formal Verification for Smart Contracts as a service to so far 2 protocols. ⭐️ Solidity Development where we’ve been implementing a Staking contract for an existing DAO. ⭐️ Solana development with a recently closed deal which we’re currently working on. ⭐️ Other amazing collaborations on the Web3 education side that I’m not able to share yet. And there’s so much more yet to come… And as always, I’ll do the best I can to share my learnings so I keep connecting with lots of great people and help them progress through their journey. Wish me luck and don’t be a stranger, reach out to chat anytime.

ALT Gogeta Dragon Ball Z GIF

11
5
67
4,097
It is common to learn about existing DeFi protocols while auditing smart contracts of new ones. Now, if you understand the main existing ones prior to audit new protocols, you'll save time. "Aave-V3 — DeFi Protocol’s code explained. Part 1— Pool.sol" medium.com/@bloqarl/aave-v3-…
15
63
7,999
I don’t know which project took most of my energy today - The Audit that we’re doing - Learning about Impermanent Loss for the Uniswap hook we are going to develop for the hackathon - Taking care of my 7 months old daughter… Either way, cheers 🍻
3
3
64
2,930
Do you know how UniswapV2Route smart contract handles the swaps of tokens? 👀👀 Once I analyzed the code myself, I honestly understood the process in a much clearer way. I would like you to learn this as well Let's dive into its function swapExactTokensForTokens() Ready?
4
9
63
11,422
Incredible! I was astonished when I found out which High Severity Vulnerabilities paid best and which paid almost nothing. @KrisApost1 shared through the whole shadow audit a bunch of insights on what vulnerabilities are more important to spend time investigating. But then got even better when he shared the details of his payouts. It's super valuable to find out what is worth your time raising!! Reach out to my YT channel to find out!! 🔗link to my YT channel on my profile's bio 🔴
3
11
62
6,943
Follow these steps to earn $2 Million from a Security Review on Solana! 1. Find a Loss of Funds vulnerability on the Solana Labs Validator Client 2. Report it to @solana 3. No need to provide a mitigation 🫡
2
4
64
5,480
Last day of the second audit with @PashovAuditGrp! Today I woke up at 5 am to make sure I make the last sprint count. When you get such opportunities, you should embrace them and give your all in order to achieve the best results! GM and Good Week, everyone!
6
1
66
4,372
1/7 Did you know that Aave DeFi Protocol is one of the most forked Lending & Borrowing protocols? I'm going to summarize some of its main points you should know before analyzing its smart contracts in the following thread. Let's take a look at it together 🧵
6
15
62
8,045
Are you wondering if it is worth starting a career in Web3 Security? It's a tough way to master it, but is it worth it? Let me tell you how long it took me to start making money since I got into Blockchain and Smart Contracts. medium.com/@bloqarl/how-long…
2
9
65
8,636
Web3 security is built on collaboration, not isolation. Reminder for devs: Share your code early for peer reviews—don’t wait until audits. Reminder for auditors: Provide clear, actionable feedback to empower developers.
2
3
60
2,066
Auditing Smart Contracts is goddamn hard, but building and growing an audit firm is much harder. I’ve been trying to learn a lot about business lately and trying different things to help our company grow in visibility. Which means I’ve stopped doing some of the things that got us where we are now. I can’t say we’ve failed, because we’re doing much better than before, however, after some talks with friends and people during the ETHCC and hearing some feedback, it is time to go back at being more technical focused and less business oriented. What does it mean? It’s time for clearing the to-do list, stop managing people and things and get back to action. Time to auditing every day, maybe bug bounties? but for sure when we don’t have an audit from our clients, you’re going to find me auditing and researching. Hopefully, I can finally find the time and the way to communicate and provide as much value in form of posts or articles as I used to in the past. There’s no more delegating on that. There’s a lot to learn from the people that care to share genuine feedback, being that friends, co-founders or even people from the community. It’s worth to listen to that carefully, let it sink in and see how it feels. Then you’ll know what to do next.
5
2
62
3,332
⚠️ | High severity Web3 exploit | ⚠️ ERC20 allows the sender to increase its balance Checkout: - how to find this issue in the smart contract - how to report it to @code4rena - how to mitigate it and protect the DeFi Protocol
2
8
60
4,186
Smart Contract Hacking course Part 1 from @RealJohnnyTime finished: Was it worth to pay for it? Did I learn much? Since I started it, many things have changed in my feeling and involvement with Web3 security and auditing What I think of the course in the thread 🧵👇
7
4
60
9,833
‼️Having trouble receiving NFTs via safeTransferFrom? Your contract might be missing a critical interface. ➖➖➖➖➖➖➖➖➖➖➖➖➖ Context: When a contract receives an NFT through safeTransferFrom, it must implement the onERC721Received function. Without it, many wallets and contracts will reject the NFT transfer, causing unexpected failures. ➖➖➖➖➖➖➖➖➖➖➖➖➖ Example Vulnerable Code: ➖➖➖➖➖➖➖➖➖➖➖➖➖ Mitigation: Inherit from OpenZeppelin’s ERC721Holder, which implements the required function: ➖➖➖➖➖➖➖➖➖➖➖➖➖ Takeaway: Always implement ERC721Receiver functionality in contracts that need to hold NFTs. This simple inheritance can prevent unexpected NFT transfer failures.
8
9
63
4,129
I’m going to audit public contests every day in 2025.
4
3
60
2,549
Ready to learn Foundry once and for all!? It’s time to start increasing our chances of finding H/M severity issues in the next Web3 audit. We heard about Ripped Jesus from @PatrickAlphaC But now it's time to get real and tackle it with this guide. medium.com/@bloqarl/ripped-j…
2
10
57
3,910
It is here 🔥🔥🔥🔥 Uniswap V2 — Complete Guide to understand the DeFi Protocol from its code You will find: - Theory to understand main concepts - Uniswap Router and Factory contracts explained step by step through the code - Examples - A challenge medium.com/@bloqarl/uniswap-…
7
11
57
6,017
Uniswap V4 swaps: a playground for DeFi wizards or a minefield for the unprepared? Let's break it down simply: 🟣zeroToOne: swap Token0 for Token1 🟣oneToZero: swap Token1 for Token0 🟣exactInputForOutput: specify exact input amount 🟣exactOutputForInput: specify exact output amount Each type serves a unique purpose, combining them gives us 4 possible types of swaps, but misuse can lead to vulnerabilities. Wondering how to do that? Check out my latest deep dive. You'll learn not only how to implement the swaps, but also how to avoid expensive mistakes. "Implement Uniswap V4 swaps & Avoid Critical Mistakes" medium.com/@bloqarl/implemen… @AtriumAcademy @UniswapFND
8
58
1,952
I started boxing a month ago with a personal trainer to get in good shape. Never boxed before, but I’m enjoying every session. Is this an attempt to fit the “Web3 Martial Arts Security” team? 👀 Dunno 🤷🏽‍♂️ But, staying consistent with it is one of my goals for 2025 💪🏼
9
1
60
6,492
The best Web3 security researchers don’t just find bugs—they educate others on how to avoid them. Knowledge sharing is what makes the space stronger.
5
6
60
2,773
16 key questions about Uniswap V4 hooks, answered 🦄 After the first Workshop of the Uniswap Hooks Incubator, I've compiled the most insightful Q&As from our session. If you're curious about how hooks work and their impact on DeFi, this breakdown might be helpful Link below 👇
1
13
62
5,437
I continue collaborating with @UniswapFND and @AtriumAcademy to write the official docs about Uniswap v4. Having the team review my guides is an honor and an incredible way of gaining a deep understanding. In this guide, we dive into the details of: - Custom accounting - Hook fees - Custom curves - Return deltas Let’s explore how these features work in Uniswap v4 docs.uniswap.org/contracts/v…
I'm beyond thrilled to announce my close collaboration with @UniswapFND team to write Uniswap v4 guides for the Official Documentation site Huge opportunity to work with the best and to learn about Uniswap v4 even more Check out my first released guide docs.uniswap.org/contracts/v…
2
6
61
7,874
Would you like to know what helped me give a huge step into Web3 Security? Check it out on the forth part of learning about SC auditing “Week 4— Blockchain trilemma, Tokens, Mastering Ethereum.” medium.com/@bloqarl/learn-ab…
1
9
57
4,278
I have never had so much alpha connected to Private Audits in such a short chat!! Thanks a lot, @solidityauditor !!! It's been a pleasure. If you are interested in getting involved in private audits there is so much you will take from this. Go to my YT channel (🔗link on my profile bio) and find out how 33Audits handles it. Here are the topics covered: 🔴 Introduction 🔴 Process of getting private audits 🔴 How to get more audit requests? 🔴 How to quote a private audit? 🔴 Are you a solo auditor or collaborate with anyone? 🔴 What auditing approach works best for you? 🔴 How to handle client expectations? 🔴 Will private audits get more popular in the future? 🔴 How can we bring more security awareness to DeFi? 🔴 How to post on Twitter/X and YouTube as an auditor? 🔴 How to get hired by a DeFi protocol as a Security Researcher?
2
3
58
4,215
🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨 Is anyone performing private audits interested in providing long-term security to their clients by offering a complete testing campaign?? Or any developer who wants to make sure their project is free of bugs and safer from exploits? 🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨 We ("we", as @Seecoalba and me) are now ready to announce that... 🟣 We're ready to assist solo auditors and small auditor firms on their private audits, to increase their high-quality service, by providing their clients a Testing campaign that will, not only secure their protocol now but also in the long term. 🟣 Equally, we invite Solidity developers and DeFi protocols to reach out to us and benefit from having a solid test suite before sending your projects to audit. Why? This will save you money and at the same time will allow the auditors to focus on deeper parts of the code. HOW do we do that? For instance, for our next big project opportunity on Monday, we have this Action plan: 🟢 Focus on creating an effective set of Foundry Smart Contract tests which, with some modifications, 🟢 will allow us to adapt them to run the amazing Formal Verification tool Halmos 🟢 and without modifying anything we will make use of Mutation Testing with Vertigo🔥🔥🔥 🟢 Let's not forget with all this excitement that we'll also be creating Invariant tests with Echidna/Medusa... And in case it seems little testing resources, we're also: 🟢 Using ityFuzz for Symbolic execution testing 🟢 Using Kontrol for Formal Verification 🟢 Low-level testing with Pyrometer We're looking for opportunities (taking atm very little $$ for this service) to show how much value we can provide. If you want to take advantage, reach out and DM me here, on Discord or Telegram 🫡
1
8
58
5,497
Let's talk about Uniswap's slot0 and why it's the silent assassin in many smart contracts. Here's why it's a major security risk: 1/ slot0 contains the most recent price update for a pool. Seems great for real-time data, but... 2/ It's SUPER easy to manipulate. Flash loans can temporarily swing prices, fooling your contract. 3/ Where is slot0 often misused? • Price oracles: Devs use it as a quick price feed • Slippage calculations: On-chain calcs using slot0 are unreliable • Liquidity calculations: LP token minting based on manipulable data • Rebalancing mechanisms: Triggering actions on easily swayed prices 4/ How it's wrongly implemented: • Direct calls to IUniswapV3Pool(poolAddress).slot0() • Using returned sqrtPriceX96 for immediate price calculations • Basing critical decisions (swaps, mints, burns) on this single data point 5/ Real-world impact: • Users get fewer tokens than expected • Incorrect LP token minting • Triggering unnecessary rebalances • Draining protocol collateral via arbitrage 6/ We've seen this in multiple audits: • Real Wagmi: Manipulable LP token minting • Root Bridge Agent: Risky gas token swaps • Portico: Unreliable on-chain slippage calc • USSD: Vulnerable rebalancing mechanism 7/ How to fix? • Use Uniswap TWAP instead • Implement off-chain slippage calculations • Use multiple price sources • Add manipulation detection 8/ Remember: In DeFi, a single data point can be your downfall. Always consider how your price sources could be gamed. 9/ When auditing, look for: • Direct slot0 calls • Single-source price dependencies
1
11
60
3,965
The best security researchers are relentless learners. Each exploit you study, every contract you audit—it all compounds into expertise. The only shortcut in web3 security is consistent effort.
1
7
56
1,939
Why should you read my next article about @Spiral_DAO? 🤯 🤯 🤯 If you are an auditor, you might want to stay ahead of the rest before the next public contest on @immunefi and @HatsFinance. Read it now and save it. If you're a dev, before/while creating your DAO, make sure you consider some important points taking by example what Spiral DAO has followed. If you're learning Web3, make sure you read it and start getting familiar with DAOs, yield farming, and DeFi protocols.
1
18
53
7,555
I am super proud and happy that my articles are interesting and helpful for many people. I'm one of the top 5 writers out of 5.9K about blockchain development. And my article explaining @gravitaprotocol for @HatsFinance bug bounty is Trending in fourth place
8
5
55
4,044
Have you ever wondered why Uniswap uses this mysterious sqrtPriceX96? Why X96? It's not just to make your life difficult, I promise! They're Q64.96 numbers and they're crucial for precise calculations in DeFi. But here's the kicker - using them incorrectly can lead to some pretty nasty bugs. I've written this article to introduce them to you showcasing common security pitfalls that you should avoid next time you're implementing your UniswapV4 Hook. "Uniswap’s Q64.96 Explained: Essential Security Tips for Hook Developers" medium.com/@bloqarl/uniswaps…
2
8
57
3,383
Auditing tools experts use: - Foundry: Faster and quicker to write tests - CLOC: CLI utility that counts lines of code - Solidity Code Metrics: Gives report with files ordered in complexity Auditing expert's approach (where to start): 1. Clone repo 2. Read provided docs 3. ..🧵
Top Web3 Security Researcher Gives you his EXACT Audit Process | Damn Vulnerable DeFi creator Tincho piped.video/watch?v=A-T9F0an…
5
14
58
7,149
Understanding the UniswapV2 protocol is crucial Here is the Master Thread where you can finally understand the UniswapV2Route Smart Contract And start applying this knowledge the next time you audit a DEX DeFi protocols. - addLiquidity() - removeLiquidity() - swap()
5
9
52
5,569
How much do you know about the Universal Router on Uniswap v4? I'm writing a guide for the official documentation on Uniswap docs that will help you understand it, configure it, and use it next time you need it. 🦄
3
3
57
1,811
I need to take a step back. Now I know what my next steps are and what I should be focusing on. 🔶 Studying. In order to keep learning and filling the gaps I have in my auditing skills, I need to consume much more content from my go-to people. Do you want to know who they are? Keep reading. 🔶 Auditing. I can't just learn from videos or articles, so I have seen there are two interesting audits starting soon, so I plan to participate in at least one of them. 🔶 Writing. What happened with me writing articles? I know I haven't been active lately, but I have big plans. There is something happening in the background, I have not mentioned it yet, but soon I will tell you guys because it's quite a thing! ➖➖➖➖➖➖➖➖➖➖➖➖ SMART CONTRACT HACKING COURSE I have taken so much from it, I have learned so much with it, and silly me I haven't finished it yet. The good thing? I am lucky to still have the chance to benefit more from some of the lessons I have left. I am going to focus next on learning about: 🔻 DAO and Governance attacks 🔻 Oracle manipulation 🔻 Call Attacks I am sure I will be getting so much value from those videos, as always. 👇👇👇👇👇👇👇👇👇👇👇👇👇 If you haven't heard yet about the course, take a look at the topics covered because it's unique! It's helped me also a lot to be part of its community and to have direct contact with @RealJohnnyTime. I even participated in a private audit. And since I made my way up to an Ambassador student, I am also able to provide a $50 discount for you purchasing it through my referral smartcontractshacking.com/?r… 👆👆👆👆👆👆👆👆👆👆👆👆👆👆 ➖➖➖➖➖➖➖➖➖➖➖➖ OWEN THURM YOUTUBE CHANNEL Yesterday, I noticed a few valuable videos @0xOwenThurm published on his YouTube channel and I watched one of them I liked the structure he's chosen to explain it, so I totally recommend it. Also, I did consider writing a summary of his video as an article in order to interiorize the amount of information shared and to make sure it stays with me. The next video I want to watch is I come across Upgradable contracts constantly on audits and I have done some deeper research a few weeks ago during an audit, so, 40 minutes of upgradability content sounds very good. ➖➖➖➖➖➖➖➖➖➖➖➖ FOUNDRY COURSE (Lessons 12-15) I must admit it's my weak spot and I have to get so much more used to working with Foundry and using it during my audits. So, I will spend some pleasant time listening to @PatrickAlphaC, learning, and trying to apply in my next audits the new Foundry skills. ➖➖➖➖➖➖➖➖➖➖➖➖ Those are my go-to people to keep learning. Which are yours, guys? And what content are you currently consuming or planning to read/watch?
4
10
54
8,935
If you don’t have an online presence, you don’t exist in Web3. Share insights, post vulnerability breakdowns, and contribute to discussions. Clients trust auditors they see actively thinking about security.
1
3
57
1,636
1/9:🔒✨Attention auditors! Don't overlook this crucial step in upgradable contracts. Discover why reviewing constructors and initialize functions is crucial You can use your Solidity contracts with OpenZeppelin Upgrades without modifications... Wait, without any modification?
1
7
57
6,312
⁉️ Could tiny withdrawals be clogging your system? Learn how micro-withdrawals can lead to a denial-of-service attack. ➖➖➖➖➖➖➖➖➖➖➖➖➖ Context: If a withdrawal function does not enforce a minimum amount, an attacker can repeatedly request micro withdrawals—such as 10 units on a token with 1e18 decimals. These dust withdrawals can flood the system, exhausting gas limits and blocking legitimate users from withdrawing their funds. ➖➖➖➖➖➖➖➖➖➖➖➖➖ Example Vulnerable Code: For example, consider these functions: And: ➖➖➖➖➖➖➖➖➖➖➖➖➖ Mitigation: ✅ Minimum Withdrawal Threshold: Enforce a minimum withdrawal amount to prevent spamming with dust amounts. ✅ Rate Limits: Consider adding rate-limiting logic to restrict how frequently withdrawals can be made. ➖➖➖➖➖➖➖➖➖➖➖➖➖ Takeaway: A simple minimum withdrawal check can prevent attackers from clogging your system with micro-withdrawals, ensuring that legitimate users can access their funds without disruption.
8
9
58
4,216
Web3 founders are busy. If you want to land clients, make outreach simple and to the point. Show them an overlooked risk in their protocol, and they’ll pay attention.
2
2
53
3,170
As web3 grows, so does its complexity. The best way to keep up isn’t to learn everything—it’s to stay focused, learn deeply, and collaborate with others who complement your skills.
2
2
50
2,304
1/ 🧵 What is zkEVM? Let's dive into this exciting technology that combines zero-knowledge proofs with Ethereum Virtual Machine (EVM) to enhance privacy and scalability. 🔒🚀
5
15
52
7,205