weiss.eth @0xWeisss Twitter profile

Pinned Tweet

weiss.eth

@0xWeisss

9 months

When an 8 figure TVL protocol had a 1 month long audit from a "tier 1" firm and you find 10 issues post audit:

14

7

139

Last Seen Profiles

@CelinaMidd91028

@zaggrim

@878smokey

@RealRodrigoPolo

@easybeadzy

@Whateve13391950

@GreenGree37196

@ThinkShaadi

@Belimsadam28454

@slaywtw

@0311Marine11B20

@ms_ragez

@AlysonWill22615

@SinNombre142

@BurgenerKa19168

@Christo64959987

@Jeanyou06387297

@SanoussiIs71508

@qid_23

@dz3CiFg8L33vtJA

@houda_meme

@KillaBeez4ttack

@Kirmit_Arielle

@HippieBossy

@99Robots

@freaknfeet69

@ConserveKnight

@Deanna46947

@10Chigen

@kurosaki_sasori

@thereallisaann

@LearonStac13612

@kimberlyvogt95

@Optimus_Pirate

@dineshkumar_25

@GhazzyTV

weiss.eth

@0xWeisss

7 months

I am looking for a fullstack dev that wants to learn how to audit smart contracts. I will personally be your mentor and you will also be able to audit with me. I am looking for someone that already has experience with solidity/vyper and some EVM stuff. (No CS needed) If you

101

46

523

weiss.eth

@0xWeisss

6 months

Happy to share that I made it into @SpearbitDAO This was an important milestone for me :)

29

5

185

weiss.eth

@0xWeisss

1 year

The best alpha I gave on the auditing session is definitely: It scans all the source code from any ethereum smart contract to the point where you can search whatever piece of code you want. Hidden Gem.🤠 Specially useful for bug bounties

codeslaw

Search for verified smart contracts. Built by Electric Capital

www.codeslaw.app

6

24

167

weiss.eth

@0xWeisss

1 year

I made it big today. 6th position 6k USDC. Let me know if you want a write-up once the report it's out. The effort to the contest: 5-8hours, I do not remember exactly. Happy to be in the space🫡

25

9

160

weiss.eth

@0xWeisss

6 months

The @KyberNetwork hack raises some questions. - They had a somewhat strong security pipeline (~3 audits) - They paid a +1M bounty on the past Why they got exploited? They got ~9 figs in TVL but only a 200k max bounty on Immunefy (around 0.2% of their TVL) It is clear that

26

16

158

weiss.eth

@0xWeisss

1 year

Just released! Completed the article about bit-shifting and masking in yul, assembly. Hope it is useful for researchers or anyone that knows solidity:

Solidity and EVM: Bit Shifting and Masking in Assembly(YUL)

Note: If you are already an experienced dev/researcher, go directly to point 2 of the article!

medium.com

9

20

156

weiss.eth

@0xWeisss

9 months

Currently improving my fuzzing skills. These are some of the best resources I could find: - All about fuzzing from @vn_martinez_ - Fuzzing with echidna from @SpearbitDAO - Invariants with @agfviggiano .

Invariant Testing Workshop

https://x.com/agfviggianohttps://discord.gg/opensenseLearn how to write and test system properties for smart contracts with Antonio Viggiano in this workshop...

www.youtube.com

8

41

143

weiss.eth

@0xWeisss

9 months

To anyone that has had a bad experience with any project not paying, I encourage you to add it to: Let's make the list helpful for any researcher that wants to find a project where not to look at. If we bring no shame, this will continue to happen.

Bug Bounty Wall of Shame

A leaderboard of the projects who have rugged security researchers after they’ve found bugs in their code. Submit a PR to this page’s repo or email [email protected] to have your...

bug-bounty-wall-of-shame.github.io

usmann

@usmannk

9 months

Remember that projects can simply not pay, whitehat. Should I drop the writeup?

22

16

207

6

26

122

weiss.eth

@0xWeisss

8 months

Today is my 20th birthday😁 Some goals for next year: - Master the control of my mind. - Greatly impact any protocol I work with. - Enjoy more. No point in making money if you don't enjoy it. - Get closer to the 7fig/yr mark. - Continue learning from others and their mistakes.

26

2

121

weiss.eth

@0xWeisss

1 year

If you struggle to learn the EVM opcodes and how values are pushed to the stack and store in memory, definitely try: A playground to test your skills, learn and see the outputs of your operations🫡

EVM Codes

An Ethereum Virtual Machine Opcodes Interactive Reference

www.evm.codes

7

28

107

weiss.eth

@0xWeisss

1 year

4 am, casually doing my first audit in @code4rena Will posts results on how it has gone!

10

1

96

weiss.eth

@0xWeisss

4 months

What solo auditing an options protocol at 7am looks like 😃

8

3

94

weiss.eth

@0xWeisss

1 year

April auditing updates: - Performed 5 audits (4 private( 2 team, 2 solo), 1 public) - Joined @0xPaladinSec - Made ~$ 33,250

10

0

91

weiss.eth

@0xWeisss

1 year

Check out my article to learn about bit shifting and masking in assembly(Yul). It has been out for 2 months and it has over 1500 reads !

Solidity and EVM: Bit Shifting and Masking in Assembly(YUL)

Note: If you are already an experienced dev/researcher, go directly to point 2 of the article!

medium.com

3

19

88

weiss.eth

@0xWeisss

1 year

After reading tons and tons of reports and speaking from my experience in the auditing space, I strongly believe that the most reliable firms out there are: @SpearbitDAO @sherlockdefi @code4rena @0xPaladinSec @OpenZeppelin Super interesting (recent) firms with top

6

11

86

weiss.eth

@0xWeisss

3 months

So, you want to be a Lead Senior Watson in @sherlockdefi ? This is the best opportunity you will get in a while. Let me break it down for you. @tapioca_dao is running a 3-week contest in Sherlock starting on the 21st Feb. If you read Sherlocks docs about how points work: -

8

87

weiss.eth

@0xWeisss

1 year

If you are doing or planning to do @immunefi you should check out the following repo from @sayan_011 which includes write-ups from past researchers. Great resource!

GitHub - sayan011/Immunefi-bug-bounty-writeups-list: curation of all(most) immunefi bug bounty...

curation of all(most) immunefi bug bounty writeups I could find(till now) - sayan011/Immunefi-bug-bounty-writeups-list

github.com

4

14

84

weiss.eth

@0xWeisss

1 year

Link to the yt video of my auditing methodology where I explain and give tons of tips for smart contract auditing and bug hunting. It got very good reviews so it might be worth watching :) .

Smart Contract Auditing with 0xWeiss: Let's Audit Together!

https://twitter.com/0xWeisssIn this session, 0xWeiss provides valuable insights into his auditing process and the impressive content of his code analyses.

www.youtube.com

5

13

84

weiss.eth

@0xWeisss

1 year

We are so back. 1.3 M in contests. Imagine in the bullrun 😳

3

6

82

weiss.eth

@0xWeisss

7 months

I will start reaching out and updating everyone tonight! Best of luck.

weiss.eth

@0xWeisss

7 months

I am looking for a fullstack dev that wants to learn how to audit smart contracts. I will personally be your mentor and you will also be able to audit with me. I am looking for someone that already has experience with solidity/vyper and some EVM stuff. (No CS needed) If you

101

46

523

12

1

83

weiss.eth

@0xWeisss

3 months

I am giving away 1000$ of my own money to the top 3 solo findings that "save our a*s" in @tapioca_dao contest in @sherlockdefi and @code4rena I will rank the findings and the splits will go as follows: - 500$ - 300$ - 200$ Additionally, the top performers from both

10

78

weiss.eth

@0xWeisss

7 months

I have been too busy to tweet lately, some updates: - Have finished a 5 week private audit (~13k nsloc) - Moved to the UAE - Answered +600 DMs for the mentorship. (If you haven't been reached out yet, most likely you will get somehow selected) - @ambitfinance smart contracts

14

1

80

weiss.eth

@0xWeisss

1 year

Usually, I do not have time to do c4, but here is the last result: I only could dedicate 2 hours, but it seems like it was worth it. I found a solo finding which brought the reward amount up. Sometimes the bugs are in the least thought places

6

2

78

weiss.eth

@0xWeisss

7 months

Noticing all of your DMs and replies. Next steps: - I will leave 32 hours ish until I start reaching out to people. - All of you will get an answer from me - Will have a round of interviews with several selected people - Even if you are not selected for this specific

4

0

75

weiss.eth

@0xWeisss

1 year

I can't believe someone submitted the following bug 😂. "The entire codebase is one big bug". I would give him a valid solo high tbh

Met - Nothing in this project makes sense and it is useless. · Issue #59 · sherlock-audit/2023-03...

Met high Nothing in this project makes sense and it is useless. Summary The project only pretends to add safety to its operations by employing smart contracts. But these contracts bring zero additi...

github.com

15

5

79

weiss.eth

@0xWeisss

6 months

I am happy to start open sourcing the reports of some of my security reviews. The first report is from Lexer Markets V2. The codebase was around 13000nsloc and uncovered 49 issues. I would like to thank @0xkato for co-auditing with me. Please find the link to the report below.

11

76

weiss.eth

@0xWeisss

1 year

Tomorrow is the day. I will be auditing live in @opensensepw Almost 50 persons have signed up. I am going to give as many alphas as I can. - shortcuts, webistes, repos, databases, auditing process, resources, personal experiences... Are you going to lose it?

6

3

75

weiss.eth

@0xWeisss

1 year

I am very happy to announce that I will be speaking in the @summit_defi in Paris in July. See you all there 🫡

18

3

75

weiss.eth

@0xWeisss

7 months

This was me 🫡

Hats.Finance 🦇🔊

@HatsFinance

7 months

🎉 Kudos to the eagle-eyed White Hat owner of wallet 0xE...F92 for spotting a Low severity bug in @hoprnet Bug Bounty program! A big thanks to the HOPR team for their swift and responsible response. 🙌 🛡️ Check out the reward details here:

0

4

26

11

2

72

weiss.eth

@0xWeisss

1 month

And this is why you need a Security Researcher on your team. @tapioca_dao was the audit more packed with talent over all the other reviews by far. We had over 20 elite people audit our code between Sherlock and C4, when other protocols had maximum 1 elite guy, paying over 5

GiuseppeDeLaZara

@windhustler

1 month

Despite tens of competitive audits running at the beginning of March, the competition for @TapiocaDAO was cutthroat. Several elite SRs showed up, making the chances of scoring solos slimmer. The bet was finding a single solo H/M, and I'm proud to announce I found 6 solo Medium

42

5

158

2

7

71

weiss.eth

@0xWeisss

8 months

Just looked at my @opensensepw interview from May, 6000 views 😳 The amount of people that might onboard to the space from that video is exiting! It is a 1 hour + video of me expalining my auditing process and giving tons of tips. My process is not the

Smart Contract Auditing with 0xWeiss: Let's Audit Together!

https://twitter.com/0xWeisssIn this session, 0xWeiss provides valuable insights into his auditing process and the impressive content of his code analyses.

www.youtube.com

3

9

63

weiss.eth

@0xWeisss

1 year

Found a critical yesterday in @immunefi . Had the PoC working from the night before, but I was waiting to submit it because I was calculating the funds at risk w/ @DuneAnalytics . Last thing I noticed, project parched the vuln 4 hours prior. Not always you win😂🫡

7

1

65

weiss.eth

@0xWeisss

1 year

Thank you guys! We averaged 55 viewers and we arrived to 102 interested researchers. Means a lot. All the content will be uploaded to youtube. Also, on the coming days, I will be tweeting independently all the auditing alphas from the "interview" .

8

6

63

weiss.eth

@0xWeisss

11 months

If you are deploying/auditing any protocol in xDai, remember that tokens as WBTC, WETH and USDC have callbacks after transfers. Reeeeentranciessss

2

6

60

weiss.eth

@0xWeisss

1 year

If you want to learn about Zero Knowledge, I have never seen a better resource than ZKU. It is a free course 8 weeks long with assignments and all the material that you need to get the basics and a bit more.

1

10

59

weiss.eth

@0xWeisss

11 months

To audit and perform at the highest levels, you should keep a great balance between your body and mind. Loving that our industry is full of jacked auditors. Treat your body as you treat your mind. A video of me running a 2:00 800m when I was a semi-pro athlete:

5

3

59

weiss.eth

@0xWeisss

1 year

It's out! Just published my new article about RLP encoding. Useful to learn, for auditors, researchers, and developers. Due to the ongoing audit of zkSync, it is split into 3 parts, which will be released in a week. ENJOY🕵️‍♀️🫡. Btw, I am for hire, DM ;)

RLP ENCODING and ZkSync Era library review PART I

I am 0xWeiss, a security researcher, auditor, and Co-Founder. Let’s break RLP encoding !!!

medium.com

2

13

53

weiss.eth

@0xWeisss

1 year

In the field of auditing, it is very important to see how others audit too. It will allow you to create your own style and get to know some of the best practices. Therefore, I will be auditing live on May 8th in @opensensepw discord. Make sure to attend 😉

7

4

54

weiss.eth

@0xWeisss

10 months

Hope you enjoyed my talk 🫡🫡 Thanks for all the nice comments and support, this space is amazing.

Defi Security Summit

@summit_defi

10 months

Researchers/auditors are rarely at the development core of a DeFi protocol. @0xWeisss of @0xPaladinSec and @ambitfinance explains why they should be. Now on stage

4

5

28

2

53

weiss.eth

@0xWeisss

1 year

Happy to announce that my 1 hour auditing video just surpassed 1000 views on yt, more than doubling @opensensepw record. We will leave some months in the middle, but expect a second part in the future !! .

Smart Contract Auditing with 0xWeiss: Let's Audit Together!

https://twitter.com/0xWeisssIn this session, 0xWeiss provides valuable insights into his auditing process and the impressive content of his code analyses.

www.youtube.com

3

12

53

weiss.eth

@0xWeisss

8 months

We lost our job lads. The new LSR from ChatGPT3 is taking all our business. @ZKasino_io 💀

12

2

50

weiss.eth

@0xWeisss

5 months

I personally vouch for @nisedo_ He is very hard working and talented. Lots of success in 2024 🎉

nisedo

@nisedo_

5 months

only after completing a month long audit with a genius like @0xWeisss do you realize how much more there is to learn truly one of the most talented SR i know 🫡

3

0

50

0

1

48

weiss.eth

@0xWeisss

11 months

No news, no updates, just solely auditing. This is the best month of my career by far. Will keep you posted🫡

7

1

47

weiss.eth

@0xWeisss

10 months

Super busy working on auditing @ambitfinance codebase. It is one of the best designed protocols (with a security mindset) I have ever seen. This was also part of my talk in @summit_defi . We are focusing all our efforts on having a complete bulletproof protocol !

2

7

42

weiss.eth

@0xWeisss

1 month

Trying to find a sick dev to build a liquidation bot. (MEV experience would be appreciated). You know anyone anon?

9

3

47

weiss.eth

@0xWeisss

1 year

In 6 hours ish I am dropping a new alpha article about RLP encoding that standardizes the transfer of data between nodes. I've spent a week on this one, hope it is valuable for the space and people can learn from it. Understanding RLP encoding will be useful for @zksync audit 🕵️‍♀️

6

1

44

weiss.eth

@0xWeisss

3 months

To all the security people that know me. I would love to see you competing in @sherlockdefi and @code4rena starting on the 21st Feb. I will be on the lookout for the top spots 🫡

twMatt

@twMattt

3 months

Changing the game very very #soon , until then, hello @code4rena and @sherlockdefi white hats! All setup and ready to go thanks to the newest (and last pre-Genesis) core contributor to Tapioca, the security gigabrain- @0xWeisss

2

0

15

3

43

weiss.eth

@0xWeisss

1 year

Did not realize until yesterday. My articles made it to weekinethereum and securitypills newsletters 🤠. Proud of contributing and sharing knowledge in the space !

4

1

41

weiss.eth

@0xWeisss

1 year

Scored first in @0xOwenThurm 80 min auditor exam. 95/100 points. Not bad, keep working 🫡🕵️‍♀️

5

1

40

weiss.eth

@0xWeisss

1 year

Happy to announce that I am the private auditor from @ambitfinance . A very strong and talented team treating security as it should. Hoping that more protocols take their route of having independent researchers while the protocol is still in development. Will be updating 🫡

3

2

40

weiss.eth

@0xWeisss

10 months

Getting to @summit_defi late, as always. Nobody else to blame than the uber driver hahahah. We are in a tense discussion of who is better, Messi or Mbappe.

7

1

36

weiss.eth

@0xWeisss

4 months

Feels amazing to get great feedback. Do not be afraid to ask questions to the devs about the code you are reviewing, it will be more useful for both parties. Don't be afraid to look dumb.

2

1

33

weiss.eth

@0xWeisss

11 months

I will see you all there! Not anon no more :)

Defi Security Summit

@summit_defi

11 months

🎙️ Speaker Announcement! 🎉 Join us at the #DeFiSecuritySummit to hear @0xWeisss of @0xPaladinSec and @ambitfinance talk about “Importance of Auditors at the core of a DeFi protocol” Stay tuned for more updates on our lineup! 🌟 🌐 More info:

1

2

11

3

1

33

weiss.eth

@0xWeisss

11 months

Have been very busy the past 2 weeks. Btwn leading a contest and curr. doing a 3500 sloc priv. audit, I couldn't find time to tweet. I hope in the future I can show some of the reports :) Some nice stats from June: - 4 critics, 6 highs, 9 med - only a month left for @summit_defi

5

0

32

weiss.eth

@0xWeisss

1 year

Started my @huff_language vulns and bugs database. 3rd day of learning Huff, already felt in love.

2

32

weiss.eth

@0xWeisss

6 months

@0xnirlin @KyberNetwork The amount of exploits would diminish exponentially. Get 8M, be treated as a whitehat, get all the respect from the space (if wanted), have no legal issues. Get 10M and get tracked for "life". Not sure how many people would pick the second option, but it has to be pretty low.

3

0

31

weiss.eth

@0xWeisss

1 year

The biggest mistake I see while auditing with a team, especially with people you are not used to audit with, is trying to not sound stupid. To me, the best way to do it is to share anything that comes to your mind, even if it seems impossible. 🤠

2

1

30

weiss.eth

@0xWeisss

1 year

Anyone who believes or intends to do this, they have no clue about auditing. Chatgpt can catch nothing, might get couple re-entrancy's and overflows, not more. I hope the space doesn't fill up with bad AI reports. Also, for businesses, take care who you hire for priv audits.🫡🤠

3

2

29

weiss.eth

@0xWeisss

6 months

Epic crossover. @vn_martinez_

3

1

29

weiss.eth

@0xWeisss

1 year

I am constantly seeing a lot of security researchers not get paid by bug bounty projects with valid submissions. If something is not changing grey-hacking will increase exponentially. 🤷

4

0

28

weiss.eth

@0xWeisss

2 months

I can't remember the last day I went to sleep before 7am, this is the level of cooking. 🧑‍🍳

4

1

28

weiss.eth

@0xWeisss

9 months

+95% of protocols don't understand the game. eBTC does. This is how security has to be taken. Private audit => Firm => Public audit => Bounty If you raised funds, do not be cheap in security. At the end, you will pay more in bounties + less people will invest. Make the move.

eBTC | Get Paid to Borrow Bitcoin

@eBTCprotocol

9 months

Security Matters 🟣 With over a year of active development, bringing a immutable DeFi protocol to life while upholding the highest security standards is not an easy task. This is the security rigour the #eBTC protocol has gone through. 🧵

8

11

79

0

7

26

weiss.eth

@0xWeisss

3 months

There are 4000$ extra now to split between the best solo findings in the @tapioca_dao contests. Who will win them? 😉

twMatt

@twMattt

3 months

@0xWeisss @tapioca_dao @sherlockdefi @code4rena I will add another $2000 to the pot, Gray added $1000, so let’s go! Find them highs baby! Appreciate you all 🖤

0

1

12

4

5

24

weiss.eth

@0xWeisss

8 months

My new "solo audit" security reports have leveled up 👀 . Thoughts?

4

1

27

weiss.eth

@0xWeisss

4 months

I actually got this habit from @paladin_marco back then. It really makes you go through every line without "skipping because looks good or it is too complicated" even if boring to do.

nisedo

@nisedo_

4 months

one great thing i took from ultimate goat @0xWeisss is to comment every single line "On every line you go through add //ok as a comment at the end once you have reviewed even if boring, it makes you review every line to the dot" in complex parts of the code i often go one step

12

8

89

0

1

26

weiss.eth

@0xWeisss

5 months

Dev teams that get this, are dev teams that are going to make it. It is great working with @cainosullivan helping secure @ambitfinance contracts. Great times ahead.

Cain O'Sullivan

@cainosullivan

5 months

You need to leave your ego at the door and work with top quality auditors to help find the edge cases. Let's face it, auditors are a wierd bunch, but play an invaluable part in the development process. Can highly recommend @0xWeisss @0xPaladinSec and @GuardianAudits .

1

2

14

0

1

24

weiss.eth

@0xWeisss

1 year

If you struggle to find common bugs in smart contracts then, you should definitely check the following 2 websites: They are 2 databases where you can filter findings from c4 and sherlock.🕵️‍♀️

Solodit

Solodit is a platform that aggregates all findings from popular audit platforms.

solodit.xyz

1

8

26

weiss.eth

@0xWeisss

1 year

@WhaleChart False alegations. It was a sandwich attack, not Uniswaps issue. Maybe study what happened before tweeting?

1

25

weiss.eth

@0xWeisss

1 year

I have been preparing a super cool article about bit shifting and bit masking in assembly for the past week. I will release it at the latest tomorrow. Hope all of you get value from it. It will be free🕵️‍♀️🫡

1

2

24

weiss.eth

@0xWeisss

8 months

It didn't even take a day :)

weiss.eth

@0xWeisss

8 months

We lost our job lads. The new LSR from ChatGPT3 is taking all our business. @ZKasino_io 💀

12

2

50

3

1

23

weiss.eth

@0xWeisss

8 months

Independent researchers helping with time boxed fuzz testing engagements is a very helpful niche for our industry. Rn, the best 2 fuzzooors I know personally, are @agfviggiano and @vn_martinez_ . Let them/me know if you need their help !

Antonio Viggiano

@agfviggiano

8 months

I'm excited to finally share our key takeaways and best practices from 6 weeks of fuzzing @BadgerDAO 's @eBTCprotocol

8

22

127

0

3

23

weiss.eth

@0xWeisss

10 months

The economic growth of paris this weekend is going to be brutal. A bunch of auditooors with lack of sleep and paper copies of highlighted codebases are the ones to blame for it. 🤓😂

0

1

20

weiss.eth

@0xWeisss

9 months

@0xcuriousapple I respectfully disagree. imo security reviews are not only for the protocol. The goal is to signal all the potential threads and to build the most secure software possible. By history, admin keys/privileges have caused the worst losses in the space.

3

0

22

weiss.eth

@0xWeisss

1 year

Just hand-wrote the entire contracts bytecode. Why? Well, I want to master all Solidity opcodes, so I will decompile it by hand. Will post the decompiled solution !

5

0

21

weiss.eth

@0xWeisss

1 year

Auditing is definitely a space with tons of opportunities, but try to stick with 1 audit at a time. Never more than 3. The ROI on the long term will be much higher if you focus only in 1 codebase. 🫡

1

0

21

weiss.eth

@0xWeisss

2 months

Non-stop cooking by the Euler team🧑‍🍳

Euler Labs🛢️🇬🇧

@eulerfinance

2 months

$1,250,000 We're launching the largest audit competition in crypto history, with @cantinaxyz . Details 🧵

5

27

175

0

1

21

weiss.eth

@0xWeisss

1 year

Euler was hacked. Around 250M were sitting around and an estimate 190m were stolen. It seems like the attacker is blackhat due to a past exploit of a BSC project. Some room for thought: They had a bounty of 500k for a 250M. Roughly 0.2%. Will we see +20M bounties in the future?

1

20

weiss.eth

@0xWeisss

1 year

Made a ton of connections in web3 security lately, feeling the warm from the people. Best community ever🫡

4

0

18

weiss.eth

@0xWeisss

1 year

I have a brain database of helpful security posts that I found on Twitter. Once I see a vuln in the wild, I come back to re-read different resources. Accounts that posted big alfas: @gogoauditor And its signatures posts @pashovkrum And its resources to random technical posts

2

3

18

weiss.eth

@0xWeisss

9 months

Top article by a top assembloor. As he states, the article is not entry level. If you want to grasp the basic concepts first, check

Solidity and EVM: Bit Shifting and Masking in Assembly(YUL)

Note: If you are already an experienced dev/researcher, go directly to point 2 of the article!

medium.com

vnmrtz.eth

@vn_martinez_

9 months

Just published a deep dive into extreme EVM Bit Masking with a practical example, reject abstraction anon embrace assembly

5

22

104

0

2

16

weiss.eth

@0xWeisss

7 months

@ShieldifyAnon Signatures. If not signing correctly certain params you might be able to front-run, get the v,r,s values and add your address as receiver. Factories too, sometimes is good to add msg.sender as a salt value. Reward distributions, even though this might fit in the sandwich

1

0

16

weiss.eth

@0xWeisss

1 year

The proudness that you feel once you are assembling an audit report for a client and you go through all the issues that you encountered ...😁

1

0

17

weiss.eth

@0xWeisss

1 year

Got a bit scammed today. I submitted a critical vuln to a project in Immunefi. The vuln basically stole up to all the assets that any user supplied to the pool, so the impact was the highest. Threat🧵

12

2

13

weiss.eth

@0xWeisss

1 year

To anyone going. See you there🫡😁

Defi Security Summit

@summit_defi

1 year

Announcing the DeFi Security Summit 2023 in Paris, France! We're back with two full days of programming with top leaders & researchers in the DeFi security space, directly preceding @EthCC . Learn more: What you can expect 🧵👇

19

63

228

3

0

17

weiss.eth

@0xWeisss

6 months

Great working with the @HyacinthAudits guys and the @SybilSamurai team. Fun fact, the review was performed on my plane ride to Istanbul for TrustX as it was a ~80 nsloc scope.

Hyacinth 🪻

@HyacinthAudits

6 months

Happy Wednesday auditors! Come check out the latest audit report completed on our site! @0xWeisss completed the latest bounty on our platform and wrote an audit report for @SybilSamurai . You can check out the report here:

0

8

37

0

1

17

weiss.eth

@0xWeisss

9 months

Check out the security review of @wallchain_ . I audited this codebase with @paladin_marco back in May. 🫡

Wallchain

Wallchain gives web3 users cashback when they trade on DEXes.

paladinsec.co

2

1

13

weiss.eth

@0xWeisss

1 year

Be prepared, tomorrow it comes a thread on dynamic arrays and mappings and how they are stored. Basic concepts which are always good to remember 🧐

0

1

15

weiss.eth

@0xWeisss

1 year

Guess who started learning Huff? 🫡

1

0

15

weiss.eth

@0xWeisss

4 months

🧑‍🍳🧑‍🍳

Cantina 🪐

@cantinaxyz

4 months

Welcome to the largest competition in history with... @Blast_L2 🪐 💰 $1,200,000 USDC 🗓️ January 30th, 3:00 PM EST / 20:00 PM UTC 📍 Invite only. Don't have one? Details below:

248

344

470

0

15

weiss.eth

@0xWeisss

1 year

@pcaversaccio Nahh your prompt was incorrect. Try saying that he is samczun first, he will catch it. 😂

1

0

14

weiss.eth

@0xWeisss

3 months

Just getting started lads 🫡

Ambit Finance

@ambitfinance

3 months

Off the charts! We just hit $5M TVL.

8

15

108

2

1

14

weiss.eth

@0xWeisss

10 months

@rafatatay_ Move from home, alone, know no one, no distractions, just you and your laptop, that will work 😉

0

11

weiss.eth

@0xWeisss

8 months

@sherlockdefi @ZKasino_io Yeah, following with a Certik review 🤌

1

0

13

weiss.eth

@0xWeisss

10 months

@PaladinCharles @elonmusk The amount of fake arbitrum airdrops that I have been tagged in is close to type(uint256).max 😂

2

0

12

weiss.eth

@0xWeisss

1 year

Auditing Tip: Once you have to reference and link to the actual commit where you audited your contracts, just press "Y" on top of the GitHub file, and the "URL" will change and include the current commit 🫡

0

12

weiss.eth

@0xWeisss

5 months

@HollaWaldfee100 That's the pomodoro gang. I heard that they are on the 200k/mo range

3

0

12

weiss.eth

@0xWeisss

7 months

@gogotheauditor @paladin_marco @CharlesWangP If you combine Charles and Marco the chances of getting a solo high are the same ones as finding a crit in layer0. I audited a protocol with them last month and the only one that got solo high was Marco, humbling experience tbh haha

0

11

weiss.eth

@0xWeisss

1 year

@0xPaladinSec Disclaimer: Do not reference the upper tweet as something common. I would say this was the best month since I am into auditing, do not think that everyone makes the same, therefore, I will make the update every month, even if the stats are much lower than currently.

1

0

12

weiss.eth

@0xWeisss

11 months

@PaladinCharles Agree, I literally use slim to non DeFi, having seen so many stuff, the likelihood of a big protocol having an issue is worse imo than an extra 6% APY

2

0

10