nirlin.eth @0xnirlin Twitter profile

Pinned Tweet

nirlin.eth

2 months

Starting a smart contract audit today for a project with a Total Value Locked (TVL) over $20 million. The next target is $100 million. 🫡

5

0

46

Last Seen Profiles

@alonelover97

@pinkstarstorm

@wontonless

@InjectiveDoges

@nawalafunk

@JulietteMc96789

@shermsilly

@YukiTheYokai

@phdgezgin

@Tallowmere

@vtr250_chiyo

@wolfmother

@JilbobHot

@li4y8_

@PAACS_

@DietDrPenis

@Postalesdecampo

@bella_goms

@phac

@DrOscarCordonGT

@dem915boys

@NasarawaGovt

@Skywal1Thaddeus

@tomigol_

@xi_unique

@Themlka

@Teausoyrakilaf

@hijabjilbab1

@ysaaa_b

@GUBAHNYA

@RiggityRocket

@DwonSheina70355

@mybfhueningkai

@sphrr

@FIAFormulaE

@LMolganzoid

nirlin.eth

@0xnirlin

3 months

@gf_256 Agreed, also don't know if you noticed but the guy who posted this has built his own business around selling notion templates. He often shills such products.

1

0

258

nirlin.eth

@0xnirlin

5 months

I will be maintaining this list of public content that I am going through to master ZK security, comment down if you want access. Will be adding to it daily (only public content) This will include intuitive concepts, beginner to advanced mathematics, and DSLs (Halo, Circom,

114

9

141

nirlin.eth

@0xnirlin

5 months

Hey everyone, thrilled to share that I've secured a spot in the upcoming @yAcademyDAO ZK fellowship! 🚀 I genuinely believe that zero-knowledge (ZK) is going to be a game-changer in the innovation scene for the next few years. We're going to see a bunch of cool applications

26

4

128

nirlin.eth

@0xnirlin

5 months

POC be like

13

124

nirlin.eth

@0xnirlin

6 months

@TateNews_ Has someone just tried doing simple multiplication of 280k real world students paying $50 a month 😭😭

18

0

121

nirlin.eth

@0xnirlin

1 year

First audit and first win for me 🥹🙏

25

2

111

nirlin.eth

@0xnirlin

10 months

Highlights from july (best month so far): 1. Earned 5000$ + a month first time in my life. 2. 2 solo mediums, one on sherlock and one on c4. 3. 1 High with only one duplicate. 4. 7 mediums and 5 highs in total. Will work even harder this month. Time to get to 10K.

15

4

104

nirlin.eth

@0xnirlin

8 months

Beginners after getting 2 lows and 1 gas finding.

10

2

105

nirlin.eth

@0xnirlin

1 year

May beast mode auditing plan: 1. Read 2 reports daily 2. Audit contest 6-8 hour per day 3. Launch personal site for write ups 4. Become active on twitter 5. Dive deep into different classes of vulnerabilities 6. Learn about multiple EIP 7. Alot of caffeine and good 6-8 hour sleep

7

9

98

nirlin.eth

@0xnirlin

7 months

Based on true story.

8

5

93

nirlin.eth

@0xnirlin

1 year

Notebook is the auditing alpha.

10

7

92

nirlin.eth

@0xnirlin

18 days

6

3

92

nirlin.eth

@0xnirlin

26 days

nirlin.eth

@0xnirlin

28 days

I have been holding back on a meme for so long. I am gonna make a lot of enemies with this one. 💀

4

0

22

8

2

86

nirlin.eth

@0xnirlin

8 months

ZkSync will probably be marked as my last audit that i will actively participate in. So you may ask what is the next game plan than, I have few things in my mind. 1. First of all I will completely shift my main focus on bounty hunting full time, risk to reward ratio is far

9

3

74

nirlin.eth

@0xnirlin

6 months

Here is the POC for the @thirdweb bug disclosure It's a simplified ERC20 version that makes use of ERC2771 context and OpenZeppelin's Multicall. An attacker can do a bunch of things, e.g transfer anyone's tokens

GitHub - 0xnirlin/Thirdweb-Exploit-POC: Repositery to show case the recent thirdweb exploit that...

Repositery to show case the recent thirdweb exploit that raised due to using openzeppelin ERC2771 implementation with a multi call. - 0xnirlin/Thirdweb-Exploit-POC

github.com

4

14

77

nirlin.eth

@0xnirlin

1 month

🚨🚨 Breakdown of AI vs. Human Audit Competition Just Dropped. Details included: 1. What led to it? 2. Codebase that was audited. 3. Final reports. 4. What's next? Thanks to @0xDjangoOnChain for his time in managing everything.

14

11

71

nirlin.eth

@0xnirlin

7 months

Whats better than top5? Top 2

nirlin.eth

@0xnirlin

7 months

Manifesting another top 5 on sherlock 🤸

2

16

9

2

67

nirlin.eth

@0xnirlin

7 months

Wtf is Mercy and Frank, use Alice and Bob.

10

2

59

nirlin.eth

@0xnirlin

3 months

We are so back.

SHERLOCK

@sherlockdefi

3 months

Over $600,000 in rewards available over the next few weeks. Participate and help secure the next wave of defi protocols. Background credit:

5

3

37

3

6

59

nirlin.eth

@0xnirlin

4 months

Cmichael found 16 mediums while none of the other participants went over 4 mediums.

Cantina 🪐

@cantinaxyz

4 months

The official results from our competition with @MorphoLabs are in! Congratulations researchers, here are our top 3 placements: 🥇: @cmichelio - $91,166.87 🥈: @milotruck - $21,681.31 🥉: @J4X_98 - $17,919.95 If you placed, see Discord for your individual results card!

7

6

103

6

1

56

nirlin.eth

@0xnirlin

4 months

Ending the night with confirming a critical in a private audit I am doing right now. Probably one of the sneakiest finds I ever found that I stumbled upon just when I decided to move toward the next contract. If a user transfers their position NFT, all of his future swaps

3

56

nirlin.eth

@0xnirlin

14 days

I hate opening X these days. Literally zero value on auditor twitter lately. Everyone posting same shit 69th time in a row. And those who are looking here for alpha, it's not here. Nobody gonna tell you their alpha, go put some work.

8

3

55

nirlin.eth

@0xnirlin

3 months

Everyone is too excited to see this. But most will miss out on everything while chasing every contest; you simply can't chase everything. Here is what I would do if I had time to compete in contests right now. Pick one platform and keep grinding it, here are few advantages of

4

54

nirlin.eth

@0xnirlin

2 months

Somebody paid $10k to get this logged as the first medium in the audit report. ☠️

15

3

53

nirlin.eth

@0xnirlin

5 months

Guys I won 500K @xuwinniexu

winnie

@xuwinniexu

5 months

@0xnirlin @0xnevi @thepantherplus @10xhash @auditsea I am nirlni

1

16

4

0

53

nirlin.eth

@0xnirlin

4 months

3

2

52

nirlin.eth

@0xnirlin

3 months

You can't beat me in the security research game. You pay 50% in taxes. I pay 0.25%. I win.

10

1

51

nirlin.eth

@0xnirlin

3 months

How it's done: Find a bad audit report with @catscanaudit Open the codebase in vs code, find a bunch of bugs in 40 minutes. Report them to the founder out of goodwill. Receive a bounty (tokens + stables) and close a deal for their future products.

4

2

51

nirlin.eth

@0xnirlin

5 months

Zk security today is where solidity security was in 2017-2019, just budding.

7

48

nirlin.eth

@0xnirlin

6 months

Wanna be a top tier auditor? Import blood plasma of a top tier auditor from Bulgaria. It runs in their blood.

6

0

50

nirlin.eth

@0xnirlin

5 months

I hate all these accounts that share the same beginner content each week with different wording. Take one of the points from weird-erc20 or some other popular repo, and post it again and again on X week after week. I understand if new people entering the space are posting it

10

0

49

nirlin.eth

@0xnirlin

1 month

Find the bug 🐛 The transferWETH function will work fine on the mainnet but will always revert on @Blast_L2 💥 Can you find out why, or are you weak?

8

2

49

nirlin.eth

@0xnirlin

5 months

4

1

49

nirlin.eth

@0xnirlin

1 year

Submitted 6 highs, 2 medium and QA report for @rubicondefi on @code4rena . Hope that those get accepted, sbmitted foundry POC for all 4 highs. Will take rest for one day and start grinding back with ens contest. @lowkeykreepy really helped alot this time.

7

1

46

nirlin.eth

@0xnirlin

6 months

Every time I score a top 5 in the contest, I ask Patrick for fellowship/internship/whatever at @CyfrinAudits . Should I do it this time too? ☠️ Results for kelpDao on c4 are out. Gonna do it anyway.

5

0

47

nirlin.eth

@0xnirlin

6 months

Being partially asthmatic and overweight almost whole my life, I decided to make a positive change on November 26 last year. I weighed 220.46 pounds, and my resting heart rate was around 80-85. Fast forward a year, and I'm now at 184.74 pounds, lost 36 pounds, with a resting

6

0

47

nirlin.eth

@0xnirlin

23 days

If you are not auditing 16 hours a day, NGMI. Here is blueprint 👇 8 hours sleep. 4 hours of Solidity auditing.. 4 hours for Move auditing (you can do 16 hours of this alone too). 4 hours for Lua auditing. 4 hours for Rust auditing.

15

1

47

nirlin.eth

@0xnirlin

8 months

Become better smart contract security auditor by following 3 steps (based upon my personal experience) : 1. Stop reading each and every report, just read the reports for the contest you participated in and see what you missed, doing it for quite a time now. 2. Participate in

6

4

42

nirlin.eth

@0xnirlin

6 months

Took me 3 hours to write a POC for @thirdweb exploit. @catscanaudit has been found guilty in my POC 🔫🔫 Will post the link to the repo after pushing it.

4

2

41

nirlin.eth

@0xnirlin

3 months

You might have seen it coming. Formally announcing @9LivesLabs ! 9Lives Labs is a collaboration between myself ( @0xnirlin ) and @catscanaudit , is here to assist protocols with security of their smart contracts. Can you guess where the name came from? Initially, 9Lives Labs will

7

1

43

nirlin.eth

@0xnirlin

3 months

𝗠𝗮𝘅𝗶𝗺𝗶𝘇𝗶𝗻𝗴 𝗦𝗺𝗮𝗿𝘁 𝗖𝗼𝗻𝘁𝗿𝗮𝗰𝘁 𝗕𝘂𝗴𝘀 There's only one secret sauce to maximize the number of bugs you find in a smart contract, just one. Stare at the code for long hours after gaining the context. Getting the context as soon as possible is crucial;

8

3

42

nirlin.eth

@0xnirlin

7 months

1000 followers posting web3 security. Am i influencer now? Can i add DM for security audit in my name?😂😭 AMA

7

0

40

nirlin.eth

@0xnirlin

2 months

If you're feeling confident, I propose a challenge. I've recently audited two small contracts, each around 100 lines of code, and I'd like you to generate a report based on them. We can then compare your report with mine to gauge the quality tool. Do we have a deal?

Bunzz | Audit & Smart Contract Hub

@BunzzDev

2 months

Just like we thought, some people are quite skeptical about AI, to the point of almost having an allergic reaction. In our R&D phase, we too were questioning the precision of AI reports. But the revelation that thorough investigations into vulnerabilities and detailed code scans

3

1

7

10

1

39

nirlin.eth

@0xnirlin

4 months

Here we go, Making the list public, but here are some changes I made: 1. Instead of making a daily list, I will keep a weekly list, that I will update weekly each Monday. 2. In the list you will find many resources that I personally went through partially or fully, I am

nirlin.eth

@0xnirlin

5 months

I will be maintaining this list of public content that I am going through to master ZK security, comment down if you want access. Will be adding to it daily (only public content) This will include intuitive concepts, beginner to advanced mathematics, and DSLs (Halo, Circom,

114

9

141

6

2

40

nirlin.eth

@0xnirlin

6 months

Wait what ???

13

0

39

nirlin.eth

@0xnirlin

9 months

Another one. Top 6 Thanks @axelarcore for playing.

7

0

40

nirlin.eth

@0xnirlin

1 year

First audit on sherlock and about to submit 2 highs and 4 mediums. Hoping for the best 👾👾

5

1

38

nirlin.eth

@0xnirlin

6 months

Good night, Now I am officially a Halmos formal verification engineer

2

0

37

nirlin.eth

@0xnirlin

21 days

How much money code4rena made in 2023? October 2023 was C4's most profitable month, bringing in $685,789. This was also the month when ZKSync held its $1.1 million contest. Data is scraped from publically available sources and is based on the assumption that c4 takes a 30% cut

1

3

38

nirlin.eth

@0xnirlin

1 year

Made it to top 15 @Rubicon with @0xepley . Many more to come and have came a long way in my journey since this competition. Alhamdulillah.

10

0

36

nirlin.eth

@0xnirlin

4 months

Introduction | ZK Learning Resources

learn.0xparc.org

4

7

37

nirlin.eth

@0xnirlin

24 days

I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS I HATE WRITING AUDIT REPORTS

8

0

36

nirlin.eth

@0xnirlin

4 months

Have already seen multiple people asking here how to select a project for bounty hunting? I have asked this question to a bunch of people too. Read this article, which shares a very interesting insights on : 1. Types of auditors. 2. Types of bugs. 3. Types of protocols

1

3

36

nirlin.eth

@0xnirlin

5 months

Math is hard, but math is cool.

3

2

35

nirlin.eth

@0xnirlin

8 months

Sherlock good Code4rena good Codehawks good Hats good Immunefi good All doing good overall, you can disagree with few things but the net impact is positive.

1

0

35

nirlin.eth

@0xnirlin

3 months

Ramadan Mubarik.

5

0

36

nirlin.eth

@0xnirlin

4 months

4

0

35

nirlin.eth

@0xnirlin

5 months

Everyone and their mom knows solidity at this point tbh.

7

1

34

nirlin.eth

@0xnirlin

28 days

Want to find more bugs?🐛 Compiling a whole blog of such blast L2 related issues. Need an early draft? You can follow me and DM me, and I will add you to the notion page. Will be releasing it in the form of 2 part blog post series at some point in the future.

nirlin.eth

@0xnirlin

1 month

Find the bug 🐛 The transferWETH function will work fine on the mainnet but will always revert on @Blast_L2 💥 Can you find out why, or are you weak?

8

2

49

8

10

34

nirlin.eth

@0xnirlin

29 days

Announcing 💫 With the launch of 9Lives, I noticed a problem: Many auditors want to build their site, but either they don't know how or it is expensive and ROI is hard to justify. Now you can get one under $600 Let's talk about the ROI 👇

3

34

nirlin.eth

@0xnirlin

6 months

So simple bug that I am 90% sure will be duplicated 😭😭

3

0

32

nirlin.eth

@0xnirlin

1 month

Meanwhile their highs and mediums. Both AI bots missed two highs that could have led to funds being drained. Both of their highs are invalid. Both centralization risk and the fee can be set over 100% by the owner mediums are over-inflated. They only found one introduced bug

Bunzz | Audit & Smart Contract Hub

@BunzzDev

1 month

The audit results are finally in! Below are the numbers of vulnerabilities identified in each report. Comparing the contents of each reports should give you a clear picture of the differences between Human Audits and AI-Based Audits, including their pros&cons. Please take a close

0

1

8

2

33

nirlin.eth

@0xnirlin

7 months

Apart from few people, all the private audit reports that i have read so far are far inferior comperative to findings i see on competitive platforms. When there is no competition and no consequences of missing findings, quality drops for sure. Not every one is self accountable.

4

0

32

nirlin.eth

@0xnirlin

23 days

A smart contract audit of @juiceboxETH V4 has been achieved internally.

0

8

31

nirlin.eth

@0xnirlin

7 months

My uni fellows are taking a Blockchain elective this semester and all of them having a really hard time deploying this on the local genache node. See that transfer.

8

2

29

nirlin.eth

@0xnirlin

5 months

One thing to add, I got rejected thrice last year, so keep trying.

nirlin.eth

@0xnirlin

5 months

Hey everyone, thrilled to share that I've secured a spot in the upcoming @yAcademyDAO ZK fellowship! 🚀 I genuinely believe that zero-knowledge (ZK) is going to be a game-changer in the innovation scene for the next few years. We're going to see a bunch of cool applications

26

4

128

1

31

nirlin.eth

@0xnirlin

1 year

This resource by @yAcademyDAO really helped in understanding different kind of proxies and associated risks involved:

yAcademy Proxies Research

proxies.yacademy.dev

0

3

32

nirlin.eth

@0xnirlin

1 month

Bunzz is not an AI auditor any more guys, done and dusted 😎 They also forgot that the competition was about highs and mediums, and they missed all them. Get an organic, pure human-based smart contract audit that catches actual bugs from me. DM for audit.

Bunzz | Audit & Smart Contract Hub

@BunzzDev

1 month

As we officially stated on our landing page (), AI Tech-Stack is not yet perfect in detecting vulnerabilities derived from project-specific logic. Consequently, we offer Human Audits as an option for those seeking comprehensive scrutiny. As we’ve

0

3

4

3

31

nirlin.eth

@0xnirlin

1 month

Code4rena is becoming more like Sherlock Now? At least this is what I feel like from the recent updates from c4. 1. Star auditor league. 2. Ranking system 3. More rewards for the the highs and mediums and overall coverage. 3. Analysis, and gas reports gone, and only the top 3

10

1

31

nirlin.eth

@0xnirlin

4 months

Mac's battery life is crazy, never going back to windows.

7

0

32

nirlin.eth

@0xnirlin

1 year

1

2

31

nirlin.eth

@0xnirlin

3 months

Interesting story: A few days back I recommended somebody to go through @xiaoming9090 issues, those are real alphas, and the guy came back after an hour because he couldn't understand shit. Xiaoming always finds those hard edge cases.

Jack Sanford 🛡️

@jack__sanford

3 months

Imagine running an audit contest in this market without reserving top auditors

0

1

26

5

0

31

nirlin.eth

@0xnirlin

7 months

Going back home to my parents is the best feeling ever. See you all next week.

3

1

31

nirlin.eth

@0xnirlin

6 months

@code4rena 11 months for an audit is too short, please increase it to 11 years. A humble request by your very own warden. Thank you.

4

0

30

nirlin.eth

@0xnirlin

4 months

The auditing contest market right now feels like the early 2021 NFT market. I know it's an appalling comparison.

8

0

31

nirlin.eth

@0xnirlin

10 months

Another one, top 4 in unstoppable contest on @sherlockdefi . 3 accepted highs for this one

5

0

30

nirlin.eth

@0xnirlin

4 months

Diagraming is a waste of time, staring works better.

6

1

29

nirlin.eth

@0xnirlin

4 months

The thing about learning ZK is if you expect to do something in 2 hours, you may end up doing it in 2 days. Maybe more Anyway, I can now write basic ZK circuits in halo2 (Rust). Feels too good ngl. ⚰️⚰️

2

0

29

nirlin.eth

@0xnirlin

23 days

Alphas I am about to drop tomorrow, no one is ready for it. 1. The most effective tool to read whitepapers as a security auditor. 2. Where to get leads for your security auditing business? 3. What else?

1

0

29

nirlin.eth

@0xnirlin

1 year

Me at 1 Am spamming chainlink CCIP audit repo with comments. Don't be me.

1

28

nirlin.eth

@0xnirlin

3 months

@optimizoor @giraffe0x ser, you should try writing highly gas-optimized smart contracts.

1

0

29

nirlin.eth

@0xnirlin

6 months

@0xWeisss @KyberNetwork I don't think it's that simple, money makes one emotional, from a hacker's perspective, 30% will be always more lucrative than 10, 50% more lucrative than 30%, and 100% even better. Morality cannot be imposed by higher incentives, it is something you either have or you don't.

2

0

28

nirlin.eth

@0xnirlin

8 months

Just slid into @0xcuriousapple to ask about bug bounties and saw this message from months ago. Can't believe how far i have come, throw any codebase at me and it eventually makes sense.

9

0

28

nirlin.eth

@0xnirlin

25 days

Is it just me or winning contests doesn't grab that much attention now as much as it used to, unless it is something very big (upcoming blast contest result). Last year felt different. Now, when a new winner is announced, it's like, "Oh, okay," not as exciting as it used to be.

2

0

28

nirlin.eth

@0xnirlin

9 months

Sometimes I get lost so much in present and future worries that i forget how miserable I was just an year ago. Very overweight, depressed and very unsure. Fast forward an year, lost 35-40 pounds, mentally at my best, have stable source of income and forever grateful for the

5

0

28

nirlin.eth

@0xnirlin

3 months

No FUD, just work. This is gonna be a great year.

1

2

27

nirlin.eth

@0xnirlin

10 months

Started the tangible contest on c4. Anyone trying to understand ve(3,3) should definitely watch the following video. Best explanation among all the content i searched.

What is ve(3, 3) and how does it work?

Hear about what this new tokenomic design is and how it works. ve and (3, 3) mechanics explained in one video.If you enjoyed this video, please check out my ...

www.youtube.com

3

1

26

nirlin.eth

@0xnirlin

1 year

Two of my favorite type of vulnerabilities in any project are so easy to find and yet very few of the auditors find them just because they do not look deep enough. These two are :

1

27

nirlin.eth

@0xnirlin

20 days

Got featured in this week's @blockthreat newsletter 🫡 This gives me motivation to keep writing more technical stuff.

1

3

27

nirlin.eth

@0xnirlin

6 days

Someone put a lot of thought when writing this tutorial.

4

0

28

nirlin.eth

@0xnirlin

10 months

Its either no contest or all at once on both c4 and sherlock 🙂

4

0

26

nirlin.eth

@0xnirlin

8 months

Approaching 1000 followers just sharing my smart contract security journey and acheivements. Can I now officially add "Dm For Private Audit" in my name 😂

6

0

26

nirlin.eth

@0xnirlin

11 months

A while back I used to think that high achievers have some secret sauce, some wizardry that is unknown to general population. But later i realized there is nothing as such, it all about the number of hours put in. No one can tell you the alpha. Hard work is the alpha.

5

3

25

nirlin.eth

@0xnirlin

2 months

Update: @BunzzDev has agreed to participate, and in addition, @mafellows has expressed interest in taking on the same challenge with his AI audit tool. It will be fascinating to observe the performance of both tools in comparison to manual audits and against each other.

nirlin.eth

@0xnirlin

2 months

If you're feeling confident, I propose a challenge. I've recently audited two small contracts, each around 100 lines of code, and I'd like you to generate a report based on them. We can then compare your report with mine to gauge the quality tool. Do we have a deal?

10

1

39

8

2

24

nirlin.eth

@0xnirlin

4 months

I’m gonna give 50 random people who repost this and follow me 1 Zeta Coin for fun (the 50 Zeta I made from airdrop) I’ll pick the winners in 72 hours

1

10

20

nirlin.eth

@0xnirlin

4 months

It was a lie all along.

5

0

26

nirlin.eth

@0xnirlin

6 months

On my way to all the audit reports by @zachobront . Gotta copy his brain and work ethics. Guardians are next.

4

0

26

nirlin.eth

@0xnirlin

6 months

I suffered for years with debilitating anxiety & low amount of focus and bad academic performance. All of these were a result of only one problem, here is how I got better at focusing, studying long hours, and getting better at smart contract security. THREAD

5

0

25

nirlin.eth

@0xnirlin

6 months

@PatrickAlphaC @CyfrinAudits OMG!!! Here is my pitch: Let's wipe the slate clean on both code4rena and Sherlock and considering I have nothing to show, get me on probation for any amount of time you desire. I will come in each day and will try my very best and work hard and then you can decide to keep me

5

0

25