Tenset Security @tenset_security Twitter profile

Pinned Tweet

Tenset Security

@tenset_security

11 months

🏆 Alpha Threads: Our Thread Hall of Fame! Dive into the best of smart contract auditing knowledge:

5

42

69

Last Seen Profiles

@SkibidiOfficial

@StirileProTV

@EmperorMoley

@nikocoliterus

@oldTOseries

@Mayntz

@NolanFossum

@HerdTheBuck

@TechProd_Arch

@TheReal_TWill

@ardvise

@tulsaJesus_

@SanderLoones

@cmichelio

@OG_Humble_One

@portalkatyperry

@nobletreeuk

@jantopicecuador

@Tamedamus

@3TL12md5RZvFiDQ

@DipnotY

@lilireinhart

@PanitiaPensi

@PeepshowTO

@Jrwynn2Wynn

@Slatsman

@velvetistired

@FosterWbball

@ursogoregous89

@TempleDietitian

@Laura_M_Groves

@albaberlin

@AlbertSamaha

@tfiZM4EHPk38U87

@PeopleBlockers

@weraax69

Tenset Security

@tenset_security

11 months

Ever feel like you're drowning in data? 🌊 Here's a practical tip: • Take 30 minutes daily to reflect on the information you've consumed. ✨ • Summarize it in your own words. 📝 • Review it at the end of the week. 🗓️ Watch your understanding skyrocket.

24

265

287

Tenset Security

@tenset_security

1 month

Delighted to announce we've successfully completed a comprehensive audit for @4catamoto 's smart contracts! Thrilled to be supporting the safety & reliability of new projects on the @BNBCHAIN as official security service providers.

11

60

194

Tenset Security

@tenset_security

11 months

100+ followers in just 2 days! 🚀 Your trust fuels our passion to deliver mind-blowing content. Here's to a fantastic web3 auditor and security researcher community. Stay tuned, it's gonna be EPIC! 💥🔍

88

98

126

Tenset Security

@tenset_security

6 months

Did you know auditors can get you hacked? But how? By recommending faulty code changes. Here is a story of how AstridFinance protocol lost nearly $190,000 by applying code changes recommended by auditors without a second thought and how you can avoid this happening to you.

57

81

128

Tenset Security

@tenset_security

3 months

Diving deep into the code of smart contracts feels like an adventure. 🚀 But here's the twist: The real treasure isn't in finding bugs (though important), it's in building a mindset within your team where security is as natural as breathing. 💨🔐

0

34

90

Tenset Security

@tenset_security

3 months

Imagine thinking your project is too small for hackers to notice. 🤔 Here's a hard truth: Hackers love the 'small fish' mentality. It makes their job easier.

2

31

83

Tenset Security

@tenset_security

7 days

We're proud to extend our support to the next 10 projects coming out from the CATAPULT. Memecoins deserve top notch security no less than defi projects 🔒

10

47

139

Tenset Security

@tenset_security

11 months

Just 4 days into this Twitter journey and we're already celebrating the next milestone - 1,000 followers. Thank you all 👉👈

Tenset Security

@tenset_security

11 months

Ĥ̸͎͈̤̇e̶̺̮͂͊ͅl̵̬̱̪̂ĺ̵̺͝o̶̤̚ ̸̟̝̝́w̵̳̃ơ̵̹̇͝ͅr̴̥̂l̷͚͛͆d̵͉͊̒

0

1

6

69

75

98

Tenset Security

@tenset_security

3 months

In the world of crypto, every detail matters. - An overlooked bug today can become a major vulnerability tomorrow. 🐛➡️🔓 - A single line of code can protect or expose millions. 💰🛡️ Make precision your best friend.

6

44

92

Tenset Security

@tenset_security

11 months

Taking the leap into auditing? Just remember: 📝 1️⃣ You don't have to learn everything at once. 😌 2️⃣ It's okay to Google things. 💻 3️⃣ Auditing projects is one of the best ways to learn. 🚀

86

59

88

Tenset Security

@tenset_security

11 months

People fail to invest in audits because they are skeptical about their importance. There are zero 'quick fixes' that work. Someone is proposing cheap solutions? Don't be a fool. Ensuring your contract's integrity requires diligence, so please approach it with that mindset.

104

59

86

Tenset Security

@tenset_security

3 months

Don't gamble with your crypto project's security: - Trust is not a strategy. 🚫🤝 - Hope is not a security protocol. 🚫🍀 Build a fortress, not just a fence. 🏰🛡️

0

22

75

Tenset Security

@tenset_security

3 months

Writing quality smart contracts is like preparing a gourmet meal 🍽️. - Fresh ingredients🥦 = updated code lines 💻. - Precise measurements⚖️ = thorough testing ✔️. - Innovative recipes📜 = unique architecture 🏛️. - A clean kitchen🧹 = organized dev environment 🖥️.

0

29

81

Tenset Security

@tenset_security

3 months

We’ve used Bulloak (an OpenSource smart contracts testing tool developed by @OpenZeppelin ’s engineer, @alexfertel ) extensively for the last few weeks. Results? 4 bug reports and 1 improvement suggestion 🫡

1

12

62

Tenset Security

@tenset_security

10 months

Legendary @adrianhetman gets on stage on Defi Security Summit in a few minutes to reveal the behind the scenes of Bug Bounty triaging. We'll be tweeting key takeaways live 👇

39

46

73

Tenset Security

@tenset_security

12 days

Delighted to announce we've successfully completed a comprehensive audit for @theluckylemu 's smart contracts!

4

19

76

Tenset Security

@tenset_security

3 months

There's a common myth that writing secure smart contracts is all about being a master coder. In reality, it's about understanding the bigger picture, foreseeing potential threats and instilling a culture of security throughout your team.

1

6

52

Tenset Security

@tenset_security

5 months

There's a dangerous myth out there that says: Small crypto projects don't need to worry about cybersecurity. The truth? Everyone is at risk. Cybersecurity should ALWAYS be a priority, regardless of your project's size or budget.

36

38

59

Tenset Security

@tenset_security

3 months

The most overlooked part of building a crypto project? It's the security-education of your team. Responsible development requires everyone on board. Don't just hire smart people. Hire smart AND security-minded people. 🧠🔒

1

14

55

Tenset Security

@tenset_security

8 months

If you are an auditor, accounting for every detail isn't just a part of your job. It's the very essence of it. Stay patient, stay focused. It all adds up in the end.

46

48

62

Tenset Security

@tenset_security

3 months

During a recent gas audit, we’ve helped a protocol lower gas cost of calling one of the methods from $650 to $73 on Ethereum. That’s 9 times cheaper🤯

3

20

56

Tenset Security

@tenset_security

3 months

Everyone knows tests are crucial to making your protocol secure. But few have clarity on the types of tests needed. Here is 7 types of tests your protocol needs:

3

24

61

Tenset Security

@tenset_security

3 months

It's not uncommon to see teams running a smart contract audit in a fuss just before launch. Bad move! Security should be a part of your development lifecycle from day one.

0

26

64

Tenset Security

@tenset_security

5 months

Wallet security is a critical concern in our reality. But what if your wallet has permissions in your smart contract? A compromised wallet means a compromised contract! Can we secure an admin role? Yes, we can! Multisignature spreads access across a few wallets, minimizing risks

42

55

Tenset Security

@tenset_security

3 months

While it's tempting to rush through development to meet deadlines, neglecting thorough testing can spell disaster. A well-tested smart contract is a safe contract. Make time for meticulous testing. 🛠️✔️

0

11

46

Tenset Security

@tenset_security

1 month

Excited to unveil our year-long collaboration with @NativMetaverse ! We are working hard to develop all technical aspects of their project, providing innovative solutions every step of the way. Stay tuned for more updates!

0

18

43

Tenset Security

@tenset_security

3 months

In the rush of deployment, many overlook the importance of a detailed documentation practice. Remember, thorough documentation is not just a formality; it's your first line of defense in ensuring continuity and security. 📖🛡️

0

15

51

Tenset Security

@tenset_security

5 months

Question: If we offered a ‘security guarantee’ would you trust us more? The truth is, even if we did, you shouldn’t. There's no such thing as ‘100% secure’. Security is a continuous process, not a one-time fix-it-all solution.

41

33

47

Tenset Security

@tenset_security

5 months

Amazed at how many people invest in a project without checking the security. Remember: If it's not safe, it's not a smart investment.

34

45

Tenset Security

@tenset_security

2 months

Is your smart contract ready for an audit? We’ve put together a useful checklist you can go through with your engineering team:

Is your smart contract ready for an audit? | Notion

Team

tenset.notion.site

1

15

44

Tenset Security

@tenset_security

2 months

Deploying smart contract upgrades though @safe with a Foundry script WHILE being able to write tests for that upgrade script on a mainnet fork is harder than it should be. Yet, it's essential for all projects with upgradeable smart contracts. We're dropping a guide soon.

0

19

34

Tenset Security

@tenset_security

5 months

The difference between a good project and a great one? The dedication to maintaining security post-launch. A project doesn't finish once it's live. It needs ongoing monitoring, evaluation and improvement.

31

28

43

Tenset Security

@tenset_security

3 months

Your dev team skipping test scripts and jumping straight to testnet transactions? A sign you need a new dev team.

1

10

28

Tenset Security

@tenset_security

2 months

The most neglected aspect in creating a cryptocurrency project? Teaching your team about security. Sustainable development needs the entire team's commitment.

1

10

32

Tenset Security

@tenset_security

8 months

The first thing we audit in a smart contract isn't the code - it's the documentation. If you can't explain it, you don't understand it.

28

46

Tenset Security

@tenset_security

8 months

Many companies write about hacks and post real-time exploit alerts. But you know what's not talked about enough? The good stuff. So we've decided to start the 'Last Week in Auditing' series where we talk about reports published last week with our notes from reading them 👇

28

30

44

Tenset Security

@tenset_security

1 month

Security is not always complicated multi-sig schemes, weeks-long audits, or elite hacker level opsec. Often simple things can help members of your community. Back to basics. Take care of fundamentals first.

0

9

44

Tenset Security

@tenset_security

2 months

If there is one thing differentiating great web3 dev teams from mediocre ones, it’s this: outstanding test practices. Unfortunately, writing tests tends to be cumbersome. This changes today:

2

15

41

Tenset Security

@tenset_security

3 months

There are two kinds of hackers who can compromise your project: 1) the ones who find vulnerabilities in your code and 2) those who exploit loopholes in your team's opsec practices. Make sure both doors are firmly shut.

1

8

45

Tenset Security

@tenset_security

2 months

A smart contract auditor walks into a bar and orders a beer. Orders 0 beers. Orders -1 beers. Orders a lizard. Tries leaving without paying. Satisfied, declares the bar ready. The first customer finishes their beer, and asks where the bathroom is. The bar explodes.

2

18

44

Tenset Security

@tenset_security

7 days

Here is our on-chain investigation on the recent happenings around @theluckylemu :

4

8

50

Tenset Security

@tenset_security

2 months

Nobody is immune

Trezor

@Trezor

2 months

🚨 Alert 🚨 We experienced a security incident on our X/Twitter account overnight, despite robust protections including a strong password and 2FA. We continue to investigate. Please remain vigilant and remember, Trezor will NEVER request funds or assets be sent to any address.

45

78

312

3

18

39

Tenset Security

@tenset_security

2 months

Foundry tip for getting familiar with a new codebase: Instead of jumping straight to the code, run 'forge doc --serve' and start there. Tells you a lot about a project and dev team quality fast.

0

3

20

Tenset Security

@tenset_security

5 months

Before implementing any security advice or recommendations, conduct thorough research! Not all suggestions are safe. Some of them are 'Trojan horses' that may compromise your project.

29

28

39

Tenset Security

@tenset_security

5 months

There is no set-it-and-forget-it solution in cybersecurity. It's not a one-time task but a continuous process of education, adjustments, and refinements.

30

28

37

Tenset Security

@tenset_security

2 months

💩 devs: ・little to no tests ・no documentation ・'invariants, what’s that?' 🥷 devs: ・expample-based tests, branching tree technique, fork tests, fuzzing, invariant tests ・code and documentation go hand in hand ・invariants-first approach

1

16

34

Tenset Security

@tenset_security

11 months

Sometimes it's the small things that make a big difference in security: • Check inputs • Use try-catch blocks • Limit and validate user data • Keep dependencies up-to-date • Test invariants What other small things do you always check? 🧐

0

7

31

Tenset Security

@tenset_security

11 months

Function parameters matter as much as logic 🔍🧠 ✅ Check these off your list: 🔹Safe bounds validation 🔐 🔹Zero-value parameter impact ⚠️ 🔹Reduced-size types? No gas savings here! 💸 Scrutinize every detail for secure smart contracts 🕵️‍♂️

0

6

27

Tenset Security

@tenset_security

11 months

The importance of code review: 🔍 Catching bugs early ✅ Maintaining the quality of code 👥 Creating a collaborative environment 🧠 Continuous learning and improvement Never underestimate a thorough review!

0

7

25

Tenset Security

@tenset_security

2 months

An entire tech twitter: unfixable bug in Apple processors 😱 Smart contract devs:

0

10

23

Tenset Security

@tenset_security

11 months

Did you know? 💡 @AlgoFoundation will double your bug bounty on chosen Algorand projects on @immunefi $200k -> $400k 💰 Sounds like an opportunity to go outside your comfort zone and engage in some juicy hunting 🕵️‍♂️🔍

2

0

25

Tenset Security

@tenset_security

11 months

Bug bounty hunting: you need to be right once. Auditing: you need to be right every time.

0

2

25

Tenset Security

@tenset_security

11 months

I often hear that if you want to excel in the field of cybersecurity, you need to be an expert programmer. Here's some news: You don't. You need to understand how code works, true. But being a cybersecurity guru does not entail you becoming a programming wizard.

1

25

Tenset Security

@tenset_security

11 months

When it comes to smart contract security, learning is key 🔑: 1. Dive deep into the code 2. Learn from past vulnerabilities 3. Collaborate with other security experts 4. Share your knowledge Together, we make the ecosystem safer for everyone 🌐🔐

0

4

23

Tenset Security

@tenset_security

11 months

Handling Arrays in Solidity? 🧠 Master these 5 must-know questions: 1. Empty array - now what? 🤔 2. Duplicates - problems? ❓ 3. Zero values - handled? ✔️ 4. Arrays, varied lengths - strategy? 🛠️ 5. Infinite size - prepared? 💪 Watch for malicious inputs! 🚫

0

6

25

Tenset Security

@tenset_security

7 months

Last week (October 2- 8) 18 reports were published, we've made notes on all of them. For link to all our notes from all past weeks like this post and follow us.

1

24

Tenset Security

@tenset_security

2 months

Imagine being an honest dev from North Korea.

2

10

22

Tenset Security

@tenset_security

11 months

It's not about knowing the most in this industry. It's about being willing to learn more everyday. Never stop being curious.

1

24

Tenset Security

@tenset_security

11 months

Anatomy of a meticulous audit: 1. Laser focus 🎯 2. Bulletproof analysis 🛡️ 3. Patience of a saint 🙏 Master these, and let the audit magic happen ✨ What's your secret to deep work?

0

8

23

Tenset Security

@tenset_security

11 months

Did you know? 🤔 Solidity's `bytes32` is a more gas-efficient alternative to strings in certain cases. Consider using it when string length is fixed and operations are limited to equality checks. Save those Gwei! 💰

0

3

23

Tenset Security

@tenset_security

11 months

If a smart contract is compromised, the effect can be catastrophic. Remember: Code is Law. But what happens when there are bugs in the law? The blockchain community must continue to invest in code quality, security and transparency.

1

4

23

Tenset Security

@tenset_security

11 months

🔍 Audit like a pro! Function modifiers matter: 1. public → external 🌐 2. private → internal 📦 3. Payable or not? 💰 4. Overwritable? (virtual) 🔁 5. Missing modifiers? (onlyOwner) 🔐 Get it right, stay confident! 🚀

0

6

20

Tenset Security

@tenset_security

7 months

In cybersecurity, it's not just about the knowledge. It's about the mindset. Think defensively. Understand the attacker's perspective. Constantly ask, How can this be breached? Don't just build walls, anticipate attacks.

0

4

22

Tenset Security

@tenset_security

11 months

The Cybersecurity industry is rapidly evolving with new technologies, attacks and countermeasures. But what remains CONSTANT? - Attacker's motivation - Basic Principles of Security - Importance of Security Controls Sticking to basics is the key.

0

21

Tenset Security

@tenset_security

7 months

The art of smart contract auditing is more than just finding reentrancy vulnerabilities, integer underflows/overflows, or front running attacks. It's about understanding the entire business model, reviewing docs/specs and communicating effectively with the team.

0

2

21

Tenset Security

@tenset_security

11 months

Ever felt the euphoria of bug hunting? 🐞🔍 Gotcha moments - that's what we live for!

0

5

20

Tenset Security

@tenset_security

11 months

The key to mastering Solidity? 🔑 Understand the EVM 💻, learn by building projects 🛠️ and reviewing others' code 🔍. Then, experiment with best practices 📚 and stay updated on new releases 🚀

0

2

22

Tenset Security

@tenset_security

4 months

You've created a crypto project and life's good. Until one day, you discover someone has assumed a role with certain permissions in your protocol. Is all hope lost? Not necessarily. Things could have been manageable if there was a way to pause the contract or revoke the hacker's

2

4

21

Tenset Security

@tenset_security

8 months

You know you've been in the crypto game long enough when you start referring to money as 'fiat' in everyday conversations

1

20

Tenset Security

@tenset_security

11 months

Did you know? 🤔 The most valuable skill you'll develop in the cybersecurity field is persistence 🔒. Never give up, and keep pushing your boundaries to learn more, grow stronger, and ultimately become an expert 💪.

0

5

21

Tenset Security

@tenset_security

11 months

👀 Here are some questions to ask yourself when auditing state variables in Solidity 🧵 ・Can it be constant? 🤔 ・Can it be immutable? 🧊 ・Is the visibility explicitly set? 👓 ・Can it be internal? 🤫 ・Are there any unused variables? 🤔

1

6

21

Tenset Security

@tenset_security

11 months

2

3

21

Tenset Security

@tenset_security

11 months

When you think you've learned everything about web3... just remember, there's a whole world of protocols, tools, and concepts out there waiting to be discovered! Keep learning. Keep exploring. Stay curious. 🌐🚀

0

4

20

Tenset Security

@tenset_security

8 months

A new series of 'Last Week in Auditing' from September 25 - October 1 is now available. Last week, 16 reports were published, and we've made notes on all of them.👇👇

5

2

18

Tenset Security

@tenset_security

8 months

CyberSecurity is more than just a skill or career. It's a mindset, a culture. It's about knowing how to keep yourself and others safe in this ever-growing digital world.

0

1

19

Tenset Security

@tenset_security

7 months

In the software industry, you’ve got to stay nimble. That means continuously learning new technologies and adapting. What are you learning right now?

0

18

Tenset Security

@tenset_security

9 months

Some lifehacks for writing secure Solidity code: - Keep your contracts as simple as possible - Use the latest version of Solidity - Write tests, lots of them - Avoid reusing the same variable multiple times. - And most importantly, get your smart contracts audited.

0

2

18

Tenset Security

@tenset_security

8 months

Security is a process, not a state. Always push for continuous improvement!

0

1

19

Tenset Security

@tenset_security

9 months

The security game is unjust. You have to protect against all scenarios. An attacker has to find only one exploit. This asymmetry will always haunt the world built on technology.

0

2

17

Tenset Security

@tenset_security

9 months

Smart contract auditing should be a methodical process. 1️⃣ Understand the project. 2️⃣ Manually review the code. 3️⃣ Run automated analysis tools. 4️⃣ Test for common vulnerabilities. 5️⃣ Review the test suite and coverage. 6️

0

6

18

Tenset Security

@tenset_security

7 months

Good auditors explain vulnerabilities using industry jargon. Great auditors explain complex ideas simply.

0

1

17

Tenset Security

@tenset_security

7 months

Vital to invest in web3 security, but do we know what it really means? • Secure architecture • Vulnerability management • Threat intelligence • Audits • Incident response

3

1

17

Tenset Security

@tenset_security

10 months

Imagine having the power to shape the internet 🌐 as we know it, to transform it into a more open and decentralized network. This is what blockchain enthusiasts and developers are doing every single day. A standing ovation for them 👏

1

0

18

Tenset Security

@tenset_security

1 month

@4catamoto @BNBCHAIN You can find the audit report here

audits/catamoto-token.pdf at main · tenset-security/audits

security audits by Tenset Security. Contribute to tenset-security/audits development by creating an account on GitHub.

github.com

0

1

17

Tenset Security

@tenset_security

9 months

Biggest misconception about smart contract audits: It's not someone pouring over your code on a Friday night finding all the bugs. It's an intricate process where we become intimately familiar with your project, how it works, and where things could go wrong.

0

2

17

Tenset Security

@tenset_security

7 months

Always remember: a public blockchain isn’t the answer to everything. Some data needs to be private, some does not need to be permanent.

1

16

Tenset Security

@tenset_security

11 months

⚠️ Watch out for DoS traps! 🕵️‍♂️ Unexpected reverts can lurk when checking balanceOf(). Put your safety first: 1️⃣ Examine the code closely 2️⃣ Watch for hidden reverts Don't let sneaky bugs ruin your audit! 🚫🐛 Stay vigilant, stay secure. 🔒

0

6

16

Tenset Security

@tenset_security

10 months

After a long day of crypto auditing, you might find it therapeutic to disconnect from technology and observe the world around you. The digital world is fascinating, but nature reigns supreme 🌱

2

1

16

Tenset Security

@tenset_security

11 months

Fuzzers are magic bug printers ✨

0

1

17

Tenset Security

@tenset_security

10 months

The most important skill in Cybersecurity? Learning how to learn. Once you have this skill, you can pick up anything new in no time. And in a field that's ever-changing like Cybersecurity, this skill is absolutely vital. Learn it and use it.

0

16

Tenset Security

@tenset_security

11 months

Writing your internal audit report? Remember this key point: Make it SPECIFIC! Giving vague observations won't help anyone. The more specific you are, the easier it will be for your reader to understand what action they need to take.

1

16

Tenset Security

@tenset_security

11 months

My 5 Web3 development essentials: 1. Solidity & smart contracts 2. Decentralized app (dApp) frameworks 3. Wallet integrations 4. Oracles & data providers 5. DeFi protocols Stay ahead of the curve 🌐💡

0

2

15

Tenset Security

@tenset_security

8 months

Not all vulnerabilities are bugs, and not all bugs are vulnerabilities. Bugs can lead to vulnerabilities, but sometimes the coding is not flawed, its the design, implementation or configuration that leaves it exposed.

0

16

Tenset Security

@tenset_security

11 months

Sleep, audit, repeat

0

1

15

Tenset Security

@tenset_security

11 months

The three essential strategies for DeFi security: 1. Internal assessments & audits 2. Bug bounties 3. Continuous monitoring & threat detection Diligence never ends; keep the defenses strong 💪

0

1

16

Tenset Security

@tenset_security

8 months

Prediction: Security will be the MAIN focus of tech industry this decade.

0

2

15

Tenset Security

@tenset_security

11 months

📚 'Deep Work' by Cal Newport is a bestselling productivity powerhouse. Here are 7 key lessons that will make you a top-tier smart contract auditor:

1

2

16

Tenset Security

@tenset_security

7 months

Get the basic right! If you want to catch those sneaky bugs: 1. Read the code carefully 2. Use the right tools 3. Understand the complex parts deeply 4. Take breaks and return with a fresh mind Remember, there's no shortcut to mastering a skill.

0

1

16

Tenset Security

@tenset_security

7 months

Without a security expert from day one, your project is a ticking time-bomb. Do it right or don't do it at all.

1

2

15