juancito
@0xJuancito🕵️♂️ Smart Contracts Auditor ⚔️ Validator @code4rena 🏹 Hunter @immunefi 🧪 Security Researcher
Similar User
@deadrosesxyz
@nohorbee
@iamdoomling
@goncy
@carlitox477
@JuaniGallo
@0xnirlin
@0kage_eth
@PeladoNerd
@FrontendCafe
@DevDacian
@AndreusCafe
@patomolina
@MajoLedes
@vickycharra
⚒️ I've just created a repository with observations and tips for auditing Solidity protocols on multiple EVM chains. It has examples and references from Ethereum, Optimism, Arbitrum, Polygon, BSC, zkSync Era and more. Let me know what you think! ❤️ github.com/0xJuancito/mul…
Nice Uni v3 integration issue! I've found a similar one some months ago You can easily alter the price of a v3 pool that has no liquidity, via a swap You can then even add single-sided liquidity to prevent anyone from correcting the price github.com/code-423n4/202…
How ✨I found a critical vulnerability✨ in @zora's ERC20Z contract via a little known Uniswap v3/v4 property When Zora put out this article: zora.co/writings/oncha… outlining their new protocol, I was intrigued and had to learn more From a high level, the system works by…
So basically - iszero(protocol) will always return false because string is a dynamic type so it ends up evaluating the pointer which will never be zero. - not() will always return true for 1 and 0 because it's a bitwise not operator, not a boolean not operator.
Biggest mistake I see junior security researchers do is chase the new shiny tech, they get nerdsniped Best strategy for growth as an auditor in most cases is to fully focus on one thing at a time and be great at it, one example is just Solidity DeFi codebases✌️
I just spent the past >month diving deep into Cairo 0 Here's everything I wish I knew before I started: necessary background, language setup and the best security resources out of the Cairo 0 ecosystem 🧵 Spoiler: they did their homework
I don't think I ever announced it, but @flexybridge is now a public good. Bridging is completely free for everyone. Help us spread the word if you feel called. Cheers 🍻
Here’s another small audit we did some time ago. It was an update with a small attack surface given some trusted actors, and good written code, so no major risks. Still managed to find some things to improve ✌️
Another security audit report published for @build_on_bob✌️ A tiny, quick, 3 days audit, but we still put in our best efforts into it. More security to come. Read the report below👇 github.com/pashov/audits/…
Are you building a cross-chain protocol on top of @hyperlane? Here is a security checklist that might come in handy. If you find the checklist useful. ❤️❤️❤️ Like and retweet to spread visibility. ⬇️⬇️⬇️
This was an audit we did some months ago and contains many cross-chain issues. Some in particular are related to the LayerZero integration: C-01, C-03, H-03, H-04, M-01, M-11, M-12, L-10
An audit report back from June was just published. This one had our auditors working extra hard, finding 15 Critical/High and 15 Medium severity vulnerabilities. Subsequent audit for the protocol was required🫡 Read the report below👇 github.com/pashov/audits/…
PoC of @lavalending exploit Lost: 1 USDC, 125795.6 cUSDC, 0,0067 WBTC, 2.25 WETH (~$130K USD) The attacker used: 5 Flash loans + price manipulation The twitter and telegram acc were deleted, the web is still up Tanks @0xNickLFranklin for the alert github.com/SunWeb3Sec/DeF…
PoC of @OnyxDAO exploit: github.com/SunWeb3Sec/DeF… 4.1M VUSD, 7.35M XCN, 5K DAI, 0.23 WBTC, 50K USDT (>$3.8M USD) This time was not EZ so far the most difficult to replicate The attacker used: Flash loan + price manipulation + fake market 5 contracts in total
PoC of @Bedrock_DeFi exploit 27.83925883 BTC (>$1.7M USD) This time was an EZ exploit I made two PoC: - Minimal: github.com/SunWeb3Sec/DeF… - And also a copy of the attacker tx Thanks @BeosinAlert and @CertiKAlert for the alerts
Uniswap Hook Incubator finalists @mevquant @Seecoalba @TheBlockChainer casually dropping a new uniswap math primer for hook blders everywhere at the end of their demo today github.com/scab24/univ4-r…
Damn this game is tough. I said I’d take the weekend to relax but I found myself trying to beat this one to 100% 😁
I have 0 PhDs and 7 ZK bug bounties 🤷♂️ Don’t let people convince you you can’t learn things.
waaaat you can decode and trace internal function calls with Foundry! I'd totally missed this
Have you already tried the --decode-internal flag? You can now also generate flamegraphs using it 😀 github.com/foundry-rs/fou…
This is my personal best chess performance of all time. Auditing helped in critical thinking perhaps? 😁
United States Trends
- 1. Jake Paul 1 Mn posts
- 2. #Arcane 188 B posts
- 3. Jayce 35,5 B posts
- 4. Serrano 244 B posts
- 5. Vander 10,8 B posts
- 6. maddie 15,6 B posts
- 7. Canelo 17,3 B posts
- 8. #HappySpecialStage 47,9 B posts
- 9. Jinx 91,2 B posts
- 10. #SaturdayVibes 2.067 posts
- 11. #NetflixFight 75,4 B posts
- 12. Logan 79,4 B posts
- 13. Isha 25,9 B posts
- 14. The Astronaut 21,1 B posts
- 15. Father Time 10,7 B posts
- 16. He's 58 29 B posts
- 17. Boxing 311 B posts
- 18. Super Tuna 13,1 B posts
- 19. #netflixcrash 16,9 B posts
- 20. ROBBED 101 B posts
Who to follow
-
deadrosesxyz
@deadrosesxyz -
Norberto (Norbi) Herz ⭐⭐⭐
@nohorbee -
Doomling
@iamdoomling -
goncy.tsx
@goncy -
carlitox477
@carlitox477 -
Juani Gallo
@JuaniGallo -
nirlin
@0xnirlin -
0kage.eth
@0kage_eth -
Pablo Fredrikson
@PeladoNerd -
FrontendCafé
@FrontendCafe -
Dacian
@DevDacian -
Andreus
@AndreusCafe -
Pato Molina
@patomolina -
Majo Ledesma
@MajoLedes -
sailor recruiter ✨
@vickycharra
Something went wrong.
Something went wrong.