Forwarded from Vladimir S. | Officer's Channel (officercia)
Have you ever wondered how auditors manage to keep track of all the records and notes?
Check out ⬇️
• x.com/xyz_remedy/status/1798437635154649564
#security #audit #offtopic
Check out ⬇️
• x.com/xyz_remedy/status/1798437635154649564
#security #audit #offtopic
X (formerly Twitter)
Remedy (@xyz_remedy) on X
Have you ever wondered how auditors manage to keep track of all the records and notes?
In fact, there are also some tricks (like @obsdmd ) & life-hacks involved. Mentalist @officer_cia was glad to teach us a number of interesting practices!
https://t.co/jsMzOG40Zk
In fact, there are also some tricks (like @obsdmd ) & life-hacks involved. Mentalist @officer_cia was glad to teach us a number of interesting practices!
https://t.co/jsMzOG40Zk
Forwarded from Vladimir S. | Officer's Channel (officercia)
WANTED Web3 researchers, authors, writers, and hunters!
Your one-of-a-kind opportunity to provide public value while increasing the number of people who read your writings. Please add them to our wiki.r.security, and let us work together to keep this place safe!❤️
#audit #web3
Your one-of-a-kind opportunity to provide public value while increasing the number of people who read your writings. Please add them to our wiki.r.security, and let us work together to keep this place safe!
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
WEB3 Vulnerapedia
Main Page
Forwarded from Vladimir S. | Officer's Channel (officercia)
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (officercia)
It’s influenced by codeQL and on-chain SemGrep and it works with deployed smart contracts. Although, we deal with source code as it offers you more information in contrast to bytecode!
It also already led to a critical bug disclosure to Nouns DAO and a $30k bounty reward!
Please apply: x.com/officer_cia/status/1818684266454093854?1
#audit #web3 #security
It also already led to a critical bug disclosure to Nouns DAO and a $30k bounty reward!
Please apply: x.com/officer_cia/status/1818684266454093854?1
#audit #web3 #security
Forwarded from Vladimir S. | Officer's Channel (officercia)
Glider queries can describe complex bugs and find matches on all live smart contracts within dozens of seconds!
You often ask us about real queries and use cases, and we have something to share👇
• https://x.com/xyz_remedy/status/1820768545615085946?s=46
#audit #web3
You often ask us about real queries and use cases, and we have something to share
• https://x.com/xyz_remedy/status/1820768545615085946?s=46
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Remedy (@xyz_remedy) on X
🔐 To catch such bugs, use a query ensuring all user inputs are validated against the signature hash. This prevents excluded inputs from allowing unintended logic execution, securing the contract’s behavior.
🔍 Example query to detect missing inputs in signature…
🔍 Example query to detect missing inputs in signature…
Forwarded from Vladimir S. | Officer's Channel (officercia)
Here’s an example we shared with our Community of how excluding certain user inputs from a hash message exploitation attack vector can be caught with Glider 👇
• https://x.com/elen__kay/status/1821125802949280062?s=46
Found this interesting👀 Join our Discord to learn more 🫡
#audit #web3
• https://x.com/elen__kay/status/1821125802949280062?s=46
Found this interesting
#audit #web3
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (officercia)
Remedy commits to Web3’s security by providing cutting-edge solutions and services, and we are eager to highlight our partner, LineaBuild.
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Looks like a great addition to Glider, WDYT about it? 🤔
• x.com/xyz_remedy/status/1828049001934962984?1
#audit #security
• x.com/xyz_remedy/status/1828049001934962984?1
#audit #security
Please open Telegram to view this post
VIEW IN TELEGRAM
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Glider - Scan the entire blockchain for bugs in less than 30 seconds.
This is first of its kind security solution used by the biggest enterprises, brought to the researchers' community for free!
• x.com/xyz_remedy/status/1835705209269432489
#audit #security
This is first of its kind security solution used by the biggest enterprises, brought to the researchers' community for free!
• x.com/xyz_remedy/status/1835705209269432489
#audit #security
X (formerly Twitter)
Remedy (@xyz_remedy) on X
We're releasing a redesigned Remedy - a community of Web3 security researchers.
The good news is that we've brought exceptional technologies to you for free🔥
Here is everything you need to know:
The good news is that we've brought exceptional technologies to you for free🔥
Here is everything you need to know:
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Try our glider tool! It’s worth it, I promise 👀
• https://x.com/_Parsely_/status/1836395286937190822?s
#audit #security
• https://x.com/_Parsely_/status/1836395286937190822?s
#audit #security
Please open Telegram to view this post
VIEW IN TELEGRAM
X (formerly Twitter)
Parsely (@_Parsely_) on X
Just logged onto Glider by @xyz_remedy , the latest UI updates are brilliant, (of course the backend engine is amazing too 😀). Great job by the team , Well done!
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
That’s an awesome guide!
• https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#audit #security #web3
• https://github.com/tpiliposian/not-awesome-web3-security-roadmap
#audit #security #web3
GitHub
GitHub - tpiliposian/not-awesome-web3-security-roadmap: Not so awesome Web3 Security Reasearcher roadmap by tpiliposian
Not so awesome Web3 Security Reasearcher roadmap by tpiliposian - tpiliposian/not-awesome-web3-security-roadmap
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Ready to elevate your Web3 bug bounty game? In this video, we’re diving into the Top 5 Tools for Web3 Security Researchers that every hacker and developer should know ⬇️
• https://youtu.be/zS9e8uIq_go?si=ZupuI6Y2pIZz1go-
• https://x.com/officer_cia/status/1859994004265554393?s=46
#audit #web3 #security
• https://youtu.be/zS9e8uIq_go?si=ZupuI6Y2pIZz1go-
• https://x.com/officer_cia/status/1859994004265554393?s=46
#audit #web3 #security
Please open Telegram to view this post
VIEW IN TELEGRAM
YouTube
Top 5 Essential Tools for Web3 Bug Bounty | Slither, Echidna, Mithril, Tenderly, and Glider
Ready to elevate your Web3 bug bounty game? In this video, we’re diving into the Top 5 Tools for Web3 Security Researchers that every hacker and developer should know. Whether you're just starting your journey or you're a seasoned pro, these tools will supercharge…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
In 2022 alone, cross-chain bridge attacks caused losses of $2 billion...
- 31 analyzed bridge attacks (2021–2023)
- 10 distinct attack types with code examples
- 12 vulnerabilities attackers exploit
Let’s dive in: https://x.com/bitfalls/status/1863976054010028470?s=46
#security #audit
- 31 analyzed bridge attacks (2021–2023)
- 10 distinct attack types with code examples
- 12 vulnerabilities attackers exploit
Let’s dive in: https://x.com/bitfalls/status/1863976054010028470?s=46
#security #audit
X (formerly Twitter)
Bruno.eth (build/ing) (@bitfalls) on X
Been looking at @xyz_remedy's list of bridge hacks and the attack vectors that led to them.
Let's dive in and learn how the @Agglayer would have prevented the loss of 1.6+ billion USD! 🔥
https://t.co/XyYBevIrAf
Let's dive in and learn how the @Agglayer would have prevented the loss of 1.6+ billion USD! 🔥
https://t.co/XyYBevIrAf
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
20,000 is on the table...
ibtcnetwork pays up to $20,000 for critical vulnerabilities in a decentralized, theft-proof wrapped Bitcoin protocol.
Here’s how to participate: https://r.xyz/bug-bounty/programs/ibtc
Tweet link: x.com/xyz_remedy/status/1867207959144534362
#bugbounty #security #audit
ibtcnetwork pays up to $20,000 for critical vulnerabilities in a decentralized, theft-proof wrapped Bitcoin protocol.
Here’s how to participate: https://r.xyz/bug-bounty/programs/ibtc
Tweet link: x.com/xyz_remedy/status/1867207959144534362
#bugbounty #security #audit
Remedy
Remedy | Bug Bounty - iBTC
dlcBTC is a safer wrapped Bitcoin utilizing Discreet Log Contracts (DLCs) to provide a theft-proof bridge to cross-chain DeFi. In contrast to other solutions, d
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
If you find a critical vulnerability in code audited by Hexens.io, we will pay 20K USD on top of your bug bounty.
We put our money where our mouth is.
We invite other audit firms to do the same.
🌀retweets welcomed
• x.com/hexen1337/status/1744789157220585886
#security #audit
We put our money where our mouth is.
We invite other audit firms to do the same.
🌀retweets welcomed
• x.com/hexen1337/status/1744789157220585886
#security #audit
X (formerly Twitter)
Sipan V'artagnan ⚖️⚡️ (@Hexen1337) on X
While we wait on @hexensio’s expert team to give a verdict on @IAm0x52 and @hoshiyari420’s reports, I want to let you know I’ll be sharing some thoughts tomorrow on what has turned out to be an interesting experiment on how audit firms can put their skin…
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
In the last 2.5 years, Hexens ran 130+ full-scope security reviews...
... finding 117 critical vulnerabilities (almost 1 per review)—worth billions!
Here’s a compiled list of our most remarkable findings in a megathread—every team must see: https://x.com/hexensio/status/1869357744928792934
#security #audit
... finding 117 critical vulnerabilities (almost 1 per review)—worth billions!
Here’s a compiled list of our most remarkable findings in a megathread—every team must see: https://x.com/hexensio/status/1869357744928792934
#security #audit
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
Check this out: https://officercia.mirror.xyz/dgKaZvBsP90fNc7YLtL-ibRIZYcbvTdtVPdmNoB6s_M
Lots of good infographics out there!
#web3 #security #audit
Lots of good infographics out there!
#web3 #security #audit
officercia.mirror.xyz
Web3 Security: In-Depth
It will be fascinating as we weigh the main drawbacks and benefits of current solutions from the perspectives of the project, the auditor, and bug bounty hunters!
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
The infamous DAO hack: $60M was lost in 2016...
Researchers have proposed Metamorphic Testing as a method to detect smart contract vulnerabilities with higher accuracy.
Here’s how it works, a thread:
• https://x.com/xyz_remedy/status/1871241639324172783
#security #audit
Researchers have proposed Metamorphic Testing as a method to detect smart contract vulnerabilities with higher accuracy.
Here’s how it works, a thread:
• https://x.com/xyz_remedy/status/1871241639324172783
#security #audit
X (formerly Twitter)
Remedy (@xyz_remedy) on X
The infamous DAO hack: $60M was lost in 2016...
Researchers have proposed Metamorphic Testing as a method to detect smart contract vulnerabilities with higher accuracy.
Here’s how it works 🧵:
Researchers have proposed Metamorphic Testing as a method to detect smart contract vulnerabilities with higher accuracy.
Here’s how it works 🧵:
Forwarded from Vladimir S. | Officer's Channel (Vladimir S. | officercia)
I’ve got an excellent audit proposal for you—don’t miss out. Slide into my DMs, let’s chat!
Details: https://x.com/officer_cia/status/1898940886324535610
#security #audit
Please open Telegram to view this post
VIEW IN TELEGRAM