Mackenzie MacKenzie 🛠️️ @0xMackenzieM Twitter profile

Last Seen Profiles

@josepsburner

@vesselspillow

@dohungviet

@chrsgrrtt

@Q_261

@SamAbiBoise

@abul65045

@suimineru

@Thisissanwalji

@CooperBeck16

@yokoikenji

@kamaniyaw

@The_realThonyX

@SedenAnlar

@camujic

@LGA287

@isaackels_

@DsiClaudio

@xSqntyx

@guim_coelho

@po_7t4

@STRCycling

@ChloeShea5741

@yasinaldemiir

@AMARIEBL

@ooaelude

@SpBaystars

@albaverges

@nking

@PunkTerezi

@sabwsalh367

@nojellyno

@plopjs

@Kamal91321958

@AhmedRQ8

@MinliBTS

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Here's my top 5 resources to help you become a 10x web3 security researcher: 1. @pashovkrum 's auditing repo 2. Posts from @pashovkrum 3. Curated resources retweeted by @pashovkrum 4. @pashovkrum 's interviews with @andyfeili 5. My DMs with @pashovkrum

chrisdior.eth

@chrisdior777

1 year

Here are 5 resources that I use to improve my smart contract auditing skills daily: Retweet to spread the knowledge 🫡 1. Twitter posts by @pashovkrum and @bytes032 2. Code4rena past audit reports 3. Articles about every little problem that I am not aware of 4. @pashovkrum ' s

4

25

104

9

27

134

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 years

Excited to be joining @immunefi serving as Hacker Success. Web3's in a huge spot to define its future for the better and it feels good to be part of that. Let's get whitehats recognized for their essential role, and treated and payed accordingly! Hoo-rah! 🫡💪

7

8

87

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

Top contest auditors often DM me “I want to start doing bug bounties but idk where to start, what’s your advice?” Time for a short thread 🧵 1/4

3

13

88

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

#MackenziesPicks Every week I'm going to put together a list of some of the most interesting Bug Bounties on @immunefi , with details about why they’re cool and worth you looking at. It'll have something for every skill level & tech stack. Read & Retweet if you like it: 🧵👇

5

18

77

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Do you want to see a feed of all bug reports submitted on @immunefi ? @BeanstalkFarms has this! You can check out all the bug reports they've received (Confirmed & Closed) right here:

Bug Reports

A bug bounty program with Immunefi was launched on October 11, 2022. This bug bounty program is focused on the Beanstalk smart contracts and preventing the loss of Farmers’ assets within Beanstalk...

community.bean.money

6

15

71

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Another step for more transparent BBPs. Putting @h0wlu out of business 😉 Check out the updates that've already begun

Immunefi

@immunefi

1 year

Today, we're introducing transparency about project pauses and removals from Immunefi. All pauses and removals will be posted in the #bbp -updates channel on our Discord. For more information about how this works, see our Help Center article.

9

13

81

11

6

68

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

#MackenziesPicks Bug Bounties on @immunefi with Recently Updated Assets. This means fresh code that other bughunters haven't seen yet! To follow updates closely you can follow the "bbp-updates" announcements channel on @immunefi 's Discord. Read & if you like it Retweet: 🧵👇

1

11

61

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

This is what @immunefi 's leaderboard looks like now. What features would you want to add to it if you could have everything you want?

13

1

54

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 months

Starting July 17th, Immunefi will have as many running contests as all other platforms combined Yipee-Kay-Yay! This is an open challenge to get more contests launched 😎

7

5

57

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Just listened to the interview of @0xmonsoon by @mis4nthr0pic . I was suprised by just how impressive Monsoon is! A few quick notes from the vid 🧵👇:

1

12

51

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I'm starting to think I need to make a list of all the rookie whitehats I'm meeting on here so I can @ you all whenever I see a bug bounty which would be good for a beginner to test their skills on 🤔

23

2

49

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

7 months

2000 followers. Woah. The greatest privilege of doing Hacker Success at @immunefi has been getting to know so many amazing SRs and so many new faces to the web3sec scene Thanks guys and girl.

4

3

49

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

#BugBountyUpdates I've compiled the most interesting bug bounty updates on @immunefi for you from the last week. This is a new thread I'll be doing weekly. It'll have new assets in-scope, updated code, increased bounties, and other goodies That said, Let's Begin 🧵👇:

1

6

39

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

The #43 Whitehat on @immunefi explains his process for finding bugs.

merkle_bonsai

@merkle_bonsai

1 year

🧵How I personally make smart contracts easier for me to debug and how I increase my chances to spot vulnerabilities

8

32

140

0

4

40

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Sagely advice from #39 on the @immunefi leaderboard There's no secret sauce folks. Just read the code. ty @infosec_us_team

0

6

38

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 months

$2.7 Mil on Immunefi contest over the next 30 days And this isn't even the biggest news we have in the next 30 days!!! Legit unbelievable what we got coming next for you!

2

38

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 years

Started @code4rena in Jan 2023, already in top 5 on contests and making $1000+. This is a major accomplishment. It's amazing just how quick people can get success in Web3 Sec! I've seen this story again & again. There's so much room to grow I love it

peakbolt

@peak_bolt

2 years

@0xnirlin Go through Secureum Epoch0 Bootcamp and Andy Li videos at

4

1

14

4

1

36

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Almost at 1k followers 🥳 and 50+ DMs with you guys. Absolutely wild how friendly this community is!

4

0

36

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Many top web3 whitehats are Dev leads/ CTOs/ Technical Founders In the coming years we'll see a lot of project founders coming from web3sec & leveraging their experience here. I can't imagine that @gogotheauditor @pashovkrum @bytes032 @0xOwenThurm won't rocket higher!

3

1

36

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

It's a common fact that the "Project scammed me on @immunefi !" tweets spread a lot farther than the "Thanks @immunefi for getting me unscammed :)" that come afterwards. Mediation is here to help, even if takes awhile as was the case with

George Hunter

@GeorgeHNTR

1 year

@0xkazimm @immunefi The Immunefi team is beyond fantastic and I know they are working very hard to limit the number of unfair cases. I believe many of the cases shown on Twitter where a whitehat had a bad experience with a project on Immunefi were later resolved successfully. I would definitely

2

19

6

4

36

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

3 months

@zachobront literally told me "I'm gonna win the Blast competition" Insane skill, confidence and follow through I fear for those who are competing against him on @eulerfinance 💀

Cantina 🪐

@cantinaxyz

3 months

It's official. 🚀🪐 The results are in for our massive $1.2M @Blast_l2 security competition: Here are your top 3 ranked researchers: 🥇 @zachobront : $201,484.57 🥈 @Guhu95 : $119,941.96 🥉 @tinchoabbate & @saucecri ( @theredguild ): $74,729.62 Amazing work. Leaderboard below:

8

10

107

2

1

33

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

SRs be DMing me "Please invite me to @immunefi 's invite-only programs" I like the hustle. Mini-thread on how to get invited 👇🧵 1/5

Tim

@0xTimofey

5 months

Btw, yesterday we launched Immunefi's first Invite Only Program with @hinkal_protocol which you can check out here: How do I get invited you might ask? Well, I certainly know that @0xMackenzieM wanted to write about this so won't steal it from him, but in

3

0

10

1

5

35

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Amazing Article by @joranhonig It's short, it will make you a better bughunter & auditor. Give it a read. Here's my key notes: 🧵👇👇👇

2

10

33

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

3 months

So many public wins lately on @immunefi Mini-compilation of live players to follow 👇

1

4

34

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

#MackenziesPicks This week's list is Bug Bounties with the fastest bug report resolution time! That means the median time for a project to update a report from ‘Escalated’ to either ‘Closed’ or ‘Paid’. Read & Retweet: 🧵👇

4

10

29

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

10 months

Boosts will make bughunting the best way to improve. Traditionally bug bounties have the slowest feedback loop to learning. Maybe 2nd to only solo audits 🤔 With 24h project response times and direct Q&A and reports being published after boosts will be the fastest way to learn

2

4

33

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

It really do be like that. Courtesy to @infosec_us_team

2

1

32

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

@deadrosesxyz This project just had some minor updates to make. They're back up now. Just bad timing 😓. We're changing how we announce these sorts of things to prevent this in the future. In the meantime feel free to DM/tag me or @Specivik for questions about projects that're paused/removed

2

1

32

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

9 months

That's a wrap for the first Bounty Boost! Thanks to @DeGateDex and the nearly 100 security researchers who submitted bugs to the first-ever Bounty Boost. Soon we’ll send out the Rewards, and publish the Bug Reports, Leaderboard and stats from the Boost.

1

8

30

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

9 months

Hey all, I'll be on vacation till after Christmas 🎄 and offline for most of that time. When you need any hacker support send a DM to @OddlySpecivik No big hacks while I'm out now ya hear

3

1

31

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 months

tl;dr To get that $1mil from Fuel 1. Hunt on the VM 2. Not a VM guy? Then check out the Compiler 3. Not a Compiler guy? Then check out the Bridge Great opportunity to learn lower level tech and make mad bucks doing it

Adrian ⛩️ Hetman 🐺⚔️

@adrianhetman

2 months

Few tips for @fuel_network Attackathon on @immunefi . Tip 1: Start looking for bugs on FuelVM. There's way more to discover there than meets the eye. Tip 2: Looking for bugs in Sway? Start with the compiler. Don't know Rust? See how the same code in sway acts on Fuel vs

1

3

18

1

8

31

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I was just talking to @0xMacroDAO about the different skillsets of Audit Firms vs Contest Auditors vs Bughunters. The skillsets are incredibly different. Security Researchers who'd excel at one might suck at the other 1/4 Thread:

2

6

31

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

My @immunefi -cation is complete. I feel blessed to meet so many extraordinary whitehats as part of my day-to-day. Routinely you guys impress me with how giga-brain AND good-hearted you are. That's how I know we're gonna do great things.

2

1

29

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I don't expect whitehats to want to read severity classification documents for fun. But those who do have a serious advantage imo in understanding what bugs project's care most about. Here's @immunefi 's in-depth encyclopedia on bug severity

Severity Classification System

Bugs are assigned a severity based on the type of vulnerability that they exploit and the potential impact that they could cause. Low severity reports earn smaller rewards because the potential for...

immunefisupport.zendesk.com

pashov

@pashovkrum

1 year

Severity classification/categorisation processes of three leading smart contract security services providers that shape our ecosystem: Immunefi - Code4rena - Sherlock -

3

11

99

2

8

30

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

Whatever happened with the @KyberNetwork attacker and what did Kyber do?

6

1

30

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Bug Report 101: If a project offers you a lower amount than their bug bounty program says do NOT accept it. “... projects are strictly prohibited from trying to negotiate with security researchers to lower the payout.” — @immunefi

The Bug Bounty Program Is Law

Bug bounty program pages are something we take incredibly seriously at Immunefi.

link.medium.com

2

4

28

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 years

I've never seen a critical bug with a poorly written report. I hypothesize this isn't because the best hackers are good writers. But because they're good thinkers. Then what to write is obvious, and only the most egregious projects dare deny them.

3

1

29

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

3 months

@0xnirlin I have accidentally wrote you a short novel tl;dr Contests as an industry is immature and we're still solving the the problem of contests ROI reliability. LSW is a great bandaid. But to scale to 20+ contests running simultaneously we need to innovate as an industry. Full

7

1

27

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

29 days

Heading out on vacation 🌴 See y'all when I'm back

3

0

26

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

There's a lot of great web3sec communities, new and old, but the real value is the 1-1 friends you make. Consider this your reminder to slide in someone's DMs today, just say hi and that you like their posts, and see where it leads

7

0

25

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Yo @PwningEth you mind finding a $20mil bug real quick? We gotta pump this up to $100mil.

Immunefi

@immunefi

1 year

We've done it. We've now facilitated $80m in payouts to whitehats. $100m soon! Congratulations, everyone.

7

15

105

1

24

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

Please make your handle easy to remember Too many times I'm searching for you on twitter and can't find your esoteric username I'm looking at you Flint @14si20 😡

3

0

24

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

9 months

If you're at the $10k/mo point you know what you need to do to reach the $50k 👀

deadrosesxyz

@deadrosesxyz

10 months

My experience as a security researcher: - Months 0-4: <$1,000/month - Months 5-7: $10,000/month - Months 8-9: $50,000+/month Success is not linear. Keep grinding ✌️

82

57

940

1

2

24

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

6 months

Heading out to Taiwan rn for my 2 week vacay 🎉 For help on Boosts or with all those big sexy bugs you're finding you can reachout to @OddlySpecivik & @0xjonah1 plz no big hacks while I'm out 👀 (it does feel like there's been less lately tbh)

6

0

23

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

@HatsFinance I'd guess the last minute nature of them. I really like how @cantinaxyz organized @eulerfinance months in advance. I know more than a few SRs avoiding private audits so that they can participate in it

3

1

22

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

You ask, we deliver 👊

1

3

22

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

When a @zksync engineer shows up the web3 sec game and goes after the Kings @OpenZeppelin

Vlad B. (∎, ∆)

@vladbochok1

1 year

1/6 I'm truly inspired by security engineers who openly share their discoveries. While I've been relatively quiet on social media, I now realize the value of discussing my findings. So, here's the 1st of 3 vulnerabilities I've uncovered in the @OpenZeppelin library!

9

33

210

0

20

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Seeing multiple Medium severity bugs linked together into a Critical is beautiful to see. Seeing a Medium severity bug be paid, and later another whitehat submit it showing how it could be Critical, is so painful.

Trust

@trust__90

1 year

A step-by-step guide to finding a critical issue in every private audit: 1. Choose a standard medium-severity issue. 2. Crank it up to critical severity. 3. Congratulations! You're up there with the greats. Feels good right?

5

8

105

3

0

21

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

This thread isn't really about bot races. It's about a bigger question. How do we raise up rookie security researchers? The real solutions will be less kind than "let them farm dupes". Right now there's a chasm between CTFs and professional security work

0kage.eth

@0kage_eth

1 year

@code4rena : A humble suggestion to introspect on your internal data regarding bot races & decide whether to continue them in their present form or not. A 🧵⬇️ into the potential harm these races might cause to budding auditors.

11

3

28

2

20

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

4 months

@0xArnie @immunefi We care mate. Checking into this to get it figured out <3

1

20

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

7 months

~20% of $1mil+ payouts on @immunefi are non-solidity. This is means that non-solidity SRs have a great ROI for their skills since the vast majority of projects are in solidity. The hitrate for non-solidity bug reports is much higher too

@bytes032.xyz

@bytes032

8 months

Observation: 90%+ of the $1M+ payouts in Immunefi are non-solidity Lesson: If everyone else is doing it, don’t do it.

11

5

159

1

2

20

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

Slow audit contest scene rn. Wait, does 13 simultaneous contests count as slow?

3

0

20

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

If you want to share a write-up on your bug report please send it to @sayan_011 for him to add to his growing list! And here's the most 3 common rules on sharing your bug report (whether it was paid or not) 🧵:

2

6

18

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Here's a great writeup of a new whitehat's experience on @immunefi . I encourage all of you to do this and help increase transparency in bughunting (and build yourself a rep).

ABDul Rehman 🇵🇸

@Trad_Mod

1 year

My first @immunefi bug bounty Alhumdulilah 🤩❤️ First time reported a bug on Immunefi & it got accepted as a valid finding. I'm over the moon with happiness and gratefulness ❤️🙏 Here's a short bug finding writeup & my immunefi experience 🧵

30

10

184

1

4

19

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

7 months

Classic @deadrosesxyz answer 😂

deadrosesxyz

@deadrosesxyz

7 months

january was a sick month - managed to complete 5 private audits - sneaked in a few contests inbetween and became LSW on Sherlock

29

7

222

2

1

18

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Listening to the @gjaldon interview on @opensensepw It's full of good tips: on learning, on auditing, on twitter, on good work habits in our space. Most of all @gjaldon has a very relatable story. I recommend it

Mis4nthr0pic Interviews Gjaldon

https://twitter.com/gjaldon

www.youtube.com

3

5

19

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

10 months

The more I think about it, the more it makes sense to bughunt on projects with good rewards for Medium severity bugs. It's just a good safety net for your earnings

Immunefi

@immunefi

10 months

Guess how many $10,000+ bounties were paid out this week... 1? 2? Or maybe 3? The answer: 5 researchers have made at least 5 figures this week hunting on @immunefi . Not all of them were crits...

3

4

45

2

0

19

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

50% of the support I give whitehats is reading the bug bounty terms for them. 40% is sharing info about basic rules. 5% is bug report coaching (pro-tip make your PoC prove your bug's impact) 5% is tricky nuanced cases Not sure how I should feel about this.

3

0

19

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

10 months

0

18

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

This is the dream story. @0xmonsoon has the attitude that will make it big. He's building cool projects, learning cool tech, doing cool work, and ofc making v cool friends. Even he failed he'd still be winning!

monsoon

@0xmonsoon

1 year

✨✨✨CAREER UPDATE✨✨✨ I am joining @OpenZeppelin as a security researcher. Its an honor to get a chance to work with a team that I have admired and respected for long.

50

5

285

2

0

18

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

6 months

I'm back from Taiwan y'all, my blood flows rich with bubble tea and stinky tofu, ready to get rich securing web3

3

0

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Every. Single. Time 😂😂😂

1

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

@usmannk No matter what the project's terms, if they differ from our mediation then you're free to share a writeup. Especially if it's a multi-month ordeal where you get unpaid $500k! @immunefi has multiple projects in the works to stop this from happening anymore

0

2

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

It's a fact that if you make a meme about feature improvements on @immunefi we're legally obligated to ship them with 24 hours

MiloTruck

@milotruck

2 months

Petition to include a part of the message in the notification so they stop giving me false hope @immunefi

14

5

98

3

0

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

@14si20 @immunefi On one hand, v impressive work. On the other hand,

konata

@konata_eth

5 months

0

8

36

4

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

For all the Security Researchers who don't know what to write/post on twitter take this lesson from the champs @SpearbitDAO Focus on high-quality & technically advanced content. imo even rookies benefit more from their challenging content vs. beginner materials.

Spearbit

@SpearbitDAO

1 year

@0xMackenzieM @pashovkrum We tend to stay away from beginner content you may see saturate the timeline (e.g roadmaps, top 10 vulns, etc.) and more towards material that is beneficial for security researchers with experienced backgrounds or those with less experience but wish to challenge themselves.

1

2

35

2

1

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

8 months

I got a refreshing message variant of the "How do I get started?" msg. Instead he told me all he's going to do and asked for feedback. I'm excited for you @thisvishalsingh

2

1

17

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

"Can projects pay their bug bounty in worthless tokens?" No! @immunefi 's policy is that if a token doesn't have good enough liquidity then you can have them pay you out in something that is liquid. No payouts in magic beans here.

1

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

A great read if you intend to submit a Crit on @immunefi .

Immunefi

@immunefi

1 year

Have you ever wondered how to calculate funds at risk for your bug report submission? Wonder no more. Check out our new guide, written by @omikomikomik

0

7

34

2

3

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

The legendary Pwning.Eth @PwningEth ( #3 rank and $8 mil earned on Immunefi) is doing an AMA on OpenSense. The Q's asked & his Answers are great! Check it out Anyone who wants to do a public good should compile it into a twitter thread!

1

3

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

6 months

Reminder for you to check out the Puffer Boost. $50k pool + $200k/50k/2k/1k per Crit/High/Med/Low

2

3

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

People of all skill levels ask "How do I get a mentor?" The essence is to do what @pashovkrum is saying. Put in the work, and show you're putting in the work. This makes people want to help you. ie. This is why @opensensepw is taking off, cause @mis4nthr0pic hustles!!!

pashov

@pashovkrum

1 year

Here is what's going down in my DMs: - How do I master web3 security? - Go through Secureum bootcamp - Link? Frens, if you can't find the link to the bootcamp how do you expect to find bugs later🤔 If you want to be a great researcher you'd have to research✌️Go find it yourself

23

13

260

4

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

Discussing $100k payouts is always gonna be a sensitive discussion. @KrisApost1 handled it like a pro, I hope he shares some tips/thoughts on the process. And ofc always feel free to reach out for help 🫡

Kristian Apostolov

@KrisApost1

5 months

@bot226331491 @OddlySpecivik @0xMackenzieM Not at all. All sides were extremely professional. Navigating bounties for the first time is not an easy feat.

0

2

0

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Ahaha too true

0xasen.eth

@asen_sec

1 year

Anyone else feeling the same? 😅

8

7

61

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

When you need to learn: ✅ Contest Audits When you want to make money: ✅ Bug Bounties When you want to make money while learning: ✅ Work on teams with your friends

MiloTruck

@milotruck

1 year

@peak_bolt @code4rena @sherlockdefi @immunefi I spent more time on C4, I think. The good thing about C4 is there's a feedback loop, so you know which issues you didn't spot. Whereas on Immunefi you don't know what you missed. My payouts on Immunefi are larger than C4 though, not sure if it's due to luck...

1

0

5

1

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

4 months

For those in the know, We're working with @0xArnie to work out his bug report issue We're getting all the details, triple-checking them, and then we'll fix any mistakes When in doubt that @immunefi made a mistake, plz DM for help, that's what we're here for 🫡

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

4 months

@0xArnie @immunefi We care mate. Checking into this to get it figured out <3

1

20

0

1

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Dear Whitehats, how valuable would it be to have your bug report stress-tested before submission, so there's no room for project downplaying it? ie. Have all the weak spots and missing details brought up, and be given directions on how to make it rock solid.

3

1

16

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

9 months

I'm seeing a lot of successes lately. But especially a lot of appreciation for 1-1 help & encouragement that lead up to that success. It reminds me that nothing is as effective as 1-1 support, or scales as well as passing it on

0

1

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

This is a huge policy shift! It'll prevent so many in/out-of-scope disputes. Whenever you read a bug bounty program ctrl+f for 'Primacy of Impact' to see if they use it (ie. @zksync does). And please ask me any questions you have about what exactly this means!

Immunefi

@immunefi

1 year

Ever had a bug report with a real impact, but the asset was out of scope, so the bug report was closed? We're introducing a new best practice standard called Primacy of Impact to solve this problem. Read more:

8

17

64

0

2

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I'm doing an interview with @opensensepw in 30 minutes, come join and ask any all your bughunting/Immunefi questions

1

3

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

@0xKaden @immunefi Good catch. We're checking into this. We haven't allowed vesting payments for over a year now. So this program is running on our much older standards Always good to check a project's vitals before bughunting on them , TY 🙏

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I love @bytes032 audit threads, why don't more of you write them? Surely it crystallizes your learnings to write it all out, plus the friends you make.

@bytes032.xyz

@bytes032

1 year

I explored the @compound protocol during the @rubicondefi contest at @code4rena . In this thread, I'll summarize what I've learned. 🧵

11

47

202

2

1

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

@sayan_011 Ahahahahaha. Highly suspicious. I'd want to see other audit reports by this team, and if they're often like this, I'd focus on bughunting on the projects they audited 😎😎

2

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

2 years

Amazing writeup. "Cool, now we have a bug. What’s the maximum amount of damage we can cause by abusing it?" This is the attacker mindset you need to when you bughunt.

zzykxx

@zzykxx

2 years

This is how I found my second high severity vuln on @immunefi , under @trust__90 mentorship:

12

18

197

1

3

13

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

A perk of bug hunting is you get to deep dive the code to your own satisfaction. This is why the biggest bugs were on projects that the bug Hunter finds interesting. No time limit, no external pressure, just you and your curiosity.

Rajkumar(0xrajkumar.eth)

@0xRajkumar

1 year

If you are doing bug hunting on Immunefi, it's possible to not find anything in a codebase, but over time, you will learn exponentially.

3

1

34

2

3

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

4 months

I'm not gonna say that following your interest and diving deep will lead to $250k bounties ... but I'm not NOT gonna say that

Marco Croc

@malicator

4 months

@0xMackenzieM @CurveFinance Studied Curve some time ago and this time, filtering Avalanche projects on ImmuneFi lead me back to Curve. Because it was a fork of Curve 😉

1

10

1

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

6 months

Solo High + bug writeup = instant micro celeb Thus it has ever been

SHERLOCK

@sherlockdefi

6 months

1

3

33

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Absolutely killing it! Of course, a single million dollar bug puts these to shame 😏

pashov

@pashovkrum

1 year

I made $46150 doing 4 solo smart contract security audits in April, finding various critical & High severity issues. I also missed 1 (that I know of) but that’s life as a security researcher. This makes it the 3rd consecutive month doing >$40k in solo smart contract audits

36

20

506

1

0

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

@RobertMCForster That sounds absurd, if it's an @immunefi bounty and you'd appreciate some help send me a DM with the report # best of luck in any case

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

10 months

I could fill a book with all the times top whitehats have responded with this

deadrosesxyz

@deadrosesxyz

10 months

In just one month of bug hunting I managed to earn more money than in 6 months of auditing 🤯

19

10

216

0

2

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

10 months

@cergyk1337 breaks the top 50 and onto the leaderboard! Congrats mate 🥳 And I see you @yttriumzz closing in also 👀

Immunefi

@immunefi

10 months

#LeaderboardWeeklyUpdate ! Here are some of the whitehats on fire this week: 👉 LonelySloth: moved to 6th from 7th! 👉 yttriumzz: moved to 62nd from 74th! 👉 cergyk: moved to 43rd from 55th! Congratulations to all!

2

1

17

2

0

15

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

ITT @0xriptide says he has no secret to bughunting. Just follow your interests and read the contracts. I know big audit firms have all sorts of fancy tools. But the best bughunters keep saying what Riptide is. It's that simple.

riptide

@0xriptide

1 year

@ckksec usually just check out anything interesting my secret is just to read a bunch of contracts tbh

2

1

7

3

0

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

Pro tip: You can just ask projects where they think their code is weak. Projects naturally have an intuition of their weak/confusing areas, they might not be able to explain it or fix it, but that's because they're devs, not security experts

Immunefi

@immunefi

1 year

Join us at our next Hacker Hangout on July 24 with a special guest - @staderlabs_eth 🙌 Prepare your questions and check out their bug bounty program: Link to the event:

1

4

18

2

3

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I just remembered a lot of you asked to be tagged when I started making this, so pardon as i blot down all your handles: @opensensepw @cryptostaker22 @MostOddSoul @DevABDee @__Raiders @mariodev__ @dev_chinmayf @GidiRphotos @DevDacian @Baedirl @seraviz @marketdotdev @0x_lugia

10

1

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

I second this! The non-stop interviews with top quality hackers, the fun chats, and cool side-projects @opensensepw is creating is like watching alchemy be done. He's singlehandedly disproving the myth the Security Researchers are anonymous anti-social weirdos

gmhacker.eth

@realgmhacker

1 year

Props to the @opensensepw gang, putting out great event lineups 🔥 Building out a great community, it's interesting to watch

1

4

13

1

4

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 month

5 confirmed bugs get paid sharing a $100k-$200k reward pool is crazy ROI for those SRs If that doesn't FOMO you, then I bet this contest reward calculator will

Immunefi Contest Rewards Calculator

You’ve heard about Immunefi’s new Boosts, Invite-Only programs, and Attackathons. But how much will you earn from bug hunting on them?

medium.com

Immunefi

@immunefi

1 month

8 Days left on the @shardeum Ancillaries Boost! Results so far: - Multiple medium severity bugs confirmed, unlocking $100k of the $200k reward pool - 10 reports escalated by Immunefi - 5 reports confirmed as valid Time to get hunting 🐛 Link below 👇

2

5

24

1

4

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

$218k / 25 Medium bugs, that's ~$9k per Medium bug report!

Immunefi

@immunefi

1 year

#ImmunefiStats The July payout stats are in! Here's what whitehats made on Immunefi last month. Just beautiful to see.

2

6

39

2

1

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

1 year

This is the most important tip for whitehats of all levels. It's the reason you should make PoCs for all your bugs. The practice sharpens your attacker mindset so you can find that 1 bug which is worth more than all your others combined.

@bytes032.xyz

@bytes032

1 year

Train your mind to see vulnerabilities, not features.

7

92

1

2

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

5 months

Stormy is a beast!

Hunter Security

@HunterBlockSec

5 months

Winning 1st place in the @eBTCprotocol competition at @code4rena last year with the only critical vulnerability found, and now winning their @immunefi boost... That's one web3 security beast! It's an honor to have Stormy as an Associate Auditor on the Hunter Security team. 🫡

2

5

57

0

1

14

Mackenzie MacKenzie 🛠️️

@0xMackenzieM

3 months

@immunefi @fuel_network This is gonna be a paradigm shift. Audit contests will move from one-and-done events to major education & ecosystem building events

0

14