Al-Qa'qa' @Al_Qa_qa Twitter profile

Pinned Tweet

Al-Qa'qa'

4 months

Private Audits Are Open Now I am happy to announce that I will open Private Audits. I waited a lot before doing this. It is a big responsibility, and I wanted to be at a good level before doing it. My latest results in Contests encourage me to open in now. - 3rd in

13

7

88

Last Seen Profiles

@Mwm231

@ahmdalwhsh1

@bokeplokalmalam

@Greenwood_Acad

@ChismecitoC

@TgfnftTlove

@ShayMcGuinness1

@thedunnething

@HelloRound

@ggamgo1002

@footprint_o_

@niceforo6zil

@TomanTrad

@roseyod19

@tpcichon

@girls9_cut

@Creativana_

@Gabyy_Estfi

@nzausa_

@20_20_207

@_afronational

@VIX

@dr_moaz_ateto

@UofCbaseball

@tomotaco5318

@Deltov3

@NathanHarkins7

@ramziali1199

@GabiJMiranda1

@sironire

@1550sports

@gkhang792297

@anitakenobi

@snowsflwr

@medical_xpress

@0xfox_

Al-Qa'qa'

@Al_Qa_qa

22 days

If you are planning to join UniswapV4 contest on Cantina, you should read this. UniSwap Foundation had a contest on Code4rena before for their Staking Contract, I managed to secure the 2nd position in it, but the judging process involved a lot of things. The contest was

13

9

122

Al-Qa'qa'

@Al_Qa_qa

5 months

Alhamdulillah, another win in Ramadan. I managed to secure 2nd place in @UniswapFND UniStaker contest in @code4rena . This contest was tough, and Uniswap is more than just a name in the space. I am proud of myself for being in this place.

23

0

111

Al-Qa'qa'

@Al_Qa_qa

3 months

Alhamdulillah, I managed to secure 4th place in @0xDYAD contest on @code4rena Although the result and payout are good, I should say that I did not do my best in that contest. I got 3/10 HIGH and 3/9 MEDIUMS which is not a good result to me at all. I missed a lot of findings and

20

1

92

Al-Qa'qa'

@Al_Qa_qa

2 months

1. The codebase is too complicated. 2. Read Docs: things became clear 3. Go through Code Flow: protocol implementation became clear 4. Go through the execution flow: everything seems to work OK, protocol implementation in your head. 5. What if A occurs before B, what if userA

4

8

78

Al-Qa'qa'

@Al_Qa_qa

5 months

Alhamdulillah, I managed to secure 2nd place with @_sammytm in @RadxChange contest on @sherlockdefi This is the second time I achieved second place, the next I will achieve 1st and get a unique finding ISA.

22

0

73

Al-Qa'qa'

@Al_Qa_qa

1 month

Alhamdullah, I managed to secure 1st place in Intuition protocol on Hats. This was a week ago, But I chose to announce it today. Well done to all the winners 🫡

10

0

63

Al-Qa'qa'

@Al_Qa_qa

29 days

I am proud of the achievements I made in Web3 Security. ✅️ Reached the top 5 in 5 different contests ✅ ️Win 1 competition ✅️ Conduct special audits ✅ ️Making connections with different people in the space What I am aiming for in the coming months: ➡️ Getting solo H/M

11

1

63

Al-Qa'qa'

@Al_Qa_qa

2 months

Alhamdulillah, I completed @0xDYAD VaultManagerV3 private security review. The task was to revise the new version and check that the upgrading process would occur without problems. I managed to find 2 Highs, 3 Mediums, and a single Low finding. The upgrading just happened

10

1

65

Al-Qa'qa'

@Al_Qa_qa

1 month

And the answer is: 🕵️ This Bug is called impersonating attack or Account Impersonation attack. The problem will lead to an attacker calling a contract impersonating `msgSender`, breaking access control protections. If we check `MultiCall` contract, we will find it simply calls

Al-Qa'qa'

@Al_Qa_qa

1 month

Ok guys, let's do another challenge. In the following snipped code there is a bug, a popular one. You need to describe the bug in the comments using only one UTF-8 char.

31

7

53

8

7

65

Al-Qa'qa'

@Al_Qa_qa

1 month

Alhamdulillah, I completed @0xDYAD DyadXP private security review, and they are so pleased with the work. I managed to find 2H, 3M, 3L, and some informational findings. This contract will be used in calculating the staking rewards, and ensuring it works correctly was crucial.

8

2

64

Al-Qa'qa'

@Al_Qa_qa

3 months

Eid Mubarak to all Muslims in the space 🌙🕌

22

1

59

Al-Qa'qa'

@Al_Qa_qa

6 months

Alhamdulillah, I managed to secure the 3rd place in @PoolTogether_ contest in @code4rena This is my first Top 3, and The next will be the 1st ISA.

13

0

58

Al-Qa'qa'

@Al_Qa_qa

3 months

Alhamdulillah, I got 15th place in @Optimism Safe contest on @cantinaxyz with 1 out of 6 MEDIUM findings. I should say I was absent at this contest, and missed bugs that I knew but thought were invalid, but I am satisfied with the result. ISA better is coming 🫡

10

0

58

Al-Qa'qa'

@Al_Qa_qa

13 days

In 3 hours, we will have 17 Contests running in parallel. Insane 🔥

5

4

52

Al-Qa'qa'

@Al_Qa_qa

1 month

My Intuition findings write-up is now public on the audit portfolio. Through this contest, I have reached the top 5 in 5 different contests, ranking 1st in one. My performance was too bad last month but InShaAllah I will do better next month 🫡

4

0

52

Al-Qa'qa'

@Al_Qa_qa

2 months

I just changed my Profile Picture guys, To all the few people who follow me, this is me Al-Qa'qa'. If you want to know what this photo means, it is my name Al-Qa'qa' but in Arabic language. Thanks to @oneopen4 for designing this 🫡

8

0

54

Al-Qa'qa'

@Al_Qa_qa

2 months

Take a look at this snipped code, and tell me if it has a vulnerability or not. The code snipped is a simple `initialize()` function, which acts like a constructor for smart contracts supporting upgrading. From the first look, it does not have any issue, but this differs

7

2

48

Al-Qa'qa'

@Al_Qa_qa

1 month

Ok guys, let's do another challenge. In the following snipped code there is a bug, a popular one. You need to describe the bug in the comments using only one UTF-8 char.

31

7

53

Al-Qa'qa'

@Al_Qa_qa

6 months

One of the most common bugs in Staking protocols is the rounding issues while withdrawing and depositing. Let's discuss what is the problem in this code 🧵

5

6

49

Al-Qa'qa'

@Al_Qa_qa

3 months

One of the easiest findings you can check when auditing a protocol getting deployed in multiple chains, is to check for PUSH0 support for that chain. Just check the target chains, and if one does not support PUSH0 opcode, congratulations on that valid MEDIUM 🤑

3

2

48

Al-Qa'qa'

@Al_Qa_qa

3 months

Am I the only one who has found that the judging process is weird nowadays, and there are no standards? What gets accepted in one platform can get invalidated in another, and similar issues may result in different judging decisions in different contests. Am I the only one who

13

4

42

Al-Qa'qa'

@Al_Qa_qa

30 days

External Call to a custom contract One of the most critical things that should be avoided in any protocol is making an external call to a given contract, where the contract and the data is an input given by the user. This behavior is known and can be detected using Bots, and

4

38

Al-Qa'qa'

@Al_Qa_qa

5 months

Big changes are going to take place in @code4rena - No more Analysis or Gas, Gas will be activated only if the sponsor wants. - Only the Top 3 QA reports will be rewarded. - 10% of the pot will go to the warden who got most of the H/M issues. - 10% of the pot will go to the

5

1

38

Al-Qa'qa'

@Al_Qa_qa

2 months

Nothing is more important than providing valuable work to your client. When I take on a task and get paid for it, I always focus to do it as efficiently as I can. and when I received such feedback I became so happy, and proud of myself that I did it well.

1

36

Al-Qa'qa'

@Al_Qa_qa

15 days

You need to audit the codebase until its period ends. If seeing the code hurts your eyes and seeing it makes you feel you are repeating yourself, you can take a little rest and then complete it. Leaving the contest before finishing it should be your last decision.

2

1

38

Al-Qa'qa'

@Al_Qa_qa

3 months

A quick tip about YUL encoding. Storage and memory are 32-byte addresses, so a value is stored in that 32-byte slot. And if we want to Shift-Left the value we put the word hex before it. Take a look at this example: when storing 0x11223344 it will get stored in the 32-byte

0

6

38

Al-Qa'qa'

@Al_Qa_qa

2 months

Don't see past findings of a given protocol unless you understand the codebase. For example, If you are auditing a Staking protocol, don't go to Solodit or past findings in the beginning, but after understanding the current protocol implementation you are auditing. This will

1

3

36

Al-Qa'qa'

@Al_Qa_qa

5 months

When Auditing a large protocol with a lot of contracts. I check the deployment script written to know exactly how These contracts are integrated. this gives me a good point from where should I start my auditing process.

3

0

37

Al-Qa'qa'

@Al_Qa_qa

4 months

Catch the Bug! You can only comment with a single utf-8 character.

23

0

34

Al-Qa'qa'

@Al_Qa_qa

3 months

I never thought I would win an Airdrop. Thanks a lot, @zksync for giving Web3 Security Researchers a part of that airdrop.

3

1

36

Al-Qa'qa'

@Al_Qa_qa

3 months

Missing DeadLine check when Swapping Most of the DEXs implement a deadline check for the swapping function. Where, the user can revert his swapping if the transaction is left too long in the MemPool. In some cases, there may be congestion in the Blockchain and the transaction

1

4

35

Al-Qa'qa'

@Al_Qa_qa

3 months

I just finished writing My findings for DYAD and Optimism Safe extensions contests. feel free to check them and provide feedback to improve the portfolio, I appreciate this.

3

0

36

Al-Qa'qa'

@Al_Qa_qa

5 months

I completed my Audit portfolio on @FindAudit Thanks a lot @bytes032 for this cool free service.

6

1

33

Al-Qa'qa'

@Al_Qa_qa

2 months

I don't know which competition to choose 😂

Cyfrin CodeHawks

@CodeHawks

2 months

The first CodeHawks Security Audit Summer contest is here! Enhance the security of the @chainlink Cross-Chain Interoperability Protocol (CCIP) ✨ Get ready to prove your worth. Starts: Next week, July 2nd Prize pool: $200k USDC

7

40

214

3

0

33

Al-Qa'qa'

@Al_Qa_qa

4 months

16 Contest are running in parallel right now. and a lot is coming soon, we are back guys 🔥

4

0

33

Al-Qa'qa'

@Al_Qa_qa

10 days

Some issues in Protocol are not because of the poor quality developers, Developers simply have no large background about all possible things. For example: - They don't think about all weird ERC20 token implementations. - They may not think about Account Abstraction. - Different

4

5

34

Al-Qa'qa'

@Al_Qa_qa

17 days

It is 22 Aug 2024. Web3 security is satisfied with 20 contests, 13 are running now. the distribution of competition is better this month. - 5 contests on @code4rena and @sherlockdefi - 4 on @immunefi - 3 on @cantinaxyz with +2M$ Uniswap contests - @CodeHawks with 2

3

5

32

Al-Qa'qa'

@Al_Qa_qa

5 months

Unistaker Contest added to the wallet. Seeing this table grow over time makes me happy and confident.

2

4

31

Al-Qa'qa'

@Al_Qa_qa

3 months

Another Contest (Optimism Safe on Cantina) has been added to my auditing portfolio. I am so happy to see that I participated in different protocol types including Staking, Stable Coins, Vaults, NFTs, Upgradable contracts, Diamond Proxy, Cross-Chains, etc... ISA better is coming

2

32

Al-Qa'qa'

@Al_Qa_qa

1 month

Auditing Small codebases differs from auditing Large codebases. In small codebases, I used to rap all the contracts in my head without many notes, but in Large codebases, you should have notes here and there as rapping all the contracts in your head is a little difficult.

1

31

Al-Qa'qa'

@Al_Qa_qa

2 months

I am glad I was the Auditor who made the security review of @0xDYAD XP contract. Distributing Staking rewards to Kerosene holders will depend on this contract, and making sure that it works correctly was crucial. The report will be published soon, stay tuned!

DYAD

@0xDYAD

2 months

We deployed XP moments ago. XP completes the flywheel that makes DYAD the most scalable decentralized stablecoin. It creates immediate upside for KEROSENE holders, especially if you also hold a Note NFT. Three-figure yield on the USDC - DYAD stable pair is just the start.

10

16

57

1

3

29

Al-Qa'qa'

@Al_Qa_qa

5 months

❌️Make graphs, and draw protocol architecture. ❌️Make a scheduled timeline. ❌️Focus in LOW issues and Informative. ✅️Just go for the code, and try to break it. ✅️Take simple Notes and comments. ✅️Dig too deep, then deeper, then deeper, ....

1

29

Al-Qa'qa'

@Al_Qa_qa

3 months

Another contest (DYAD) was added to the Portfolio, here we go 🚀

1

0

30

Al-Qa'qa'

@Al_Qa_qa

2 months

There is a relation that says the more SLOC, the more issues. But Big Named Protocols denies this rule.

4

1

27

Al-Qa'qa'

@Al_Qa_qa

3 months

We (security researchers ) always blame users for not checking the txs they sign. We always advice users to have some knowledge about EIP712 and signature signing, and to check the tx before calling, to prevent any fraud action. This is true, but actually I am like normal users,

10

1

30

Al-Qa'qa'

@Al_Qa_qa

2 months

Upgradable contracts allow updating protocol State Variables in need. This is a good feature in some protocols, but What interests me is that some protocols choose a Hybrid module, which supports upgradability for some variables and others do not. Let's take a look at

2

25

Al-Qa'qa'

@Al_Qa_qa

4 months

My audit quality decreased. I was busy these days and doing competitions between times. But I think that's no excuse. I will focus more on upcoming competitions even if I am busy.

4

0

27

Al-Qa'qa'

@Al_Qa_qa

1 year

If you want to know data localization in @solidity_lang , and what is the difference between storage, memory, and calldata. You can read the article I published on @Medium just now.

Solidity Data locations | storage — memory — calldata

Data location is an important topic in programming field, where you need to know where are your variables stored, and how can you access…

medium.com

2

0

5

Al-Qa'qa'

@Al_Qa_qa

3 months

I can feel Your pain guys.

1

0

27

Al-Qa'qa'

@Al_Qa_qa

4 months

7 Contests are Running right Now. and a lot are coming with a large Reward Pot. We are back guys 🔥

6

0

27

Al-Qa'qa'

@Al_Qa_qa

7 months

Alhamdulillah, I finished doing my Audit portfolio on GitHub, not that many contexts, just 2. But I will work on increasing the number of contexts, and findings Inshallah.

GitHub - Al-Qa-qa/audits: Bugs founds and Audit reports Done by me (Al-Qa'qa')

Bugs founds and Audit reports Done by me (Al-Qa'qa') - Al-Qa-qa/audits

github.com

4

0

27

Al-Qa'qa'

@Al_Qa_qa

3 months

All Contest Platforms run audits right now. - Code4rena with 5 parallel contests - Sherlock with 4 parallel contests - Cantina with 3 parallel contests - And there is one contest running on each of Codehawks, Hats, and Immunify has a running boost too. Seeing contests

1

0

26

Al-Qa'qa'

@Al_Qa_qa

4 months

RadicalxChange contest findings have been added to the portfolio. Let's make this table extend 🚀

3

1

27

Al-Qa'qa'

@Al_Qa_qa

4 months

The Docs provided by the Optimism Team in their life contest on @cantinaxyz are impressive. - Short and simple words Documentations - Diagrams - Deployed Contracts on Testnet - Code Walkthrough Really liked it.

1

0

27

Al-Qa'qa'

@Al_Qa_qa

1 month

It is 29 July, 2 days and August will come. @code4rena Has the largest number of contests A new player comes into the place, @immunefi with Core L1 BlockChain contests with large Pots compared to normal Smart Contracts contests, which opened the door for Web2 Security, Binary

3

0

27

Al-Qa'qa'

@Al_Qa_qa

4 months

Understanding a protocol can take only 2 days, but finding issues takes more than that. Understanding the Protocol is the first step in the Auditing process, not the last.

3

2

24

Al-Qa'qa'

@Al_Qa_qa

3 months

Two core blockchain contests are live on @code4rena , Canto, and ThorChain. In addition, there was BlastL2 before. All of us see an increase in demand for Rust audits. It seems that not only Rust audits will get into the space by Solana and Palkadot ecosystem, but also Core EVM

3

0

26

Al-Qa'qa'

@Al_Qa_qa

6 months

First time @code4rena mention me, that's great.

Code4rena

@code4rena

6 months

Awards have been announced for the $37,700 USDC @PoolTogether_ audit! 🥳 Top 5: 🥇 d3e4 - $9,434.22 USDC 🥈 0xhunter20 - $5,314.5 USDC 🥉 @Al_Qa_qa - $1,666.73 USDC 🏅 pa6kuda - $1,189.63 USDC 🏅 Afriauditor - $915.44 USDC

8

3

33

4

0

26

Al-Qa'qa'

@Al_Qa_qa

4 months

I become sad when the codebase is so robust that I cannot find a LOW finding.

6

1

24

Al-Qa'qa'

@Al_Qa_qa

4 months

Non-Fungible Liquidity Position in UniswapV3 UniswapV3 is one of the most famous concentrated liquidity AMMs, or maybe even the most famous one. It provides flexibility in handling the Liquidity for Liquidity providers, where instead of having the liquidity locked in the Main

1

0

22

Al-Qa'qa'

@Al_Qa_qa

6 months

PoolTogethar contest has been added to the portfolio. I added Rank section too. Submissions Writups will be added when the report is published. Let's GOO 🔥.

1

0

23

Al-Qa'qa'

@Al_Qa_qa

3 months

Most of us believe in the power of Decentralization, but I felt it the most yesterday. When I wanted to swap by ZkAirdrop tokens, I tried to use Binance, and the network (ZkSync) was supported. When I just refreshed the page or something like that, I found a message that the

1

6

24

Al-Qa'qa'

@Al_Qa_qa

2 months

The number of hacks is large this week. Two protocols (LiFi Protocol, WazirX) got hacked with ~10 million from LiFi, and ~231 million from WazirX, numbers from @BeosinAlert . Spending thousands of dollars on security rather than losing millions is better.

3

0

23

Al-Qa'qa'

@Al_Qa_qa

2 months

Fifth 7-figure pot in Web3 Auditing contest space, and this happens within only one year. Do you still think it is too late to join Web3 Security?

SHERLOCK

@sherlockdefi

2 months

The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame 🗓️ July 8th - August 5th 📍

76

160

436

3

0

22

Al-Qa'qa'

@Al_Qa_qa

27 days

Am I the only one who feels that Twitter feeds become kinda boring? It is rare to see one sharing a Web3 security post, illustrating command bugs, etc... It seems all of them are auditing rn, and they have no time for twitter.

3

0

23

Al-Qa'qa'

@Al_Qa_qa

8 months

Alhumdulilah, We acheived the 11th place in the @zetablockchain contexts on @code4rena Cosmos SDK, blockchain node, cross-chain, and Omnichain. The context was tough with +100K lines of code, and 28 days duration, but it was interesting. Congrats to all participants 🫡

4

0

23

Al-Qa'qa'

@Al_Qa_qa

5 months

Issues related to NFTs Auction protocols. Auction contracts can have different vulnerabilities, like: 1⃣ Sending bidders funds when closing Auction 2⃣ Spending all of the gas when closing the Auction 3⃣ Race condition if there is no minimum bid amount 4⃣ Allowing the highest

2

3

22

Al-Qa'qa'

@Al_Qa_qa

4 months

I think the Protocol devs became so happy when there is a complex HIGH finding with a complex attack path, and the mitigation is so simple. Just add this IF condition sir and your protocol will no get drained.

1

4

22

Al-Qa'qa'

@Al_Qa_qa

4 months

It is so disappointing when you think it is a design choice but it is actually an issue.

4

0

21

Al-Qa'qa'

@Al_Qa_qa

5 months

To all Web3 Devs, Please make as many Unit tests as you can for all possible cases. I found that some codebases use simple Unit Tests and Focus more on Fuzzing and Invariants. Although Fuzzing is more useful, Unit testing all possible edge cases is important so as not to miss

4

1

21

Al-Qa'qa'

@Al_Qa_qa

1 month

Ethereum Precompiled Contracts Precompiled contracts are like smart contracts that have its logic in the Operating Node itself (in Go lang, no Solidity). The idea is simply to save gas costs for operations that may be consuming in Solidity, and the operations that are kind of

0

4

22

Al-Qa'qa'

@Al_Qa_qa

1 month

My money 🥲

6

0

20

Al-Qa'qa'

@Al_Qa_qa

28 days

Sometimes the contract is Safe but the Upgrading process is incorrect leading to critical issues. You can check the Ronin Bridge exploit analysis by @threesigmaxyz which could occuar because of this.

Ronin Network Bridge Incident: Uninitialized Parameter Leads to ~$12M Whitehat Exploit

Ronin Network suffered a $12 million whitehat exploit on August 6, 2024, due to an uninitialized variable.

threesigma.xyz

0

2

20

Al-Qa'qa'

@Al_Qa_qa

4 months

Normal Staking vs Liquid Staking Staking protocols need no introduction, most of us know it. But Staking can be one of two things either Normal Staking or Liquid Staking. In Normal Staking, you are locking your funds in the contract, without gaining anything. Just your deposit

0

20

Al-Qa'qa'

@Al_Qa_qa

3 months

How much do you think Luck is an important factor in auditing contests?

10

0

20

Al-Qa'qa'

@Al_Qa_qa

2 months

Sometimes it is not about how HM you found nor what payout you got, it is about the amount of knowledge you gain from that contest.

1

4

21

Al-Qa'qa'

@Al_Qa_qa

2 months

Sometimes the issue is straight and all you need is focus.

0

1

20

Al-Qa'qa'

@Al_Qa_qa

4 months

How many times did you found a weird thing in a codebase, and just left it. Then, you found that it was an issue?

0

21

Al-Qa'qa'

@Al_Qa_qa

3 months

What happened between @CertiK and @krakenfx is kind of weird. How does a Big company like Certik (even if it's reputation is bad for Security Researchers, it is still one of the Biggest Web3 Security companies in the space), prove an exploit by Taking 3 Millions! In addition to

5

0

20

Al-Qa'qa'

@Al_Qa_qa

3 months

Am I the only one not participating in the Euler Contest?

10

0

19

Al-Qa'qa'

@Al_Qa_qa

2 months

If I asked you to describe a picture in one word, which one would you choose?

5

0

19

Al-Qa'qa'

@Al_Qa_qa

4 months

When doing an Audit of a large codebase, and I do not know how to start I go to test and follow path pattern. Some times the code may be complex to understand how user interactions start, so knowing the entry point and following it is a good approach in that case.

5

2

18

Al-Qa'qa'

@Al_Qa_qa

5 months

Doing an Arbitrary call to a random address is such a dangerous scenario. You don't know how many vulnerabilities that can come from doing such a thing. Avoid implementing it in your protocol.

0

1

17

Al-Qa'qa'

@Al_Qa_qa

20 days

Some issues require detailed description and illustration, instead of a scripted POC that the judge nor the sponsor won't understand what it does.

3

0

19

Al-Qa'qa'

@Al_Qa_qa

2 months

I just added the Highlights section to my portfolio. Since the contests section will continue to increase, having a prior section for the Best results is better. Also, I think it is good for marketing :)

2

1

19

Al-Qa'qa'

@Al_Qa_qa

1 month

The amount of stress an auditor experiences in escalations is not easy.

0

17

Al-Qa'qa'

@Al_Qa_qa

2 months

An alert to all Devs, if the issue is unmitigable, or the mitigation is complex and it will be left as it is. this doesn't mean the issue is Invalid.

2

1

18

Al-Qa'qa'

@Al_Qa_qa

5 months

Understanding Uniswap-V3::flash() function UniswapV3 is one of the most famous Concentrated liquidity AMMs in the DeFi space, and it supports Flashloans using `flash()` function. Flashload is simply a loan you take, do something with it, and then pay it back with some fees.

0

17

Al-Qa'qa'

@Al_Qa_qa

21 days

@0xcastle_chain I just have a Laptop on the table with a wooden chair 😂

2

0

18

Al-Qa'qa'

@Al_Qa_qa

4 months

And the answer is: 🥪 Most of you guys found the bug correctly, which is setting minAmountOut by 0 will lead to slippage. The idea of the challenge is to say a bug by only one utf8 char, and you can not express the slippage by on char. Slippage issues can lead to other issue,

Al-Qa'qa'

@Al_Qa_qa

4 months

Catch the Bug! You can only comment with a single utf-8 character.

23

0

34

4

1

17

Al-Qa'qa'

@Al_Qa_qa

3 months

When I think about Judging role in a contest, I think more than one time before trying to take it. It is as if you were insured for a sum of money and you must give this money to whoever deserves it. And the amount is not that small, and it can reach +1 M$ in some cases. It is

0

14

Al-Qa'qa'

@Al_Qa_qa

2 months

Boredom is an enemy to Auditors

3

0

15

Al-Qa'qa'

@Al_Qa_qa

5 months

Let's understand EIP-3074? EIP-3074 will facilitate Account Abstraction wallets, making migrating from EOA wallets to Smart contracts wallets easier. The EIP will make EOA behave like Contract wallets by making what is similar to delegate calls for Contracts. What will happen

0

3

16

Al-Qa'qa'

@Al_Qa_qa

6 months

Most of the projects in the space are DeFi, so understanding infrastructure DeFi protocols is a must. This includes: - AMMs - Lending and Borrowing - Escrow - Perpitual / Option trading - Staking - Yield Farming - Stable Coins

2

1

15

Al-Qa'qa'

@Al_Qa_qa

3 months

There are a lot of valuable contests rn. Picking the right one is the hard thing.

1

0

15

Al-Qa'qa'

@Al_Qa_qa

4 months

Optimism implements a great way to express the version of their contracts. They put the version of the contract on-chain in the `version` variable. This is good for identifying what changes occurred to the contract when developing. For example, v1.1.0 means that the code got

2

0

14

Al-Qa'qa'

@Al_Qa_qa

6 months

Before I start an Audit, I make `.vscode/settings.json` and set the `solidity-formatter` to `none`. This helps me to not reformat the code every time I add a comment, and make the Git points out to the changes I only made.

3

1

12

Al-Qa'qa'

@Al_Qa_qa

4 months

How can you do @TheSecureum Races guys, what is the secret 😅

4

0

15

Al-Qa'qa'

@Al_Qa_qa

4 months

When Dealing with a protocol that has part of his Codebase already deployed, Reading the current state variables helps a lot. Where you know what are the realistic values for the state variables, which helps a lot in understanding what is the balanced state for the protocol.

0

14