George Hunter @GeorgeHNTR Twitter profile | Pikagi

Pikagi

George Hunter

@GeorgeHNTR

7,451

Followers

217

Following

137

Media

2,007

Statuses

Your long-term smart contract security partner | Founder of @HunterBlockSec

Joined November 2022

Don't wanna be here? Send us removal request.

Pinned Tweet

@GeorgeHNTR

George Hunter

6 months

Do your smart contract protocol a favour and get a security audit by an all-star team of some of the industry's best talent:

George | Hunter Security 🛡️

Head of https://huntersec.co

@HunterBlockSec

Hunter Security

@HunterBlockSec

6 months

Winning 1st place in the @eBTCprotocol competition at @code4rena last year with the only critical vulnerability found, and now winning their @immunefi boost... That's one web3 security beast! It's an honor to have Stormy as an Associate Auditor on the Hunter Security team. 🫡

Tweet media one

2

5

57

3

3

48

Last Seen Profiles

@VmaniakJ

@othellogumi8

@BidonismoN

@Hac_Groupe

@nimobeatbox

@bokeplokalmalam

@Trainspoingtang

@BaoAnh38203637

@RevToiSorbonne

@jump0509lovvve

@AdkOfficial

@bokeplokalmalam

@Hcbeybaryskz

@GlitchTeamDeals

@dan_dorty

@fennel_art

@Linguist0_0

@Arrrrimo

@kugou18209

@niymphs

@KeshaCashIAFund

@indahbugil62

@guilherme7jk

@MissNapsalot_

@Johnsuh2995

@sheikhsanaa28

@Lolyta52

@bokeplokalmalam

@DrMSeptimus

@4T3MPkokds76774

@bnt1545338

@AriaRotund32796

@Caleb_P7

@bnt1545338

@lwy_mbrwk56043

@DeathJudgeNoms

@GeorgeHNTR

George Hunter

11 months

Just 1 year ago I was working as a Blockchain Engineer in a Bulgarian startup for less than $700/month. I have now made just over $70,000 in the month of October alone providing smart contract security services to protocols. Trust the process. ✌️

48

34

840

@GeorgeHNTR

George Hunter

2 years

Top 10 Smart Contract Security Learning Resources 🚀 I went through all of the resources listed below in the beginning of my smart contract security journey 👨🏻‍💻 I’d appreciate a retweet, spread the knowledge 🫡 Now follow the thread 🧵 👇

28

208

538

@GeorgeHNTR

George Hunter

1 year

2 years ago I was writing Solidity smart contracts on a sheet of paper during classes in high school. Now I'm securing multi-million dollar DeFi protocols. It's been a great journey.

31

11

461

@GeorgeHNTR

George Hunter

10 months

I now know multiple 17-18-19 years old bulgarian smart contract security researchers with <1 year of experience making $30,000-70,000 a month from audit contests, private engagements and bug bounties. This space is just insane. 💰

22

15

340

@GeorgeHNTR

George Hunter

1 year

"This part of my life, this little part, is called happiness." - Chris Gardner

Tweet media one

12

16

314

@GeorgeHNTR

George Hunter

2 years

1/ Signature Malleability 📝 А thread explaining what the Signature Malleability vulnerability is in smart contracts 🧵 I’d appreciate a retweet, spread the knowledge 🫡 Also, I'll post part 2 explaining a second type of Signature Malleability, so turn on the notifications 🛎️

10

96

300

@GeorgeHNTR

George Hunter

1 year

Personal smart contract auditing stats for April: - 7 private audits (5 team, 2 solo) - 1 bug bounty reward - 20+ critical & high severity issues found - $31000+ earned in total It was a really productive month, looking forward to securing more Web3 protocols 🫡

42

22

282

@GeorgeHNTR

George Hunter

2 years

For the past few months, I've been considering diving all-in into web3 security. I am now excited to announce that I have taken that leap! 🎉 Today is my last day as a blockchain engineer for the best company of its kind in my country.👇 Now I will have much more time to devote

33

47

267

@GeorgeHNTR

George Hunter

1 year

That feeling when your PoC is finally ready and you've discovered that the impact of the vulnerability is even bigger than you originally thought it was 😊

Tweet media one

18

14

273

@GeorgeHNTR

George Hunter

2 years

My first bug bounty submission 👀

Tweet media one

29

8

260

@GeorgeHNTR

George Hunter

1 year

Lets gooo

Tweet media one

51

5

233

@GeorgeHNTR

George Hunter

2 years

Writing smart contracts in Solidity during the day as a Blockchain Engineer Finding vulnerabilities in smart contracts throughout the night as a Security Researcher And I get paid for both I fucking love this 😈

16

10

227

@GeorgeHNTR

George Hunter

1 year

Today I turn 19 years old. 🥳 So, it's time to set some goals for my last teen year: - Build a robust portfolio of solo audits - 40+ happy and safe clients 😊 - Responsibly disclose a 7-figure critical vulnerability 🫡 - Have at least two months with a net income of $100k+ 💰

42

4

224

@GeorgeHNTR

George Hunter

1 year

Yooo @DevDacian amazed me with this message 🤯 Absolutely insane - from reading my first audit report to finding a similar critical vulnerability in a live 7-figure smart contract and receiving a solid bounty for it, very impressive 🫡

Tweet media one

12

10

219

@GeorgeHNTR

George Hunter

2 years

I've had several opportunities over the past few months to take a full-time job as a smart contract auditor in the $100-200k range, but I've turned them all down. Being an independent security researcher is the good life and I will never go back to the 9-5 employee lifestyle 😊

26

5

222

@GeorgeHNTR

George Hunter

2 years

I applied to @SpearbitDAO this week and had to write about my experience. I didn't realize how much knowledge and skills I've gained in just the last 6-12 months. I hope it's good enough to move on to the next stage of the interview process 🙏

Tweet media one

24

16

213

@GeorgeHNTR

George Hunter

2 years

You see a critical bug in an audit contest that can screw up the entire protocol ✅ 5 other dudes saw it, so you get only $100 😢 You see that a function uses <= instead of <, resulting in 1 wei per week getting locked 🤔 No one else saw this, so you get $10000 ✅

12

8

198

@GeorgeHNTR

George Hunter

1 year

Solidity Alpha: When casting the result of any arithmetic operation like: int256 diff = int256(currPrice - lastPrice); The result is first stored in the larger type of the 2 variables and only then casted. This can lead to a critical vulnerability that may easily be missed. 👇

7

24

199

@GeorgeHNTR

George Hunter

2 years

I found a critical vulnerability in an open-source smart contract protocol. I contacted the devs on twitter and offered them a private audit report. I reported the critical bug as well as 3 mediums and 8 lows. I got paid 3k$ and the issue was fixed. Everyone is happy 😊

14

4

197

@GeorgeHNTR

George Hunter

1 year

Huge thanks to @0xMackenzieM and the @immunefi team for their support during the mediation process for my first bug bounty 🙏 I'm definitely going to start spending more time bug hunting on Immunefi soon 🫡

Tweet media one

26

11

196

@GeorgeHNTR

George Hunter

2 years

1/ Want to know what are the resources that gave me the best preparation possible to become a full-time Blockchain Engineer within 6 months as a 17-year-old boy? 🚀 A thread full of free resources for blockchain developers 📚 I’d appreciate a retweet, spread the knowledge 🫡

11

59

195

@GeorgeHNTR

George Hunter

2 years

I put 40 hours a week into studying, researching and reporting smart contract vulnerabilities aside of my full-time job as a smart contract engineer This is a total of 10-12 hours a day, 7 days a week That's how I'm progressing so fast in the auditing space 🕵️‍♂️

17

15

178

@GeorgeHNTR

George Hunter

10 months

2023 recap: - 17 solo security reviews - 26 team security reviews - 1 critical bug bounty - a high 9-figure TVL protocol client - about $350,000 earned 2024 goals: 1. crush @immunefi bug bounties 2. 1. ^

10

5

176

@GeorgeHNTR

George Hunter

1 year

While some projects avoid paying for vulnerabilities, others are generous and build strong relationships with smart contract security experts. I recently received my first tip for a smart contract audit and I can't express how good it feels to see your work being so appreciated.

Tweet media one

5

3

178

@GeorgeHNTR

George Hunter

11 months

Do you regularly get "Hey sir how can I start my journey" DMs? 🥱 If you're looking for some general response, here it is: 1. @PatrickAlphaC 's Foundry course. 2. @ProgrammerSmart 's 0.8 playlist. 3. @0xOwenThurm 's Advanced Web3 Security course. 4. Crush @code4rena contests.

12

18

170

@GeorgeHNTR

George Hunter

10 months

Did you know that all versions of OpenZeppelin from 2.0.0 to 4.9.2 contain at least 1 security vulnerability? 3.4.0 alone contains 14 known and later mitigated security vulnerabilities. Here's a list you can use to easily check if your code is affected.

GitHub - GeorgeHNTR/oz-known-issues: Find the version that the project you currently develop or...

Find the version that the project you currently develop or audit uses and quickly check which are the known smart contract security vulnerabilities that may affect your code. - GeorgeHNTR/oz-known-...

5

24

174

@GeorgeHNTR

George Hunter

4 months

Only in the Web3 Security space you can regularly see teenagers going from $0 to $10k a month in <6 months and from $10k to $100k a month in <12 more months. This space truly rewards those who put extraordinary effort into becoming the best and getting an edge in the market.

4

11

173

@GeorgeHNTR

George Hunter

10 months

5+ years old smart contract attack vector yet still being missed by most security researchers in 2023. 🤔 An insightful blog post describing what block stuffing is. 👇 1/2 🧵

Tweet media one

4

22

161

@GeorgeHNTR

George Hunter

4 months

If someone finds a critical vulnerability in the Euler EVC code after all these audits, they will be remembered for a long time.

Tweet media one

16

3

168

@GeorgeHNTR

George Hunter

1 year

April's my 1st month auditing full-time and I'm really glad with my progress so far: - joined @0xPaladinSec - passed the @SpearbitDAO test - received my 1st bug bounty - performed several solo audits and scheduled more - found multiple critical vulnerabilities in 7+ figure

15

15

162

@GeorgeHNTR

George Hunter

2 years

First @code4rena audit contest for 2023 - my first 4-digit reward and for the first time I'm in the Top 5 wardens 🚀💰 Reported 2 Highs, 2 Mediums and 1 Low severity issues of which one medium was even selected for the final report 🙏🏻

Tweet media one

22

3

162

@GeorgeHNTR

George Hunter

1 year

I couldn't agree more with their reasoning.

Tweet media one

29

10

162

@GeorgeHNTR

George Hunter

1 year

Receiving $26,000 and having just 1 dup for one of the most well-known vulnerabilities is impressive, but in a weird way. Is competition really that low on contests right now?

Tweet media one

14

9

154

@GeorgeHNTR

George Hunter

1 year

Auditor: Your admin can steal funds from users. Devs: Yes, we know that, it's normal, every protocol has an admin who can set critical parameters. ... The mitigation is a simple `if` check in a setter function, wdym it's normal to leave it? This is the current state of DeFi.

12

15

156

@GeorgeHNTR

George Hunter

10 months

Last night I remembered that a recent solo audit client of mine was implementing a pattern similar to the one causing the critical vulnerability disclosed by the OpenZeppelin team: I immediately jumped to double-check the code (even tho it was past 2am

Tweet media one

4

9

157

@GeorgeHNTR

George Hunter

1 year

Are you looking for an endless learning resource that will improve your auditing and research skills? This one covers ~300 real-world exploits and provides Foundry tests used to perform each attack locally on a forked network. You can thank me later ✌️

Tweet card media

GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

3

29

152

@GeorgeHNTR

George Hunter

10 months

Late night thoughts: If I go all-in on bug hunting on @immunefi throughout the whole 2024, would I be able to reach the Top 15 and earn >$1M by 2025? I truly believe I'm capable of achieving it.

23

6

153

@GeorgeHNTR

George Hunter

1 year

Auditing is sometimes so strange... - you work with several audit firms - paying hundreds of thousands of dollars for their services - they spend tens of human weeks inspecting every single line of code and then... some anon kid takes a look at your codebase for one night

12

14

153

@GeorgeHNTR

George Hunter

10 months

I just found the resources my last employer gave me to prepare for my first job as a Smart Contract Engineer over a year ago. No courses, no tutorials, just straight-up docs. That's the way I liked to learn too. What would you change or add now? 🤓

Tweet media one

10

20

153

@GeorgeHNTR

George Hunter

9 months

I wish I wasn't a smart contract security auditor... I want to put my money in a DeFi protocol. But to feel really safe, I need to spend a couple days reviewing their code and understanding the whole system completely before clicking the deposit button.

17

5

139

@GeorgeHNTR

George Hunter

2 years

My first 2 smart contract audit reports are now public on my GitHub profile 👀 The stats: - 2 critical vulnerabilities - 8 medium severity issues - 21 lows and informational findings The client was more than happy with both audits 😊

8

23

145

@GeorgeHNTR

George Hunter

2 years

CTFs are the best way to practice smart contract hacking when you're a beginner Three of the most popular CTFs are: • Damn Vulnerable DeFi • Ethernaut • Capture The Ether You can check out my solutions for each of them here

Tweet card media

GitHub - GeorgeHNTR/CTFs: My solutions to some of the most popular and most challenging Solidity...

My solutions to some of the most popular and most challenging Solidity Security CTFs - GeorgeHNTR/CTFs

5

41

144

@GeorgeHNTR

George Hunter

1 year

My first unique high severity finding at @sherlockdefi and a pretty good reward for a one night contest 🎉 It was a pretty simple issue that I learned from @paladin_marco 's pinned tweet quite some time ago 🙏

Tweet media one

17

3

142

@GeorgeHNTR

George Hunter

1 year

I feel encouraged

Tweet media one

19

4

144

@GeorgeHNTR

George Hunter

1 year

The @SpearbitDAO entry task from last year is still a good exercise for beginners to test their hacking skills. It contains a critical vulnerability that you should always check for during a security review. The bonus task is also very interesting. 👀

Tweet card media

GitHub - spearbit-audits/writing-exercise

Contribute to spearbit-audits/writing-exercise development by creating an account on GitHub.

5

23

137

@GeorgeHNTR

George Hunter

10 months

🚨 All Solidity developers should check the list below before submitting their codebase for audit. It's almost 2024, if you're still not familiar with all weird ERC20 token behaviours and integrations listed below, you lack behind. 👇

Tweet card media

GitHub - d-xo/weird-erc20: weird erc20 tokens

weird erc20 tokens. Contribute to d-xo/weird-erc20 development by creating an account on GitHub.

2

9

136

@GeorgeHNTR

George Hunter

1 year

Everyone supports the whitehats until it comes to paying out bug bounties.

9

16

138

@GeorgeHNTR

George Hunter

11 months

Audit Contests Alpha: Audit contests are a game of reporting and negotiating for medium-severity findings. Highs are usually black and white and rarely solos, but almost all of the top researchers' findings that I've read are very nuanced and in places that no one even looks at.

14

7

133

@GeorgeHNTR

George Hunter

2 years

Top 4 discord communities for smart contract auditors: • @TheSecureum • @code4rena • @sherlockdefi • @SpearbitDAO Remember, your network is your net worth 💰

8

21

129

@GeorgeHNTR

George Hunter

1 year

When you audit a protocol that will be deployed on multiple different EVM chains you should verify that it will be working on all of them. An example of quite crucial mistake is assuming that USDC or USDT always have 6 decimals, while on BSC they both have 18 decimals precision.

8

14

136

@GeorgeHNTR

George Hunter

2 years

1/ Part 2/2 Signature Malleability 📝 А thread explaining another type of signature malleability in smart contracts 🧵 If you haven't seen part 1, check it out here 👇🏼 As last time, I’d appreciate a retweet, spread the knowledge with others 🫡

@GeorgeHNTR

George Hunter

2 years

1/ Signature Malleability 📝 А thread explaining what the Signature Malleability vulnerability is in smart contracts 🧵 I’d appreciate a retweet, spread the knowledge 🫡 Also, I'll post part 2 explaining a second type of Signature Malleability, so turn on the notifications 🛎️

10

96

300

8

35

128

@GeorgeHNTR

George Hunter

1 year

If this vulnerability was responsibly disclosed instead of exploited: - JPEGd's users wouldn't have lost $11 million - No reputational damage would have been caused - The guy would have gotten a solid bug bounty instead of been front-run by a MEV bot Choose the right hat anon

@peckshield

PeckShield Inc.

1 year

Hi @JPEGd_69 , you may want to take a look:

137

108

545

13

7

131

@GeorgeHNTR

George Hunter

10 months

I'm hearing about more and more junior solo auditors breaking into the space with PPV security audits, and I think it's a really good deal for both low-budget projects and inexperienced auditors. Here's a simple pricing I've seen from multiple parties:

Tweet media one

9

9

130

@GeorgeHNTR

George Hunter

1 year

So many people decided they wanted to become ZK security researchers yesterday, just by learning the basics in 1 week and entering a contest next month. My opinion is that unless you have longer term plans to do ZK stuff, you should focus on what you're already trying to succeed

17

7

123

@GeorgeHNTR

George Hunter

11 months

How to build a successful career in web3 security? Choose your path and stick to it, putting all your effort and hours into it. Many people do contests, solo audits, bug bounties, running a firm, etc., but in the end, they do not truly master any of these crafts. Some folks

5

6

124

@GeorgeHNTR

George Hunter

5 months

Every day I hear stories from folks like @deadrosesxyz and @KrisApost1 about bagging $10k for a 1-hour bug hunt or winning 6-figure bug bounties. Yet, what really excites is when someone makes their first $1,000 bucks on @code4rena . Nothing is as sweet as your first small win.

9

3

125

@GeorgeHNTR

George Hunter

1 year

Did you know that the `ecrecover()` function in Solidity doesn't update the free memory pointer with all the used memory? This can be pretty dangerous, especially if there's inline-assembly code relying on zeroed-out memory after the free memory pointer. Here's an illustration:

Tweet media one

7

14

123

@GeorgeHNTR

George Hunter

8 months

The best way to get audit clients: - referrals from previous clients and fellow auditors Always lovely to read such stuff.

Tweet media one

9

7

124

@GeorgeHNTR

George Hunter

1 year

Trust the *mediation* process, whitehat. @immunefi has your back 🫡

Tweet media one

10

12

124

@GeorgeHNTR

George Hunter

9 months

Spicy take: 🌶️ There are good security auditors who do bad marketing. And there are good marketoors who do bad security audits. Haven't seen anyone who does both great.

23

7

122

@GeorgeHNTR

George Hunter

10 months

One thing I find extremely valuable during an audit is having a live 1:1 conversation over a call with a junior auditor. Last weekend, I did a 4-hour session like that, which helped me stay more focused and also gain deeper understanding more quickly as I had to ELI5 everything.

18

2

118

@GeorgeHNTR

George Hunter

10 months

In the past 24 hours I: - had 5 hours of sleep - completed 3 team audits mitigation reviews - closed a deal with a high 9-figure TVL protocol - had 2 calls with previous/current clients - researched a security topic for future project No big gains, just hard work. 🥱

7

2

119

@GeorgeHNTR

George Hunter

11 months

Last night I found a critical smart contract vulnerability in @LayerZero_Labs 's bug bounty program for $15M. 🤯 Then I woke up.. Going back to the solo audits I guess. 😕

10

2

119

@GeorgeHNTR

George Hunter

7 months

The best thing about making a lot of money in web3 security? Being able to offer internships to junior auditors who can't afford to do it full-time but really want to. Also, being able to find work for senior fellows and offer even higher quality service to protocols. ⬇️

27

5

120

@GeorgeHNTR

George Hunter

2 years

A total of 22 hours spent this weekend reading audit reports and studying past exploits. I've learned a ton and always feel like I'm just getting started. This is what I like most about web3 security. Always level up 🫡

11

3

120

@GeorgeHNTR

George Hunter

6 months

I share too much alpha in DMs that doesn't make it to the public. Planning to collect all advices and key chats from the Hunter Security Mentorship and publish them at the end. Including stuff like: - how to perform well in contests - how to achieve high audit coverage - how

5

1

116

@GeorgeHNTR

George Hunter

2 years

What do you think the answer is 🤔

Tweet media one

31

10

117

@GeorgeHNTR

George Hunter

4 months

You think there's nothing sexier than your girlfriend? Take a look at Euler's V2 smart contracts + documentation and we'll talk again.

6

3

116

@GeorgeHNTR

George Hunter

1 year

At the end of an audit, you should have a deeper understanding of the smart contracts than the people who designed, developed, and tested them over the past few months or even years. That's why one piece of advice I like to give to most beginners is to first learn how to gain a

7

10

115

@GeorgeHNTR

George Hunter

4 months

Hard-learned lesson: You want to rise in the web3sec space? Great! But don't do it by bringing others down... morality > business

7

3

115

@GeorgeHNTR

George Hunter

1 year

A good summary of the leading auditors from all different types of audits being offered out there. Pretty interesting to see the solo audit column being all Bulgarians. 👀🇧🇬 Check out the full blog post by @0xBeirao :

Tweet media one

9

17

111

@GeorgeHNTR

George Hunter

1 year

The fact that a junior developer with 2 weeks of experience might know some things that the top security researchers don't is why I believe that: 1. audit contests are undoubtedly a great model 2. "there will always be one more bug"

10

9

113

@GeorgeHNTR

George Hunter

2 years

• You feel like you've mastered Solidity? Learn inline-assembly. • You feel comfortable with inline-assembly? Study pure Yul. • You feel like you know Yul too? Go read some unverified smart contract's bytecode, hacker 💻

9

18

110

@GeorgeHNTR

George Hunter

1 year

Something I do before the end of an audit is to take 1 day off without thinking about the codebase. Then I come back, remove all my notes (or git clone again) and look for more creative and sophisticated vulnerabilities, leveraging the knowledge and context I've gathered so far.

13

8

113

@GeorgeHNTR

George Hunter

1 year

Web3 security twitter by the end of October: "DM for solo ZK audits" Mark my words.

18

2

113

@GeorgeHNTR

George Hunter

9 months

I created a small research and summary document for a client of key considerations when integrating Chainlink VRF in your smart contracts. The resources I mostly used were Chainlink's docs and Solodit. Feel free to check it out and suggest improvements:

Tweet card media

Chainlink VRF Research

Chainlink VRF Research Two methods to request randomness: Subscription-based - create a subscription account and fund it with LINK tokens. Then you connect 1 or more consumer contracts that use it....

docs.google.com

8

14

111

@GeorgeHNTR

George Hunter

1 year

0:26 - I get invited to a private smart contract repo of a potential client. 2:34 - I start reviewing the contracts to assess the scope of work and prepare an appropriate quotation. 3:43 - I get back to the client with the quote as well as 1 Critical and 2 High findings.

9

2

108

@GeorgeHNTR

George Hunter

5 months

First time having a project I've audited several times scam me for a 5-figure $$$. An expensive reminder to always set up legal contracts and have full upfront payment.

13

2

107

@GeorgeHNTR

George Hunter

2 years

Guess who won't get paid for their valid critical bug submission on Immunefi...

26

4

108

@GeorgeHNTR

George Hunter

1 year

If you are looking for a way to leverage your bug bounty you may find this tools useful. Recently used it to find other contracts that rely on a contract I found a vulnerability in by simply entering its address. Thanks to @christos_eth for sharing! ✌️

Tweet card media

Search for verified smart contracts. Built by Electric Capital

www.codeslaw.app

9

19

109

@GeorgeHNTR

George Hunter

1 year

Did you know that Arbitrum does not yet fully support contracts compiled with solidity version 0.8.20? This may be an interesting finding in your next audit.

Tweet media one

3

15

110

@GeorgeHNTR

George Hunter

1 year

As an auditor, taking on too much work is unhealthy for both you and your clients. After missing a couple of highs in a recent private audit due to low time commitment, I plan to take a step back, get some good rest, and start managing my workload more effectively.

9

3

107

@GeorgeHNTR

George Hunter

6 months

Only in web3 you can find folks making 7-figures a year and living on 3-figures a month.

4

2

103

@GeorgeHNTR

George Hunter

1 year

Seeing... unchecked { ++i; } ...at the end of every `for` loop while auditing a smart contract codebase is killing me. Next time I see this I'll just offer a 3% discount of the audit quote if they simply rewrite it to `i++`.

20

4

106

@GeorgeHNTR

George Hunter

10 months

9 Bug Bounty Programs have launched on @immunefi just over the past 1 week with over $4 Million in max rewards... I might soon take a big break from the solo & team audits and test my skills in the wild. The bull market is coming. 📈

5

5

99

@GeorgeHNTR

George Hunter

11 months

Just yesterday I received 5 requests for audit. - 3 from new projects (solo) - 1 from a previous client (solo) - 1 from Paladin (team) Demand for solo auditors is definitely there and here to stay. ✌️

4

2

99

@GeorgeHNTR

George Hunter

2 years

I've been learning smart contract security vulnerabilities for 2 months now 🕒 This weekend was my first audit contest at @code4rena since then and I think I managed to report some pretty interesting findings 👀 Waiting for the results to come out 🤞🏼

6

1

101

@GeorgeHNTR

George Hunter

1 year

I haven't had a resting weekend for probably over half a year now and this one felt so refreshing - no solidity, no web3 stuff, no smart contract vulnerabilities.. just me, my car, my friends and good music.

9

3

102

@GeorgeHNTR

George Hunter

9 months

I thought to have the most clients, I had to be the best researcher. Turns out almost no one cares about actual high-quality security reviews. The only thing that matters is reputation. Whether it's built through great security work, or just by tweeting newbie stuff every day.

10

1

101

@GeorgeHNTR

George Hunter

2 years

😊 @yAcademyDAO

Tweet media one

14

0

101

@GeorgeHNTR

George Hunter

1 year

For anyone who has DM'd me asking where to find a top job as a smart contract auditor, check out this list of open positions for auditors and security researchers made by @0xaash 🔥

5

24

101

@GeorgeHNTR

George Hunter

2 years

Have you set your goals for 2023? 🚀 These are mine: • Start a full-time job as a Smart Contract Security Researcher 💻 • Place in the top 25 in @code4rena and @sherlockdefi leaderboards🏅 • Join @SpearbitDAO 🤞🏼 • Grow tweeter profile to 5k followers 🚀 • Retire mom ❤️

13

6

100

@GeorgeHNTR

George Hunter

9 months

Back in my early days, studying late at night in the office from @1nf0s3cpt 's amazing resource: No courses, no roadmaps, no mentoring. Just thoroughly researching, consuming as much quality educational content as possible to prepare for this journey.

Tweet card media

GitHub - SunWeb3Sec/DeFiHackLabs: Reproduce DeFi hacked incidents using Foundry.

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

@GeorgeHNTR

George Hunter

2 years

Love grinding at weekends alone in the office, gives me a great feeling of being one step ahead of everyone else

Tweet media one

1

2

30

4

10

99

@GeorgeHNTR

George Hunter

8 months

How it all started about a year ago...

Tweet media one

5

0

98

@GeorgeHNTR

George Hunter

1 year

I think this picture says it all.

Tweet media one

1

6

96

@GeorgeHNTR

George Hunter

1 year

@0xMackenzieM One of the best things about web3 security - there are no age, gender, race, religion or other similar limitations. Pure skills is what is noticed and valued the most. Here's a really good part of Andy's latest video where Pashov talks about how 18-20 y.o. young men who he knows

0

12

92

@GeorgeHNTR

George Hunter

1 year

I just uploaded one of my latest and by far favorite solo smart contract security review reports. It contains 4 Critical, 2 High and 2 Medium severity findings, all of which have an executable Proof of Concept (Foundry test). Check it out!

Tweet media one

7

10

93

@GeorgeHNTR

George Hunter

2 years

A common trick that even I've used to test people auditing my smart contracts - leave some pretty obvious issues in the code on purpose and see if they'll catch them. I tried it once with a fairly expensive audit from a tier 1 company and they reported none of them 😬

11

9

94

@GeorgeHNTR

George Hunter

1 year

If you have more than 10 high/critical severity issues per 1000 sloc, you definitely need: 1. a second audit by the same or another auditor 2. better developers I personally wouldn't feel safe otherwise with this project if I were the auditor or the developer or even a user.

3

3

95