StErMi @StErMi Twitter profile

Pinned Tweet

StErMi

4 months

During the next few days, I will share some of my private security research work that I have done in the last year. All those projects are @aave related, and I feel very proud to have been chosen as one of the security partners to review them. I'm pretty sure that the

7

8

96

Last Seen Profiles

@jord_NFT

@Laven_Adil

@PDXHeartValveMD

@ColinRayVWU

@Tari_lubis28

@cagdasscelik

@Sikipoo

@scgkme

@SmithKathr71856

@prateek_nagar

@StormBaby8

@NawalQ8news

@NonPeppy

@Copy72462577044

@StormBaby8

@vonnemist

@yoccy

@ModernLivingEA

@Baca79342

@Naomikibandi

@Khurtizz

@Chinn_P0u

@JaligamaPavan99

@3beerAbeer332

@HanssensAnthony

@RSepcic

@RMVdeR

@dog_saikyou

@TorbenPlatzer

@VictoryAshanty

@HnDis9469

@davep6

@hoagiay28121

@S8raMx

@74_emon

@stw_pdg

StErMi

@StErMi

2 years

Many people lately sent me DM asking how to become a security researcher and approach web3. Here are some of the suggestions I gave to them (keep reading, it's a long one)

16

127

439

StErMi

@StErMi

1 year

I can finally share that I was able to find three different bugs on @AaveAave during a @SpearbitDAO audit on the @MorphoLabs project. In the coming weeks, I'll share a more detailed blog post, so keep an eye on my Twitter if you don't want to miss it!

BGD. Bug bounties proposal

TL;DR Present to the community different security disclosures received during the last months, with our evaluation of each one of them, remediation, and ad-hoc proposal of bounties, required until a...

governance.aave.com

29

13

270

StErMi

@StErMi

8 months

I can finally disclose that I was able to find another 2 unique bugs in the @aave v2/v2 ecosystem: 1) Inconsistent validation on Aave v2/v3 2) Inconsistent HF (Health Factor) behavior swap borrow rate mode With these two additions, I have found and disclosed in total 5

12

11

245

StErMi

@StErMi

2 years

Solidity security pro-tip: how does "delegate call" behave in different scenarios? 1) existing contract, existing function, return uint256 2) existing contract, NOT existing function 3) existing contract, existing function that REVERT 4) not existing contract

5

42

206

StErMi

@StErMi

6 months

Finally, it's time to share what I was working on the last couple of days during my spare time: Smart Contract Inspector is a small Chrome Extension utility for people like me that needs to review the source code of verified Smart Contracts on all the

GitHub - StErMi/smartcontract-inspect: Quickly open your favorite Web IDE to review the selected...

Quickly open your favorite Web IDE to review the selected smart contract codebase - StErMi/smartcontract-inspect

github.com

3

16

114

StErMi

@StErMi

1 year

I have crushed another huge milestone for my 2023 🔥 I was able to find and disclose two bugs on @immunefi (already confirmed and processed by the client). Can I now add it to my Twitter bio as an achievement? 😁

11

4

112

StErMi

@StErMi

2 years

2022 recap - switched from web2 full stack to web3 as security researcher - Done @TheSecureum RACE, CARE and CARE+ - Done @yAcademyDAO Block 1 - Done 8 audits with @SpearbitDAO - Found 2 high and 8 med from @code4rena - Posted 55 posts on my blog

5

108

StErMi

@StErMi

11 months

Do you remember that some weeks ago I was talking about three different massive career announcements I wanted to share, but they were not ready yet to be disclosed? This is the first one. I'm very proud to finally be able to share that I have been promoted to LSR inside the

14

2

105

StErMi

@StErMi

6 months

The Chrome extension Smart Contract Inspect has been approved and is published in the Chrome Web Store 🚀 What does it do? It allows you to inspect the source code of a Smart Contract with your preferred Web IDE with just one click (or keyboard

Smart Contract Inspect - Chrome Web Store

Inspect the source code of a Smart Contract with your preferred Web IDE with just one click (or keyboard shortcut)

chromewebstore.google.com

6

7

104

StErMi

@StErMi

3 years

I wanted to create something for #rarity by @AndreCronjeTech . So I came up with the idea of a global and pluggable Achievement System. This is just a Proof of Concept but I would love to get some feedback from the community! #solidity #web3 #dev 👇 🧵

Proof of Concept of an Achievement System for Rarity

I think that everyone here knows already what Rarity is right?

stermi.medium.com

4

79

StErMi

@StErMi

3 months

I just realized that I'm in first rank position for the @aave Aave v3.1 Competition @cantinaxyz contest. Nice to know that I'm still in the top rank for the Aave codebase 😎

8

2

85

StErMi

@StErMi

1 year

I think that it's pretty clear that there should be some kind of council between audit entities (audit firms, @code4rena , @sherlockdefi , @SpearbitDAO , ...) and protocols to define and adopt the following standards and procedures - security researchers should audit deployments to

9

10

77

StErMi

@StErMi

9 months

Do you want to know more about the Transient Storage Opcode? Solidity 0.8.24 has just dropped and there's an interesting blog post about it that is worth checking it out. "Transient storage is a long-awaited feature on the EVM level that introduces another data location besides

3

13

70

StErMi

@StErMi

3 years

Do you want to learn how to create an ERC20 Token and a Vendor Smart contract to allow people to buy and sell it? Follow this blog post #eth #web3 #solidity #react #dev #erc20 👇 🧵

How to create an ERC20 Token and a Solidity Vendor Contract to sell/buy your own token

In the previous scaffold-eth challenge, we have created a Staker dApp. In this challenge, we are...

dev.to

1

4

68

StErMi

@StErMi

1 year

I'm going to crush @CodeHawks launch contests! Who is also going to join the challenge? Should I start to write a blog post / report post-competition? Are people interested in this kind of content?

21

1

67

StErMi

@StErMi

23 days

In the last couple of months, some security researchers have DMd me on Twitter or Discord asking questions related to @aave . I think that it took me at most 1 minute to double-check the code and provide the correct answer to their question. It feels great when people reach out

3

0

67

StErMi

@StErMi

1 year

As promised, at the end of the tweet, you will find the link to the blog post about the second issue I have found on the @AaveAave protocol some months ago. This one is a fascinating edge case that could have caused some big trouble for @AaveAave . It's about e-mode, custom

3

6

63

StErMi

@StErMi

2 months

My Twitter timeline is literally full of garbage and I don’t know what I can do to roll it back to only the content I’m interested into. I really have no more interest in opening this app because of it. @elonmusk what’s going on? I have no interest in meme, Olympics, politics

28

0

59

StErMi

@StErMi

1 year

On May 15th 2023, Aave have officially released a post on their Governance forum to disclose different bug bounty submissions. Three of them have been submitted by me, and you can't understand how much proud of myself I am right now! Do you want to learn more about the issue I

1

9

55

StErMi

@StErMi

1 year

The report for the first @CodeHawks contest has been published, and it's a bitter-sweet result for me. I always have mixed feeling when I participate in public "PVP" contests. Take a look at the current leaderboard: If you order the result by the High

24

0

55

StErMi

@StErMi

6 months

I have built a Chrome extension that allows you to quickly open a Visual Studio Code web editor from an Etherscan page. I need a logo, but I'm the worst at design and I don't want to waste time with AI tools and possible legal problems. Is there a designer that would like to

30

1

49

StErMi

@StErMi

3 years

In this blog post, I'm going to learn with you how to create a smart contract, a react application to connect to it, and at the end deploy everything on a testnet. Everything thanks to scaffold-eth: #eth #web3 #solidity

How to write your first decentralized app — Scaffold-eth Challenge 1: Staking dApp

In this blog post, I’m going to cover the first scaffold-eth speed run project: creating a Staking dApp. If you want to know more about…

stermi.medium.com

3

15

53

StErMi

@StErMi

7 months

Sunday reflection: contest that won't pay for low/info findings and why I think they shouldn't do that. Context: I'm participating in a contest that follows this rule. Unfortunately, I discovered it only once I had already submitted some of them (totally my fault to not have

18

3

51

StErMi

@StErMi

4 months

The third private security review I want to highlight has been commissioned directly by @avara . The project to review was GHO Stability Module (GSM) from @aave During the review, I was able to find: - 4 Medium Seventy issues - 10 Low Severity issues - 21 Informational issues

3

2

46

StErMi

@StErMi

1 year

Ok, I've started watching the @summit_defi VODs. I'll try to list them and some TLDR of each video.

26

4

44

StErMi

@StErMi

1 year

This Sunday I will drop the last blog post about the bug bounties I received from @AaveAave for a total whopping amount of $35000. It will be a fascinating one, I promise 😉 I'll give you a link to the previous two in the comments if you are eager to know more.

4

3

44

StErMi

@StErMi

1 month

Saturday mornings are the perfect moment to grab a coffee, relax and enjoy submitting bugs to @immunefi 😎

5

4

45

StErMi

@StErMi

2 years

As soon as you have good knowledge of Solidity, expand it to the EVM. A good place to start is here - - After reading those content, play EVM Puzzles and apply what you have learned

GitHub - fvictorio/evm-puzzles: A collection of EVM puzzles

A collection of EVM puzzles. Contribute to fvictorio/evm-puzzles development by creating an account on GitHub.

github.com

1

6

42

StErMi

@StErMi

4 months

Grinding knowledge on @aave has finally repaid 😁

Cantina 🪐

@cantinaxyz

4 months

It’s announcement season, the results for @aave ’s v3.1 competition are in! 🪐 Here are your top 3 ranked researchers: 🥇 @StErMi : 14,285.71 GHO 🥈 @krikoeth : 8,285.71 GHO 🥉 @zigtur : 6,285.71 GHO Congratulations to all those that participated. Full leaderboard below:

3

27

3

0

42

StErMi

@StErMi

6 years

I just published “Ontology Blockchain 101: A Developer Journey”. This will be a series of article about @OntologyNetwork development that will cover both C# Smart Contract and TypeScript (client SDK) #blockchain #Ontology #ont #smartcontracts

1

8

35

StErMi

@StErMi

1 year

@cellar_gg @Simo1028 @ParallelTCG @Fitchinverse @heyhaigh @TheFreeroll @Szerr0 Is this the right way to touch grass and learn more about how to play ranked? 😁 @ParallelTCG @cellar_gg

6

3

39

StErMi

@StErMi

3 months

One of the big pains with @immunefi is that you have to open each smart contract in scope. They should require the project to create an ad hoc and always in sync GitHub repo that mimics the deployed source code; otherwise, it's pretty challenging to manage it.

4

0

43

StErMi

@StErMi

2 years

It's time to talk about SRX (Security Researcher Experience) Are you planning to audit your solidity project? Make sure to have all these points covered if you want to maximize the output of your audit experience 🧵

1

7

39

StErMi

@StErMi

1 year

I can't express how much this tweet means to me. Thank you so much for the shout-out! @cmichelio is a role model to me. He's one of the best auditors I have met and a wonderful person both in RL and online. Auditing and discussing with him in private is always a delight. If I

cmichel

@cmichelio

1 year

@sjkelleyjr @sw0nt @gpersoon @StErMi @daejunpark

2

0

32

0

40

StErMi

@StErMi

6 months

Just wanted to give a shoutout to @benjaminion_xyz for the outstanding work he has done with The Eth2 Book -- A technical handbook on Ethereum’s move to proof of stake and beyond. This book is a must-read guide if you need to understand how ETH2 works

Upgrading Ethereum

A technical handbook on Ethereum's move to proof of stake and beyond.

eth2book.info

4

6

39

StErMi

@StErMi

1 year

Is out there a wallet that allows you to simulate a transaction and see what would happen? - how many ETH would be transferred and where - token approvals: which token and how much allowance - ERC20 token mint/burn/transfer from my wallet to another one or to my wallet -

24

4

37

StErMi

@StErMi

6 months

Today in Discord, I was complaining (again? Yes, until I get what I want 😁) about the lack of a real and proper Visual Studio Debugger for Solidity. A fully fledged, first class citizen debugger. And from nowhere @m4rio_eth linked to Simbolik, a Next-Generation Smart Contract

6

3

38

StErMi

@StErMi

1 year

I love the network of security researchers / devs that I'm building during the time in the web3 ecosystem. Not only many of them are OGs in their field, but they are also smart, humble and funny people to speak with, always ready to nerdsnipe between each other. One thing that

3

0

38

StErMi

@StErMi

2 months

What is my dream and goal for the future? Be able to find a high figure, multi-million bounty. Would I stop working after that? Not at all! This would allow me to be free and choose which project I want to review without having to think about money. Or maybe get some spare

5

0

37

StErMi

@StErMi

1 year

This is a wonderful article that any developer or security researcher should read and apply. By following these core concepts, the output is a clean and simple result. I can’t stress enough that simple and clear code only leads to a better and more secure product. Don’t be

2

6

35

StErMi

@StErMi

1 year

I'm so damn proud of the PoC that I've just finished. Can't wait to show it to you once the contest closes!

5

0

35

StErMi

@StErMi

1 year

In the next coming weeks, I'll share three amazing career milestones... I can't spill the beans yet, so bear with me a little longer 😉 I'm gonna crush this 2023, and I already can't wait to see what the 2024 will bring. Always push forward 🔥

0

36

StErMi

@StErMi

2 years

Do you know what's a Metamorphic Smart Contract? No? Well, it's time to take a cup of coffee and read my last blog post about "EKO2022 Enter the metaverse CTF Challenge 1 — Phoenixtto". The best way to enjoy your Sunday 😉

EKO2022 Enter the metaverse CTF Challenge 1 — Phoenixtto

EKO2022 Enter the metaverse is a collection of challenges made for the EKOparty 2022 submited by some gigabrain hackers Our goal is to be able to capture this strange monster called Phoenixtto.

stermi.xyz

4

14

35

StErMi

@StErMi

1 year

I honestly think that any med/high/crit finding must have a PoC to showcase it to be accepted in any contest or report. There are exceptions (if the outcome is really, really obvious) but in general, I think that you (security researcher) should always invest some of your time

13

1

34

StErMi

@StErMi

2 years

Join the @TheSecureum discord and start learning from all the material that @0xRajeev have created and gathered since the beginning. Replay the old quizzes, study the answers, and apply for the new ones. This is your first step, and you will learn a ton.

1

2

33

StErMi

@StErMi

1 year

Am I the only one thinking that @OpenZeppelin should not use the main branch of their contract repo to point to the active development (not production ready) release of the framework? I think that it should point to the last stable release.

6

0

35

StErMi

@StErMi

2 years

Start doing some CTFs - Capture the Ether by @smarx - Ethernaut by @OpenZeppelin - Damn Vulnerable DeFi by @tinchoabbate - @EthernautDAO has some on their timeline - many others You can find all the solutions and explanation to those CTFs on my blog

1

4

35

StErMi

@StErMi

1 year

Are you ready to follow me into a totally useless (or maybe not?) rabbit hole? Grab your caver hat and a flashlight and follow me deep down into this new blog post entitled "A fun on-chain investigation about PayPal `PYUSD` smart contract" What mysteries am I going to uncover?

4

6

33

StErMi

@StErMi

3 years

Great article by @kentcdodds about Memoization and React. I really love to learn how to optimize my react app #reactjs #ProTip

2

7

34

StErMi

@StErMi

8 months

Don't ask me why, but I've always been fascinated by the concept of bridge and cross chain. After the @Blast_L2 contest from @cantinaxyz I'm planning to do a much better deep dive into @Optimism and how it works. I hope in the future to be asked to join some security review

2

0

34

StErMi

@StErMi

2 years

The @EthernautDAO CTF Challenge Car Market solution blog post is out! Learn #ethereum smart contract security while solving CTF challenges! #ethereum #blockchain #web3 #smartcontract #security #ctf

EthernautDAO CTF — Wallet Solution

ΞthernautDAO is common goods DAO aimed at transforming developers into Ethereum developers.

stermi.medium.com

3

10

30

StErMi

@StErMi

1 year

The most complex issue I have reported for the Beedle contest on @CodeHawks is a High one about "Attacker can steal a loan's collateral and break the protocol" The flow of the attack is pretty complex and fun to detangle, it involves buying the loan by using a "fake" pool (that

2

33

StErMi

@StErMi

1 year

I'm back from vacation. Today is the last day to relax, so it's time to plan a blog post, do chores, play some @baldursgate3 , build @ParallelTCG deck to grind ranked and get up to date with all the @solidity_lang security news. Tomorrow a new @CodeHawks contest starts and I need

3

0

27

StErMi

@StErMi

1 year

I really don't think that any AI can't beat my manual security review and provide as much value.

15

0

32

StErMi

@StErMi

2 months

My @X timeline became super weird and useless with memes and things totally unrelated to my real interests and work. How much time and interactions (expressing that I'm not interested in posts/topics like those) does it take to go back to normality?

16

0

32

StErMi

@StErMi

2 years

You need to refresh your memory about ECDSA and signature validation? It's your lucky day! I have just released a blog post about "EKO2022 Enter the metaverse CTF Challenge 2 — Metaverse Supermarket" #solidity #security #smartcontract #ethereum #web3

EKO2022 Enter the metaverse CTF Challenge 2 — Metaverse Supermarket

EKO2022 Enter the metaverse is a collection of challenges made for the EKOparty 2022 submited by some gigabrain hackers Our goal is to be able to mint tons of `Meal`. It won't be easy because each...

stermi.xyz

3

12

32

StErMi

@StErMi

1 year

forge inspect is the hero we do not deserve

Foundry Book

A book on all things Foundry

book.getfoundry.sh

3

2

32

StErMi

@StErMi

1 year

Are you ready for the second write up about the bug bounties I have done for @AaveAave ? Stay tuned because tomorrow evening I will hit the publish button!

3

0

32

StErMi

@StErMi

1 year

Ok, I have just finished documenting the most complex PoC I have made (for a contest). I usually write down tons of comments to explain each step because I want anyone to understand the issue and follow the flow even by just reading the code. Is it worth it? Probably not because

4

1

31

StErMi

@StErMi

5 years

I've developed an escape-room framework to create and manage escape rooms for Alexa and Google Assistant. I'm looking for a partner that will help me to create content for those escape room. DM is open. #AlexaSkills #AlexaDevs #VoiceFirst #VoiceApp cc @alexadevs @Dialogflow

3

5

31

StErMi

@StErMi

1 year

This is the third and last post about the @AaveAave bounties I received, will you miss this weekly content? I will for sure, but it means that it's just time to find others bug to earn some deserved bounties 😁 This was a really juicy and interesting finding that made me earn

3

2

31

StErMi

@StErMi

2 years

EVM Puzzle 1 solution is out! Learn #ethereum EVM while solving fun puzzles! In this challenge, you will learn more about two EVM opcodes: - CALLVALUE - JUMP #evm #ethereum #blockchain #web3

EVM Puzzle 1 solution

This is Part 1 of the “Let’s play EVM Puzzles” series, where I will explain how to solve each puzzle challenge.

stermi.medium.com

1

5

27

StErMi

@StErMi

1 year

I'm so deeply sad to be at home while everyone is enjoying @summit_defi and @EthCC :( I would have loved to be there to watch live all the wonderful conferences, meet old friends and connect with old one :( I'll try to keep up with all the videos that will be uploaded to

5

0

29

StErMi

@StErMi

6 months

It's very cool that my Smart Contract Inspect Chrome extension has become a crucial part of my daily workflow. It's a strange feeling when you automatically use it without even noticing it! I just need to hit the keyboard shortcut CMD+Period, and instantly I can review the

2

30

StErMi

@StErMi

2 years

What's the best way to relax a bit if not keep solving the "EKO2022 Enter the metaverse" CTF challenges? I have just pushed the solution to the second challenge on my GitHub repo, and I'll start writing down the blog post about it. If you can't wait:

3

5

30

StErMi

@StErMi

1 year

Today I was reflecting on my personal way of writing issue content when I find them during an audit. Usually, I try to describe all the knowledge I gathered and the process I have used to arrive at the finding, and the result is that the content is pretty exhaustive but "very

5

4

30

StErMi

@StErMi

2 years

Start reading the @solidity_lang documentation. You can't be a developer or security researcher without knowing the language. You need to master it before anything else.

1

0

28

StErMi

@StErMi

1 year

Sometimes when you perform a security review, you need to follow your guts. At some point, while you review the code, you have that feeling that "something is wrong". You can't see it clearly at that very time. I usually leave comments in the code to remember that point and I

3

2

29

StErMi

@StErMi

2 years

I have created a blog post with in-depth explanation for each of those EVM challenges, you can find it here

Let’s play EVM Puzzles — learning Ethereum EVM while playing!

EVM Puzzles is a project developed by Franco Victorio (@fvictorio_nan) that is a perfect fit if you are in the process of learning how the Ethereum EVM works, and you want to apply some of the...

stermi.xyz

1

2

28

StErMi

@StErMi

2 years

As a freelance security researcher, you should be able to determine what are the next long-term trends and start learning deep as soon as possible. This will make you the best expert in that field and open you opportunities.

1

3

28

StErMi

@StErMi

1 year

Can someone explain to me what @code4rena Bot Race is? I was looking at their blog post, but it does not explain very much how it works. I would love to experiment with the idea, but I need more details about the contest. DM me if you have more details.

6

1

29

StErMi

@StErMi

1 year

I like that everyone right now is in Paris and tweets about web3 and security at the same time zone where I live at. It’s sooool much better.

1

26

StErMi

@StErMi

2 months

During the last 10 days, I have reviewed two protocols and submitted the report without have been hired for that. Basically, I have worked for free 😁 I had some spare time and I wanted to experiment with it by learning something new and seeing if it would be a good investment

4

0

28

StErMi

@StErMi

26 days

Again, huge shutout to the @smlxldotio team. They have done a great work since the very beginning with all the tools they have released during this whole time. The nailed the UI, UX and the value of the tools they released. First Then

EVM Codes - Opcodes

An Ethereum Virtual Machine Opcodes Interactive Reference

www.evm.codes

0

4

30

StErMi

@StErMi

1 year

You can't understand how much this achievement makes me proud. It means really a lot because it's a confirmation of all the learning and hardworking I've been doing lately. Looking forward to a great 2023 full of growth!

4

0

28

StErMi

@StErMi

1 year

The @CodeHawks leaderboard has been updated, and now I rank 4th if you order it by the XP and 3rd if you order it by the number of High severity finding. And I'm 55th if you sort it by Winning amount 😁 I hope that the XP will be worth something at some point.

5

0

27

StErMi

@StErMi

1 year

The report for Beedle, the first contest of @CodeHawks , has been finally published. Are you curious to see all the 9 High, 1 Medium and 2 Low issues I have found? Grab a beet because, you know me, the explanation won't be a short one, at least for the high I have found 😁

2

0

27

StErMi

@StErMi

7 months

Is there a quick and easy way to query the blockchain (without the need to build my own damn indexer) to know things like if a function has been called on a contract, if a contract has emitted an event and so on and get back the tx where it has happened? Note: I don't like and

26

2

27

StErMi

@StErMi

2 years

This is the path I've followed since now. It's not an easy journey, and you really need to be motivated, but at least for me, it was worth all the resources and hours I have invested into it.

0

26

StErMi

@StErMi

2 years

As soon as you feel ready, start applying to audits by joining - @code4rena - @sherlockdefi - @immunefi Each week you have new audits to join, and you will compete with other auditors to submit findings.

2

3

27

StErMi

@StErMi

3 months

Yesterday I was at the Modular DeFi Day event organized by @encodeclub and @eulerfinance . Tons of top-notch talks and panels, but the peak of the day for me was to receive a personal shoutout as a security researcher directly from. Being recognized for the hard work and

0

26

StErMi

@StErMi

11 months

I really love Solidity custom error (and all the benefits that you get because of them) but I think that I really prefer the "mental model" of the require statement. I don't know if it's because as a security research, I need to do tons of context-switching between `require` and

6

0

26

StErMi

@StErMi

1 year

How fun would it be if @cantinaxyz released a CTF that, if solved, provide you an invitation to the website?

3

0

26

StErMi

@StErMi

7 months

. @CoinbaseSupport what's the reason why I can't withdraw USD to my Italian bank that does support USD as a currency?

36

0

10

StErMi

@StErMi

2 years

Yeah, I know, I'm late to the party, but I'm planning to solve and share the solutions (with fully local working foundry tests) for the EKO2022 CTF Interesting challenges with tons of learning material to be shared. Follow for some juicy updates 😬

3

10

25

StErMi

@StErMi

6 years

I'm really excited to announce that I get nominated as SAP Community Member of the Month. As I always said it’s an amazing feeling to see all your effort to get rewarded by this amazing community #SAP #SAPCommunity cc @SAPCommunity @SAPdevs @techedgegroup

6

2

25

StErMi

@StErMi

8 months

Is reporting informational issues in a security review valueless? Maybe. Does it take a lot of time? Yes. But it's a proof of the passion, quality and attention to detail that I put into what I do. If I bother to look at those tiny details, you can be more than sure that I've

4

1

25

StErMi

@StErMi

1 year

I'm doing an "on chain investigation", nothing serious, it's mostly for fun and learn new tools. The tool I'm using right now are a mix of - @etherscan website - @Phalcon_xyz explorer website - EVM Storage website by @smlxldotio (super cool but still needs some improvements

6

1

26

StErMi

@StErMi

2 years

@SpearbitDAO instead is a group of freelancer auditors (you need to pass an initial test to be invited to audits) with the top security researcher in the field. I've learned tons by auditing with them. Bonus: their discord is full of interesting content to read.

2

1

25

StErMi

@StErMi

2 years

When auditing, I'm using the VS Code extension "Inline Bookmarks" by tintin. How to do you handle the case where the comment is very long, and you would like to split it in multiple lines without creating multiple " @audit " tags?

7

3

23

StErMi

@StErMi

1 year

Let's go! Huge congrats to @SpearbitDAO ! I'm really curious and exited to see what interesting projects will be audited by the outstanding security researchers that are part of the team! 🔥🔥🔥

Spearbit

@SpearbitDAO

1 year

We're excited to announce @SpearbitDAO will be a key security services provider for @BuildOnBase - helping build a more robust and secure ecosystem for developers and users on Base. Congrats on a successful mainnet launch and we look forward to securing the ecosystem 🔵☀️⚫️

6

98

2

25

StErMi

@StErMi

1 year

In the "Checks-Effects-Interactions Pattern" do you include the event emission in the "effects" part even if the event does not have any state variable in the input? In general, do you think that events should always be emitted before any external interaction?

11

1

25

StErMi

@StErMi

2 years

I have seen so many smart contracts during my audits and a common thing that I see is that there's a huge room for improvements in code quality, architecture design and optimization. This should be done since the beginning, otherwise the effort of pivoting grow exponentially.

4

1

25

StErMi

@StErMi

5 years

Here we go as promised I've built the #SAP Smart Store Manager app using #sapui5 #webcomponents with #VueJS cc @SAPdevs @SAP @OpenUI5

GitHub - StErMi/ui5con-app-vue: The Smart Store app is a Vue.js sample application, demonstrating...

The Smart Store app is a Vue.js sample application, demonstrating the usage of the UI5 Web Components. You can find a step by step tutorial below on how to build the app by yourself. You don...

github.com

0

9

24

StErMi

@StErMi

3 months

Yesterday, I was curious to know how many hours I have spent doing Security Research since my very first day of work in this space. Without counting Bug Bounty and Public Contests, I have logged more or less 2252 hours! Pretty nice 😁

4

0

24

StErMi

@StErMi

2 years

I think that @swyx "The Swyx Mixtape" podcast should come with a huge warning "can create addiction". In the last couple of weeks, I've listened to something like 20 episodes from the archives. Highly recommended!

The Swyx Mixtape

swyx's personal picks pod. Weekdays: the best audio clips from podcasts I listen to, in 10 minutes or less! Fridays: Music picks! Weekends: long form talks and conversations! This is a passion...

mixtape.swyx.io

0

3

23

StErMi

@StErMi

5 months

I almost finished the Visual Studio Code extension I'm building. I've done 3 complete refactor of it because I was not happy with the code. It probably needs much more refactor, but I'm fine with the current state. I'm going to iterate, add features and anything needed based

5

0

24

StErMi

@StErMi

3 months

Do you want to make your protocol secure? Help me to help you; it does not take too much. 1) Provide all the needed specifications, documentation, and diagrams needed to understand what your protocol does and how it works or interacts with other internal and external contracts

3

1

24

StErMi

@StErMi

1 year

In my spare time, I'm doing a re-run of the @AaveAave v2 and v3 codebase, and I'm annotating the differences between them. The notes are not well organized, but probably they are still useful to someone out there. Would you be interested if I publish them as they are, without

6

0

23