Arabadzhiev @arabadzhiev_ Twitter profile | Pikagi

Pikagi

Arabadzhiev

@arabadzhiev_

1,211

Followers

202

Following

36

Media

412

Statuses

Full-time Web3 Security Researcher | Former Web2 Software Engineer

Joined April 2023

Don't wanna be here? Send us removal request.

Pinned Tweet

@arabadzhiev_

Arabadzhiev

7 months

The past few months were tough. Loads of blood, sweat and tears without much in return. I felt like I wasn’t going anywhere. But today, I am finally happy to share my greatest accomplishment so far - My first ever contest win. The story continues, we are just getting started...

Tweet media one

24

4

195

Last Seen Profiles

@BlackchickW

@CATRONICA

@fric_h

@CyrusYari

@ImPrathameshB

@severin_rapp

@miumiuringoo

@_rexica

@KadelaCriada

@FundingTrader

@kiyomireno

@carlylachman

@Palghar

@M2133786545116

@skarpej

@kimmihji

@Z5o0r

@stwmaniax

@BinorRaja

@k_km5813

@bokeplokalmalam

@duraafterdark

@eimertpruis

@Willa__woman

@z_canu

@eisuke2050

@GoddessVenom1

@BChickWDick

@ryuchanlys

@luisangelleon13

@prachitripath1

@llustudy

@MONE_0824

@Polska_nowak94

@nikocoliterus

@bxejatt

@arabadzhiev_

Arabadzhiev

6 months

Ladies and gents, I recently took on what was probably my greatest Web3 security challenge to date - A Solana Rust contest, without any prior knowledge on any one of those two. And it looks like I did it again… Thanks for the opportunity @code4rena !

Tweet media one

32

5

203

@arabadzhiev_

Arabadzhiev

7 months

Managed to make it in the top 5 of the Napier contest at @sherlockdefi , while also securing my first unique medium finding It ain’t much, but it’s honest work

Tweet media one

4

2

96

@arabadzhiev_

Arabadzhiev

1 year

Last night I got my first 4 digit award from a smart contract security contest. This has been a big goal of mine ever since day one, and finally achieving it tells me that I’m on the right path. Thanks to @sherlockdefi for the opportunity! I think it’s time for big moves now…

Tweet media one

20

2

85

@arabadzhiev_

Arabadzhiev

1 year

1/ In my opinion, as of now, @sherlockdefi judging contests are the best way to get started with web3 security. Because of this, I decided to make a 🧵, where I explain the methodology that I personally use when participating in them. Sounds interesting? Then follow along 👇

5

6

59

@arabadzhiev_

Arabadzhiev

1 year

1/ What is MEV? What are some of the most common types of MEV? Follow this 🧵 if you want to find out 👇

1

10

55

@arabadzhiev_

Arabadzhiev

1 year

Man, the Web3 Security space is simply the best. Everyone is super ambitious, dedicated and hard working. New valuable information is constantly being shared on various platforms. And we are all doing this with one common goal in mind - To make Web3 a better place.

4

2

48

@arabadzhiev_

Arabadzhiev

6 months

Ain't no better feeling than finding a bug while writing the PoC for another

2

0

44

@arabadzhiev_

Arabadzhiev

6 months

Recently, I've been getting a lot of questions in regards to what my auditing methodology is. The answer is actually pretty simple - I just read code with the intent of breaking it. Everything else I've tried to add on top of that in the past has done me more harm than good.

2

0

42

@arabadzhiev_

Arabadzhiev

10 months

Just wrapped up my first Pay-Per-Vulnerability private audit. Thanks for the opportunity @ShieldifySec , it was an absolute pleasure working together. The report is coming out soon, so stay tuned - it’s going to be a good one.

1

0

40

@arabadzhiev_

Arabadzhiev

7 months

The educational aspect of Web3 Security has improved tremendously over the past year. So many new great resources were created, both free and paid, that it's unbelievable. So to everyone that is just starting out - Take full advantage of this, it can change your life.

2

3

39

@arabadzhiev_

Arabadzhiev

1 year

It's easy to work hard when everything goes your way. But what about when things start to get tough and you feel like you aren't going anywhere? - Well, those are the times when you have to show what you are truly made out of. Remember this, no matter where you are right now.

5

5

38

@arabadzhiev_

Arabadzhiev

11 months

I’ve been using the Remove Comments VS Code extension for the last two audits that I did. And I must say, WOW, it is a game changer. For some reason, diving into pure code at the beginning of the audit seems to remove a lot of overhead. Highly recommend giving it a try.

Tweet media one

4

1

32

@arabadzhiev_

Arabadzhiev

1 year

🚩There are certain things, that when we as Security Researchers see, when starting a new audit, let us know that we are about to work on a protocol of a low quality. I call those red flags. Here is my top 3 list of those👇 - The test coverage is bellow 80% 🥲 - There is no

0

2

29

@arabadzhiev_

Arabadzhiev

1 year

Auditing a protocol that has poor/no documentation? 💡 Take a look at its tests. They are the purest form of software documentation there is.

2

4

28

@arabadzhiev_

Arabadzhiev

1 year

If you need a quick, yet comprehensive introduction to Compound V2, this article by @bytes032 is the right one for you 👇

0

3

29

@arabadzhiev_

Arabadzhiev

1 year

Your mindset going into an audit is crucial. If you go in thinking “Man, this protocol is so well written, there can’t be any bugs in it” then congrats, you’ve just set up yourself for failure. You probably won’t find anything. Take this from me, I learned it the hard way ✌️

1

0

28

@arabadzhiev_

Arabadzhiev

1 year

Ok, hear me out. It is completely normal to feel like a dumbass, when starting to audit a protocol that is new to you. You just have to trust the process - put in some focused hours of reading through the code, and you will see how the magic slowly starts to happen.

0

1

21

@arabadzhiev_

Arabadzhiev

5 months

My friends @EgisSec are starting an awesome initiative. If I were someone who is just getting started with Web3 security, I definitely wouldn't want to miss out on it👇

@nmirchev8

nmirchev8

5 months

Win $1000! At @EgisSec , we were inspired and supported by other researchers, and we want to do the same for those who are starting right now. That's why we plan to give $1000 to the winner of the following challenge. ↓

58

42

93

2

0

21

@arabadzhiev_

Arabadzhiev

1 year

The automated findings from @code4rena bot races seem to be getting much better with time. This one is the winning report from the latest Amphora Protocol contest. It's crazy how many issues it was able to catch (albeit, some are probably invalid).

Tweet card media

Hound-bot-amphora.md

Hound-bot-amphora.md. GitHub Gist: instantly share code, notes, and snippets.

gist.github.com

2

0

22

@arabadzhiev_

Arabadzhiev

1 year

❗️ERC20 tokens can be dangerous to interface with, if you are unaware of the quirks that some of them possess. Here is a great list that covers a lot of those. 👇

0

1

21

@arabadzhiev_

Arabadzhiev

7 months

Thanks to everyone who has been there with me ever since the beginning of my Web3 Security journey - This one is for you

1

0

19

@arabadzhiev_

Arabadzhiev

1 year

A great playlist to get you stated with inline assembly in Solidity. As always, @ProgrammerSmart does not disappoint 👇

Tweet card media

Binary Exponentiation in Solidity Assembly

Just enough Solidity assembly to implement binary exponentiation

www.youtube.com

0

0

19

@arabadzhiev_

Arabadzhiev

1 year

"Building the POC was my first step down the rabbit-hole of programmable money. It was the most intriguing thing I had worked on in my life. It didn’t even feel like work." This article written by the man himself, @haydenzadams , is truly inspiring. 👇

0

1

18

@arabadzhiev_

Arabadzhiev

1 year

There are some code bases that utilize outdated versions of OpenZeppelin's smart contract library. When auditing such code bases, it is crucial to familiarize yourself with the vulnerabilities present in some of those versions.👇

Tweet card media

GitHub is where people build software. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects.

1

2

18

@arabadzhiev_

Arabadzhiev

1 year

Quick tip. Never leave writing reports for the last minute. It never turns out well...

4

0

17

@arabadzhiev_

Arabadzhiev

5 months

This should never happen. Change my mind.

@0xPopeye_

@popeye

5 months

So, It's called an Escalation War 🗡️

Tweet media one

2

0

17

1

0

17

@arabadzhiev_

Arabadzhiev

1 year

If you are anything like me and don’t like taking notes, this tweet is for you 👇 I’ve come to the realisation that taking structured notes during an audit, especially a bigger one, are absolutely necessary if you want to max out your efficiency. Without doing that, you will

1

0

14

@arabadzhiev_

Arabadzhiev

1 year

1/ Have you heard of the “First Depositor” vulnerability? If not, well, you’ve come to the right place. In this 🧵I am going to walk you trough what it is, and what are some possible ways to mitigate it 👇

1

2

15

@arabadzhiev_

Arabadzhiev

1 year

Ain't no better way to spend the Friday night, than reading trough past audit reports. Sharpening the arsenal for a weekend full of auditing. 😈

0

0

12

@arabadzhiev_

Arabadzhiev

6 months

@windhustler @tapiocadao @windhustler to @deadrosesxyz rn

1

0

11

@arabadzhiev_

Arabadzhiev

7 months

@p_tsanev Mr Steal Yo Pot 🫡

1

0

9

@arabadzhiev_

Arabadzhiev

5 months

@bytes032 @chrisdior777 Count me in

2

0

8

@arabadzhiev_

Arabadzhiev

1 year

If you need an introduction/refresher on Merkle trees, this is the perfect video for you. 👇

Tweet card media

Learn Solidity (0.5) - Merkle Tree

Learn about Merkle tree and merkle proof using Solidity.Code: https://solidity-by-example.org/app/merkle-treeRemix IDE: http://remix.ethereum.orgSolidity: ht...

www.youtube.com

0

0

9

@arabadzhiev_

Arabadzhiev

6 months

@xb0g0 @MarioPoneder I recently had the pleasure to participate in a contest that was judged by @MarioPoneder . Although he rejected my attempt to upgrade an issue of mine, he did so in such a manner, that I actually wasn't mad about it at all. Not only that, but I was also able to learn a thing or

3

0

7

@arabadzhiev_

Arabadzhiev

6 months

@AmrMalakX @code4rena I started in February last year and am still learning fren. The learning never stops in this space ✌️

0

0

7

@arabadzhiev_

Arabadzhiev

5 months

@xb0g0 Numbers don't lie. Those are some astonishing results 🫡 Congrats man!

1

0

6

@arabadzhiev_

Arabadzhiev

1 year

13/ Link to the whole Criteria for Issue Validity doc 👇

0

0

6

@arabadzhiev_

Arabadzhiev

6 months

@windhustler @14si20 @code4rena I share the same opinion here. Plus, writing those long ass analysis reports looks like a chore. But hey, to each their own 🤷

1

0

5

@arabadzhiev_

Arabadzhiev

1 year

I didn't come up with this methodology by myself though. Shoutout to @andyfeili for sharing it in one of his videos. 👇

Tweet card media

My Study Methodology

My note taking methodology for studying previous audit findings on code4rena. Code4rena reports:https://code4rena.com/reportsTomo's Blog:https://tom-sol.noti...

www.youtube.com

0

0

5

@arabadzhiev_

Arabadzhiev

1 year

This is HUGE! @PatrickAlphaC has just announced the launch of a new platform, that is both going to host audit contests, and serve as a marketplace for private audits. LFG 🚀

@PatrickAlphaC

Patrick Collins

1 year

Announcing... CodeHawks

48

71

358

0

1

4

@arabadzhiev_

Arabadzhiev

7 months

@dethSCA @xiaoming9090 Solid advice here. This guy is an absolute beast.

0

0

4

@arabadzhiev_

Arabadzhiev

1 year

@windhustler @code4rena Congrats man! Those are some massive numbers. You have proven once again that hard work does indeed pay off at the end of the day 🫡

1

0

3

@arabadzhiev_

Arabadzhiev

6 months

@MarioPoneder @CantoPublic @code4rena It's never too late to relocate 😎

1

0

3

@arabadzhiev_

Arabadzhiev

10 months

@dimulskiatanas @code4rena Great results man. Congrats! 🫡

1

0

1

@arabadzhiev_

Arabadzhiev

1 year

@ShieldifyAnon @ShieldifySec Thank you man! 🫡 Sounds like a deal to me. Drop me a DM ✌️

0

0

4

@arabadzhiev_

Arabadzhiev

7 months

@p_tsanev 🫡

0

0

3

@arabadzhiev_

Arabadzhiev

1 year

@GiuseppeDeLaZa @HollaWaldfee100 @0xreentrant Oh man, German music is where it's at. My personal favourites are 187 and Capital Bra. @GiuseppeDeLaZa you should give them a shot (I suppose @HollaWaldfee100 already knows about them 😃).

4

0

3