chrisdior.eth @chrisdior777 Twitter profile | Pikagi

Pikagi

chrisdior.eth

@chrisdior777

6,186

Followers

1,053

Following

322

Media

2,736

Statuses

Co-Founder @CDSecurity_ Providing Elite Smart Contract Security

Web3

https://t.co/wkLtljZHKx

Joined October 2021

Don't wanna be here? Send us removal request.

Pinned Tweet

@chrisdior777

chrisdior.eth

2 months

3 years ago, I started learning Solidity on . Now, I am a Co-Founder of a company with 50+ successful smart contract security reviews, an official security partner of Polygon Labs, and collaborating with some of the top auditors. What a journey!

Tweet card media

#1 Solidity Tutorial & Ethereum Blockchain Programming Course | CryptoZombies

CryptoZombies is The Most Popular, Interactive Solidity Tutorial That Will Help You Learn Blockchain Programming by Building Your Own Fun Game with Zombies — Master Blockchain Development with Web3,...

cryptozombies.io

24

35

428

Last Seen Profiles

@UnitedCabbies

@sLashannon18

@BorisJeno33300

@cesarnc99

@olipetrem

@LaytoyaMek9682

@lovenomxher

@chan_thavo88344

@seditious___

@manish_lenswork

@louis_mercier_

@Russell63573258

@albwaabh_s

@stw_pdg

@leroyNotSane

@fsgov

@BinorRaja

@PolacheckKSR

@taepeachjj

@FutbolExtremeo1

@ShieldofPallas

@BinorRaja

@rafaelbrl_

@Andy18512371

@CMontral72938

@omjuned81

@AudiPhotography

@dabaselvis

@bokeplokalmalam

@MC_Arbiter

@Einbecker_Bier

@DJVBB

@videolic04

@aassuab

@wooly61

@tiktok_us

@chrisdior777

chrisdior.eth

2 years

⚠️If you want to transition to web3 security, then this thread is for you! Pay attention, I will give you the exact steps that you need to take in order to start auditing smart contracts: A 🧵 1/ First things first, you need to understand Ethereum as much as you can 👇

40

115

470

@chrisdior777

chrisdior.eth

24 days

~40 smart contract vulnerabilities explained. Make sure you know all of them inside and out. Link:

Tweet media one

10

88

398

@chrisdior777

chrisdior.eth

4 months

If you want to be a good Solidity developer and auditor, you must have a deep knowledge of the programming language and the Ethereum technology. Here are 150 questions divided into 4 levels: Easy, Medium, Hard, and Advanced. Test yourself! ✅

Tweet media one

9

58

365

@chrisdior777

chrisdior.eth

9 months

Become an absolute Web3 Security beast in 2024!! Resources: 1. YouTube - Owen Thurm & Patrick Collins channels 2. Past audit reports - 3. Past hacks - 4. DeFi bible - 5. Books -

Tweet media one

13

100

339

@chrisdior777

chrisdior.eth

26 days

Here is a simple path to becoming a Web3 Security Researcher: 1. Basics of Blockchain 2. Fundamentals of Smart Contracts 3. Common Smart Contract Vulnerabilities 4. Niche Smart Contract Vulnerabilities Link to a great roadmap:

Tweet media one

10

78

308

@chrisdior777

chrisdior.eth

21 days

Smart contract auditing opens the door to: - Remote work. - A global market. - Many ways to earn (contests, bounties, private audits, etc.). - Making friends around the world. - Dopamine hits from finding Crit/High findings. What am I missing?✌️

17

24

286

@chrisdior777

chrisdior.eth

1 year

Started smart contract auditing 9 months ago. Here are my results so far: - 16+ private audits - 15+ Highs/Crits found - $70 000+ earned for the period - Met with a lot of auditors IRL - My life has been great ever since I have started Our website:

16

17

255

@chrisdior777

chrisdior.eth

2 years

Today, I have decided to do something I have never done before in my life. I will be quitting my regular job in cybersecurity next month to fully focus on auditing smart contracts. I have never let go of a secure income to pursue something I am passionate about. Now is the time.

34

6

246

@chrisdior777

chrisdior.eth

1 year

One beautiful trick that I have learned from @0xWeisss : 1/4 Isn't it annoying when you have to read the contracts in etherscan like that:

Tweet media one

21

59

222

@chrisdior777

chrisdior.eth

8 months

MUST be known: 90% of the smart contracts that we have audited which integrate `UniswapV2Router02.sol` make this mistake which allows 100% slippage during swaps. Most auditors know it but if you are someone who is planning to deploy such contract please know that: The swap

Tweet media one

Tweet media two

Tweet media three

10

22

205

@chrisdior777

chrisdior.eth

2 years

⛽️🤑25+ GAS OPTIMIZATION tips that will help you become a better blockchain developer and a better auditor for @code4rena . Part 1 of 3 posts: 1. Storage variable declaration doesn't cost anything, as there's no initialization.

3

50

194

@chrisdior777

chrisdior.eth

10 months

If you are a Solidity dev you should definitely check this out. High-level recommendations to build more secure smart contracts. Really helpful stuff that every Solidity dev/auditor should know very well.

Tweet media one

3

34

184

@chrisdior777

chrisdior.eth

11 months

I always recommend this book to anyone that asks me how to start with smart contract security. It is an excellent resource for gaining a solid understanding of the Ethereum technology without which you can never be a good security researcher.

Tweet media one

8

23

161

@chrisdior777

chrisdior.eth

1 year

Started smart contract auditing in November 2022. Here are my results so far: - 12 private audits + numerous C4 contests - 10+ High/Crits found - $30 000+ earned for the period - Helped 40+ newbies - Booked a ticket for the DeFi Security Summit event

14

8

156

@chrisdior777

chrisdior.eth

2 months

Did you know you can get ready for a Solidity Smart Contract Dev job interview with a handy checklist? Check out these 140 questions that will help you ace your interview. The questions are divided into four levels: Easy, Medium, Hard, and Advanced. ✅

Tweet media one

2

33

162

@chrisdior777

chrisdior.eth

11 months

If you are a Solidity dev or a Junior-Mid auditor, make sure you pay attention here.✍️ Must-know contracts: Token contracts: The most used token standards are EIP20 for fungible tokens, and EIP721 for NFTs. Proxies: There are many different proxy implementations, have a

5

23

149

@chrisdior777

chrisdior.eth

9 months

If you want to become really adequate in Smart Contract Security: 1. The staking algorithm of Sushiswap MasterChef: 2. In-depth explanation of the codebase of Uniswap V2 3. Compound V2

Tweet card media

Compound V3 - RareSkills

The RareSkills Compound V3 Book provides a detailed, line-by-line look at the most influential DeFi lending protocol, including a discussion of its tokenomics.

www.rareskills.io

7

31

150

@chrisdior777

chrisdior.eth

3 months

If you are curious about the requirements to work as a Senior Smart Contract Engineer at @Uniswap :

Tweet media one

7

12

152

@chrisdior777

chrisdior.eth

9 months

5 Smart Contract Security Audit Sources to learn findings from in 2024: 1. 2. 3. 4. 5.

Tweet card media

GitHub - CDSecurity/audits

Contribute to CDSecurity/audits development by creating an account on GitHub.

4

31

145

@chrisdior777

chrisdior.eth

2 years

Little over $3000 made from smart contract auditing in January from home.. private audits + code4rena contests. I think I have finally found my way out of the matrix making money in a convenient way for me where in the same time bringing great value to the customers

10

4

143

@chrisdior777

chrisdior.eth

10 months

2023 was beyond amazing: - Quit my job - Teamed up with an amazing business partner - Co-Founded @CDSecurity_ - Made over $140,000 - Conducted smart contracts audits for 25+ clients - Met some great security researchers IRL in Paris How was yours? 👀

10

8

142

@chrisdior777

chrisdior.eth

1 year

Here are 5 DeFi protocols built on the Ethereum blockchain that are widely recognised as some of the most important and complex ones in the Ethereum ecosystem and every auditor should be familiar with: A 🧵

9

31

142

@chrisdior777

chrisdior.eth

11 months

KyberSwap is being exploited for millions of dollars as we speak. Here is some data about it: $7.5M on Mainnet $315K on Base $15M on Optimism $2M on Polygon $20M on Arbitrum Exploiter wallet: 0xc9b826bad20872eb29f9b1d8af4befe8460b50c6 Messages from the hacker:

Tweet media one

Tweet media two

15

26

139

@chrisdior777

chrisdior.eth

3 months

If you are Solidity Dev/Auditor, BOOKMARK this ✅ Here you will find the best articles: 1. 2. 3. 4.

Tweet card media

Blog | MixBytes

MixBytes is a team of skilled auditors and security researchers specializing in conducting in-depth smart contract audits and providing technical advisory services for EVM-compatible and Substrate-...

2

22

142

@chrisdior777

chrisdior.eth

2 months

The best way to advance in Smart Contract Auditing/Development (and most jobs), is to have a mentor. This was a game changer for me. We would audit in parallel, and afterward, he would show me where I made mistakes, what I missed, and how to improve. Find a mentor. ✅

16

10

144

@chrisdior777

chrisdior.eth

9 months

Most auditors know these simple gas optimizations, but if you are a developer who wants to save some gas next time you are writing a smart contract, please check this out:

GitHub - Malinariy/Solidity-gas-optimizations-tips

Contribute to Malinariy/Solidity-gas-optimizations-tips development by creating an account on GitHub.

7

27

129

@chrisdior777

chrisdior.eth

2 years

Smart contract auditing opens the door to: - Remote work. - Very high salary jobs. - A global market. - Making friends around the world. - High demand of jobs for web3 auditors.

5

5

132

@chrisdior777

chrisdior.eth

1 year

Top 5 platforms where you can make money with your smart contract auditing skills independently: 1. @immunefi 2. @code4rena 3. @sherlockdefi 4. @HatsFinance 5. @HyacinthAudits What am I missing?

8

25

131

@chrisdior777

chrisdior.eth

6 months

Been using @pashovkrum 's upgrade checklist for months now. Highly recommend giving it a try. 🙌

Tweet media one

4

16

132

@chrisdior777

chrisdior.eth

2 months

WETH can't go insolvent because it's always backed 1:1 with ETH. The logic behind it is simple and requires only about 60 lines of code. Here's a quick rundown of how WETH works 🧵:

Tweet media one

10

19

134

@chrisdior777

chrisdior.eth

21 days

This repository covers critical bug fixes from Immunefi (2023-2024), detailing vulnerabilities, their impact, and fixes. These 6 bugs paid off more than $2M. Amazing work brother @tpiliposian !

Tweet media one

3

20

134

@chrisdior777

chrisdior.eth

8 months

I believe this is my favourite article about deep work. "In order to produce the absolute best results you’re capable of, you need to commit to deep work" Really refreshing and interesting stuff to read:

Tweet card media

The Importance of Deep Work & The 30-Hour Method for Learning a New Skill

azeria-labs.com

1

21

128

@chrisdior777

chrisdior.eth

1 year

How to decompose a bytecode? A short🧵 The bytecode is the compiled code of the smart contract that is stored on the Ethereum blockchain and executed by the network.

Tweet media one

6

16

124

@chrisdior777

chrisdior.eth

6 months

If you are a Solidity dev or a Junior-Mid auditor, make sure you pay attention here.✍️ Must-know contracts: Token contracts: The most used token standards are EIP20 for fungible tokens, and EIP721 for NFTs. Proxies: There are many different proxy implementations, have a

4

14

125

@chrisdior777

chrisdior.eth

2 months

Workflow of Solidity Compiler. Simply explained. The main process (blue) converts Solidity code into EVM bytecode and generates an ABI for interaction. The Yul process (green) compiles intermediate code for different backends, activated by specific flags. The formal

Tweet media one

1

27

129

@chrisdior777

chrisdior.eth

2 years

✅Smart contract auditing tip: Most auditors that are just starting have this problem of not really understanding the codebase of the protocol. I know it can be frustrating, but try little by little. 👇

9

14

124

@chrisdior777

chrisdior.eth

1 year

After doing 10+ private audits and numerous contests in Code4rena I came to the conclusion that any codebase no matter how hard it seems in the beginning can be understood on a very descent level if you put enough hours into it. Moreover, I have discovered that the process of

11

14

124

@chrisdior777

chrisdior.eth

1 month

Many security researchers avoid complex topics like EIPs, ZK, or L2s. Remember, most people find them intimidating and skip learning, missing the chance to master that tech. Instead, push through and become an expert in these areas!

5

10

131

@chrisdior777

chrisdior.eth

2 years

🔐⚠️ Become a fantastic web3 auditor/developer by mastering these topics: -Reentrancy - Oracle Manipulation - Frontrunning - Denial of Service - Signature Replay - Malicious Honeypot - Absent modifiers - Unsafe Delegatecalls - Sandwich Attacks - Flash Loan Attacks ..👇

4

23

126

@chrisdior777

chrisdior.eth

1 year

`delete` will reset the length of the array to 0 and delete the elements in it. But as the `stuff` array grows, the gas price for the `delete` operation on it grows as well. If `stuff` becomes too long, it will become undeletable due to high the gas cost. Thats why its length

Tweet media one

9

16

121

@chrisdior777

chrisdior.eth

2 years

Yesterday while doing a private audit, I have stumbled across SSTORE2 library, haven't heard about it before so I had to dig deeper. If you are into gas savings you must have a look at this! Here is what I have found: A 🧵

7

17

119

@chrisdior777

chrisdior.eth

7 months

You are not bad at smart contract auditing. You just need more practice. Don't give up. Read more findings, read more articles, read more code. You will eventually get better. Believe me. ✅

4

6

118

@chrisdior777

chrisdior.eth

1 year

Just found this article which contains links to integration tips for 5 of the top DeFi projects. This should be a must-read for solidity devs as well as for the auditors:

Tweet media one

6

18

114

@chrisdior777

chrisdior.eth

7 months

Really an amazing summary of my favourite smart contract development framework - Foundry. This article is perfect if you want to get familiar with Foundry and learn how to use it for learning past hacks:

Tweet card media

Foundry for studying hacks

The article explains how the Foundry smart contract development framework can be used to study hacks. It can be a useful workflow for beginners who prefer studying hacks as a step in mastering...

2

26

118

@chrisdior777

chrisdior.eth

4 months

Another amazing article worth reading for every Web3 sec auditor, as well as for the Solidity developers who use Inline Assembly to save gas, by @DevDacian . It consists of a deep dive into 6 vulnerabilities, so you won't let them slip away next time:

Tweet card media

Solidity Inline Assembly Vulnerabilities

Using assembly to save gas can introduce memory corruption and other subtle vulnerabilities..

0

14

115

@chrisdior777

chrisdior.eth

17 days

A lot of new smart contract security researchers DM me, saying they can't find bugs or aren't improving. Ask yourself: - How many attack vectors do I study daily? - How much time do I spend bug hunting? - How badly do I really want it? The answers will show you why.

5

7

115

@chrisdior777

chrisdior.eth

8 months

In every new beginning, I start by copying what the top people in the field are doing. As I gain experience, I add my own touch, making my approach convenient and special. If you are a beginner and you don't have any auditing process, read this ASAP:

Tweet media one

2

23

114

@chrisdior777

chrisdior.eth

2 months

Hands down the best article I have ever read on UUPS Proxy Standard. It contains: *Walkthrough of OpenZeppelin UUPS Upgradeable *Learning about UUPS using Remix *Vulnerabilities in UUPS and more. RareSkills never disappoints.

Tweet card media

UUPS: Universal Upgradeable Proxy Standard (ERC-1822) - RareSkills

The UUPS pattern is a proxy pattern where the upgrade function resides in the implementation contract, but changes the implementation address stored in the

www.rareskills.io

1

30

115

@chrisdior777

chrisdior.eth

2 years

Guys, I know web3 security is very lucrative and interesting for most of you, but understand this: YOU HAVE TO PUT THE HOURS IN! Spend a lot of time reading smart contracts (later I will write a tweet for the most important ones to get started). 👇

9

8

109

@chrisdior777

chrisdior.eth

2 years

Tips on how to become a better smart contract auditor 🧵: I'd appreciate a retweet, spread the knowledge 🫡 Being a smart contract auditor requires a combination of technical expertise, critical thinking skills, and attention to detail. 👇

2

37

110

@chrisdior777

chrisdior.eth

1 year

If you want to have a solid knowledge of Solidity and Foundry, the number 1 resource in my opinion is Smart Contract Programmer channel in Youtube. This is all you need guys, don't overcomplicate your journey with a thousand resources that at the end just confuse you.

10

15

110

@chrisdior777

chrisdior.eth

2 months

IMO Solidity devs should upgrade their security knowledge daily (at least common bugs, patterns, access control mechanisms, etc.). Be curious about security. Don't be like: "Meh, the auditors will fix that if it's not okay." Try to actually write secure code.

8

10

113

@chrisdior777

chrisdior.eth

2 months

The Solidity documentation should not be underestimated by anyone learning the language. It's always updated with the newest version and contains detailed information about how the programming language works, covering every aspect of it.

Tweet media one

4

20

109

@chrisdior777

chrisdior.eth

4 months

Tips to Improve as a Smart Contract Auditor: - Read Web3 security experts' tweets daily - Read 1-2 articles daily - Study findings and attack vectors daily - Read and analyze a lot of code - Practice on Code4rena and Sherlock - Chat with fellow auditors

3

15

108

@chrisdior777

chrisdior.eth

8 months

Amazing study material for anyone trying to learn more about vulnerabilities in smart contract systems. A collection of around 40 Foundry tests reproducing exploits accompanied by diagrams and context links.

Tweet card media

GitHub - coinspect/learn-evm-attacks: Learn and contribute by exploring blockchain attacks in...

Learn and contribute by exploring blockchain attacks in detail. Maintained by Coinspect smart contract audit team, renowned for their top-tier smart contract audit services. - coinspect/learn-evm-a...

4

20

108

@chrisdior777

chrisdior.eth

11 months

You are a Solidity dev or a beginner in Web3 Security? This list of questions wont' make you a security expert but will significantly improve the security of the code you are writing/reviewing. Thank me later:

Tweet media one

1

13

108

@chrisdior777

chrisdior.eth

4 months

PRO TIP for solidity auditors: Read and analyze the bugfix reviews from Immunefi's Medium profile. How the Whitehat found this? What was the clue that helped him spot the vulnerability? Do that often. Thank me later✌️

1

12

106

@chrisdior777

chrisdior.eth

1 year

After spending last night drinking vodka with @pashovkrum , we decided to do the pull ups challenge on 30 degrees with little to no sleep for maximum difficulty 🤣 Managed to do 25, not the best technique though😂 I challenge all security researchers to do it as well, its fun😁

8

2

104

@chrisdior777

chrisdior.eth

1 year

Cryptographic proofs (merkle trees, signatures, etc) need to be tied to msg.sender, which an attacker cannot manipulate without acquiring the private key. This code is insecure for 3 reasons 👇: 1. Anyone who knows the addresses that are selected for the airdrop can recreate

Tweet media one

5

9

102

@chrisdior777

chrisdior.eth

4 months

After 2.5 years in my Web3 security journey and trying to provide value to the space, I have finally reached 5,000 followers. Want to thank all my followers for the support, I really do it for you guys. It brings me joy when I am able to bring value to as much guys as possible😊

Tweet media one

6

1

105

@chrisdior777

chrisdior.eth

10 months

Here is something interesting if you want to test your Solidity knowledge👇 There are 40 multiple choice questions, and each has a time limit of 45 seconds to answer.

Tweet card media

Test Yourself With A Free Solidity Test Now By RareSkills

Why not test yourself with this free solidity programing test now by RareSkills. This is the hardest blockchain Bootcamp and solidity course on the block.

www.rareskills.io

4

18

102

@chrisdior777

chrisdior.eth

1 year

Here are 5 resources that I use to improve my smart contract auditing skills daily: Retweet to spread the knowledge 🫡 1. Twitter posts by @pashovkrum and @bytes032 2. Code4rena past audit reports 3. Articles about every little problem that I am not aware of 4. @pashovkrum ' s

4

25

103

@chrisdior777

chrisdior.eth

3 months

As a Solidity developer, you should never let such dumb bugs slip through. Here anyone can arbitrarily burn NFTs. I have seen similar access control findings a lot of times. Sometimes serious bugs are that simple.

Tweet media one

5

14

105

@chrisdior777

chrisdior.eth

1 year

I see a lot of web3 security guys quit. Wondering why is that. Is it too hard? Are they not consistent enough to progress? Or maybe they didn't manage to make money the first 3 months of doing it? I only started to make good money after around month 7. It takes time..

22

2

101

@chrisdior777

chrisdior.eth

9 months

If you are the type of guy who prefers learning through videos and not through reading articles/reports, pay attention here. In my opinion the best channel for becoming an absolute beast in Web3 Security in 2024 hands down is @0xOwenThurm 's.

Tweet card media

$3.4 Billion Protected. Sub for everything you need in the world of Web3 Security.

www.youtube.com

5

14

100

@chrisdior777

chrisdior.eth

2 years

Another success🫡 Can't wait to meet all the great auditors there🔥

Tweet media one

17

1

100

@chrisdior777

chrisdior.eth

2 years

Learning from Code4rena reports can be considered an effective way to learn web3 security for several reasons: Please retweet to spread the knowledge🫡 A 🧵

Tweet media one

3

29

95

@chrisdior777

chrisdior.eth

4 months

One of the best ways to improve at finding bugs in smart contracts, especially if you are a beginner/intermediate in the space, is to: 1 Choose a protocol category: 2 Study as many attack vectors as possible 3 Practice finding bugs in contests 4 Repeat

Tweet card media

Solodit is a platform that aggregates all findings from popular audit platforms.

4

15

94

@chrisdior777

chrisdior.eth

1 year

Dive into the technical details of many of the 2022 Smart Contract Vulnerabilities and Exploits fitted in one article! Have fun reading:

2

19

97

@chrisdior777

chrisdior.eth

1 year

How to decompose a bytecode? Bear with me here: The bytecode is the compiled code of the smart contract that is stored on the Ethereum blockchain and executed by the network. The first part is the loader code. It is the type of code that would create the smart contract,

Tweet media one

2

13

94

@chrisdior777

chrisdior.eth

11 months

Make sure you BOOKMARK this, if you don't know even only 1 of these, they are gold. Top 3 blogs about SMART CONTRACT SECURITY that I read from almost everyday in order to level up: 1. 2. 3.

Tweet card media

Deep Dives - In your storage: exploring ethereum, solidity & smart contract security

Deep dives on vulnerability classes exploited in real-world smart contract attacks

3

13

96

@chrisdior777

chrisdior.eth

1 month

If you don't know the basics of the EVM, this article is a must-read! It compares the EVM to traditional operating systems (OS). Discover EVM's true nature, architecture, hardware interactions, and how it secures smart contracts through sandboxing.

Tweet card media

Ethereum Virtual Machine (EVM) vs Traditional Operating Systems: A Simple Guide (Part 1)

In the world of decentralized finance (DeFi), understanding how Ethereum’s virtual machine (EVM) compares to traditional operating systems…

tusharbhatia43.medium.com

3

19

98

@chrisdior777

chrisdior.eth

2 years

Become familiar with the most used smart contracts Written by cmichel: A 🧵 1/ There are certain contracts, patterns or even algorithms that you will see over and over again during your auditing career. It’s good to become familiar with them and deeply understand how they work👇

1

15

95

@chrisdior777

chrisdior.eth

9 months

Some Merkle trees have a security vulnerability. It is explained in this comment in `MerkleProof.sol` by OZ. One of the ways to have secure Merkle trees is to double-hash their leaves. Read more here:

Tweet media one

Tweet media two

6

16

92

@chrisdior777

chrisdior.eth

9 months

Look. If you don't understand rounding issues in Solidity, simply watch this video where it is explained perfectly. Then read 20+ rounding issues from and there you go. Now you have a decent foundation of these bugs:

Tweet card media

Rounding Errors | Web3 Exploits 101

Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: https://guardianaudits.notion.site/Guardian-Open-...

www.youtube.com

2

14

95

@chrisdior777

chrisdior.eth

4 months

And still the number 1 YouTube channel for Smart Contract Security in my opinion is... @0xOwenThurm 's. Watch all of the videos, try to comprehend them as much as you can and you will be ahead of a lot of people in the space. Amazing content! ✅

Tweet card media

$3.4 Billion Protected. Sub for everything you need in the world of Web3 Security.

www.youtube.com

5

3

93

@chrisdior777

chrisdior.eth

1 month

Here is some ALPHA to all the smart contract auditors. Penpie was exploited couple of days ago for ~ $27M. @rotcivegaf wrote a POC of the exploit. You can learn a lot here:

Tweet card media

DeFiHackLabs/src/test/2024-09/Penpiexyzio_exp.sol at 8423a14b97998f1557d1216d340f605d31a6e99d ·...

Reproduce DeFi hacked incidents using Foundry. Contribute to SunWeb3Sec/DeFiHackLabs development by creating an account on GitHub.

2

12

95

@chrisdior777

chrisdior.eth

10 months

Seems like there aren't many bug bounty platforms specifically for Web3. The ones I know and are legit: Immunefi - total paid $85,000,000+ Hackenproof - total paid $7,358,983 Hats Finance - total paid $400,000+ Any other significant related platforms that I might have missed?

16

5

91

@chrisdior777

chrisdior.eth

4 months

Enhance your Solidity skills by reproducing attacks. Follow these 4 steps: Step 1: Information Gathering When an attack is discovered, Twitter is often the first place where updates and analyses are shared by top DeFi analysts: Step 2: Transaction Debugging Typically, within

Tweet media one

Tweet media two

Tweet media three

Tweet media four

1

12

92

@chrisdior777

chrisdior.eth

1 year

Exactly a year ago, I wrote a simple borrowing/lending contract of about 300 lines of code with which I wanted to apply for a Junior Solidity developer job. Today I decided to audit it. Maaan, now I realise that I knew almost nothing about security back then 😂. Whole lotta

12

4

91

@chrisdior777

chrisdior.eth

2 months

For anyone who needs it today: You’d be amazed at how much better you get at smart contract auditing after doing it a hundred more times. If you want to win, keep doing it. Consistency is the key. ✅

1

7

90

@chrisdior777

chrisdior.eth

1 year

3 tokens that are widely used but their decimals != 18. Be careful with these in projects, they can be problematic when the code expects the standard 18 decimals. 1. WBTC - 8 decimals 2. USDT - 6 decimals 3. USDC - 6 decimals

8

6

87

@chrisdior777

chrisdior.eth

2 months

To all my crypto followers: If you’re not achieving the success you want and aren’t putting in a few hours on weekends, you’re missing out. A little extra effort can make a huge difference. Don’t let meaningless distractions hold you back—stay focused on your goals guys.

4

10

89

@chrisdior777

chrisdior.eth

6 months

If you are a Solidity dev you should definitely check this out. High-level recommendations to build more secure smart contracts. Really helpful stuff that every Solidity dev/auditor should know very well.

Tweet media one

1

24

88

@chrisdior777

chrisdior.eth

8 months

Smart Contract Auditing helped me: - to learn how to provide real value - to understand sales and communication better - to understand how to serve our clients better - to earn enough to live comfortably - to make friends all over the world - to work from anywhere Thankful 🙏

5

3

84

@chrisdior777

chrisdior.eth

8 months

We now have the Solidity Cheatsheet ✅ Good job ser @Smacaud1

Tweet media one

3

15

86

@chrisdior777

chrisdior.eth

5 months

Smart Contract Auditing helped me: - to learn how to provide real value - to understand sales and communication better - to understand how to serve our clients better - to earn enough to live comfortably - to make friends all over the world - to work from anywhere 🙏

3

6

80

@chrisdior777

chrisdior.eth

23 days

I opened one of the Ethereum/Security newsletters I read weekly. This is how today's post started: Damn 🥲

Tweet media one

5

5

83

@chrisdior777

chrisdior.eth

1 year

5 things which you MUST check in a smart contract or you may miss a Med/High risk vulnerability 👀: 1. Check for casting errors 2. Check if division can round down to zero or if it can be divided by zero 3. Check if each contract input is properly validated 4. Check all

1

17

81

@chrisdior777

chrisdior.eth

2 years

Dropping some real alpha in this thread, so read it couple of times and try to apply it to your next audit 🧵 1/ A threat model for a smart contract is a way to identify potential security threats and vulnerabilities that may exist within the code of the contract, as well as..

4

20

81

@chrisdior777

chrisdior.eth

2 years

Private audits + reading past Code4rena reports. It can be challenging to balance both, but the rewards of improving your skills and staying up-to-date with industry trends are definitely worth the effort. Here are a few tips to help you manage your time effectively: A 🧵

3

7

85

@chrisdior777

chrisdior.eth

2 years

My current approach for smart contract auditing: 1. Read the documentation and take notes about the important things 2. Summarise my notes into a neatly organised text 3. Read the code + natspec and take more notes 4. Try to draw the architectural diagram of the project👇

6

12

84

@chrisdior777

chrisdior.eth

1 year

⚠️Bookmark and Retweet: In order to start spotting more bugs in future audits, you have to constantly be learning attack vectors. Here are 4 GOLD resources for you: 1. 2. 3. 4.

Tweet card media

Immunefi – Medium

Immunefi is the premier bug bounty platform for smart contracts and DeFi projects, where security researchers review code, disclose vulnerabilities, get paid, and make crypto safer. Immunefi removes...

2

16

84

@chrisdior777

chrisdior.eth

1 year

yAcademy created a repo of common DeFi forked protocol bugs. The most common ones seem to be the reentrancy and the flashloan attack. Check them out :

Tweet card media

GitHub - YAcademy-Residents/defi-fork-bugs: Bugs in commonly forked DeFi protocols

Bugs in commonly forked DeFi protocols. Contribute to YAcademy-Residents/defi-fork-bugs development by creating an account on GitHub.

0

20

84

@chrisdior777

chrisdior.eth

5 months

Finished watching a video called "What is security in Web3" and found it to be incredibly well-structured and valuable. Here is a summary of the key points, aimed at helping Web3 projects understand their security options and how to maximize their security strategy:

Tweet media one

3

8

83

@chrisdior777

chrisdior.eth

10 months

A full list of Solidity global variables. Just BOOKMARK this post so you can have an easy access to all of them and what exactly they return:

Tweet media one

2

9

83

@chrisdior777

chrisdior.eth

3 months

Your smart contract auditing practice for TODAY: 67 lines of code 8 questions 16 minutes to answer Gotta love these Secureum Races! 😎

Tweet media one

2

9

83

@chrisdior777

chrisdior.eth

1 year

If you're not well familiar with these DeFi smart contracts, you have some catching up to do my friend: 👇 1. MasterChef: Stake LP tokens, earn proportional rewards with time * stakeAmount. 2. Compound: The foundation of decentralized lending protocols. Key to DeFi primitives'

1

12

82

@chrisdior777

chrisdior.eth

1 year

If you are auditing and stumble across this: `0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff` Don't panic, its pretty simple. This is the hexadecimal version of uint256 maximum value. The same as type(uint256).max. This is a little cleaner than using the

5

3

80