gmhacker.eth @realgmhacker Twitter profile

Pinned Tweet

gmhacker.eth

1 year

🕵️ Why are you NOT an Elite Smart Contract Security Researcher? Here I try to tackle what makes one actually succeed in this space. Show some love pls, it's my first website article ☺️

Why are you NOT an Elite Smart Contract Security Researcher?

Some people make it to the top of the chain, some don't. Why? How does one reach the elite level in the Smart Contract Security space?

www.gmhacker.com

24

44

253

Last Seen Profiles

@okemonogatari

@ChaosKing66613

@laurabeth_h

@slisicin

@penpenmonst

@theyknoodell

@lorequeen5

@Grand_Lisboa

@tk_numanch

@Justavaggie

@taspht

@tzarovic

@bntalsw97429809

@peytaydoh

@mateo_zonanorte

@PvLangevelde

@weajlth

@WbZayd

@NotTheMireCSC

@kevthegrad

@Cinemafiaa

@kpeebles8

@Hauaji81

@ericoamora

@icyswearf

@discodlx

@mloftus27

@Coach_England11

@ub1mo

@KiyoshiWoods

@neathy83

@vcijm

@sao77g

@bee_does_a_phd

@scorchedwaste0

@koimitsu

gmhacker.eth

@realgmhacker

5 months

I'm excited to share that I'm now Head of Security at @immunefi 🙏🛡️

86

9

458

gmhacker.eth

@realgmhacker

2 years

Yes, reentrancy attacks are still a thing. Shout out to @pcaversaccio for the cool collection ➡️

6

87

412

gmhacker.eth

@realgmhacker

2 years

Today I start working as a smart contract triager @immunefi 🔥 It has been a crazy ride since I ventured into the crypto world, and I'm excited to have the opportunity to work and learn with some of the best in the blockchain security space 🙌 Let's secure web3 🫡💪

25

12

273

gmhacker.eth

@realgmhacker

2 years

"Blockchain hacking is one of the more elusive paths in cybersecurity, but taking it remains one of the best decisions I've ever made. It's groundbreaking, challenging, and extremely rewarding (...). Smart contract hacking is a form of art." @0xsomnus

Hacking the Blockchain: An Ultimate Guide

“Two roads diverged in a wood and I — I took the one less travelled by, and that has made all the difference”

medium.com

9

58

259

gmhacker.eth

@realgmhacker

2 years

Hey! This is your bimonthly reminder that reentrancy attacks are still a thing. 3 new hacks since the last reminder 👀➡️

4

26

176

gmhacker.eth

@realgmhacker

1 year

It took me too long to see the "Z" in @zksync 's logo 😬

42

7

161

gmhacker.eth

@realgmhacker

2 years

#Solidity is the most adopted smart contract language for web3 devs. Going web2 ➡️ web3 requires a paradigm mindshift 🤯 Here's how one can master solidity to the point of mastery 🧙‍♂️ Specially from a security perspective 👀🧵

7

33

154

gmhacker.eth

@realgmhacker

1 year

Vulnerability in implementations of SHA-3

7

35

149

gmhacker.eth

@realgmhacker

2 years

The whitehats who hunt web3 bugs are a special cadre of some of the best hackers in the world at the cutting edge of technology, finding world-changing vulnerabilities

A Hacker’s Guide to Submitting Bugs on Immunefi

Many whitehat hackers and bug bounty hunters who discover Immunefi already have some experience under their belt. They’ve often submitted…

medium.com

0

16

147

gmhacker.eth

@realgmhacker

1 year

"Why do we STILL have REENTRANCY bugs??" "Have we learned nothing from so many exploits??" "Smart contract devs are so dumb broooo" "Mi famiglia! 😭" A perplexing phenomenon. But let me give you the other side of the equation, and explain WHY we still have reentrancy attacks 🧵

10

27

145

gmhacker.eth

@realgmhacker

2 years

The Uniswap Standard, from Zero to Mastery 🔥 @haruxeETH wrote this great article walking you through @Uniswap v1 -> v2 -> v3 Highly recommend it! 🙌

The Uniswap Standard, From Zero To Mastery

For the uninitiated, understanding the Uniswap protocol can be very convoluted. Let's get up-to-speed on the tech behind the most revered DeFi exchange.

mirror.xyz

5

30

141

gmhacker.eth

@realgmhacker

2 years

My 3rd child was born today at dawn 🥹 We rushed to the hospital but not fast enough, I had to deliver the baby at the hospital entrance before any doctor/nurse could come 😬🫣 Everything worked out 💪

37

0

137

gmhacker.eth

@realgmhacker

2 years

Did it pass 2 months already since the last reminder? Who cares! This is your friendly reminder that reentrancy attacks are stiiiiill a thiiiiiing. 4 new hacks since my last reminder (month and a half ago) 👀➡️

2

21

99

gmhacker.eth

@realgmhacker

1 year

I've done a Deep Dive on Solady's ERC1967Factory contract, written by master @jtriley_eth ! 🔥 I go really deep into all the assembly, which frankly it's all of it👀 Such a cool contract, hope you enjoy the deep dive! Shout out to @optimizoor as well 🙏

Solady's ERC1967Factory - A Deep Dive Assembly Analysis

The Solady repo has a super duper optimized ERC1967 factory contract created by jtriley. Let's take a deep dive into it!

www.gmhacker.com

4

23

102

gmhacker.eth

@realgmhacker

1 year

One of the most interesting articles I've read recently, awesome work @DeGatchi ! 🙌 "Placing specific pieces of bytecode in locations to hinder people like me from understanding the nuances of an unverified smart contract’s bytecode" 🔥

Smart Contract Obfuscation Techniques

How do you prevent MEV frontrunners from stealing your transactions, copying your smart contracts and understanding your strategies built into your smart contracts on-chain? Let me take you into the...

degatchi.com

5

20

98

gmhacker.eth

@realgmhacker

1 year

This is an unbelievable presentation by @BowTiedDravee on the Mindsets of Auditing, at @opensensepw 🔥🔥🔥 Was really impressed with the quality, this is FILLED with auditing / bug hunting alpha and I highly recommend it to anyone in web3 security 👏👏👏

Dravee: Mindsets of Auditing

https://mindsets-of-auditing.netlify.app/https://twitter.com/BowTiedDraveeDravee delves deep into the rabbit hole of smart contract auditing, encompassing in...

www.youtube.com

4

30

100

gmhacker.eth

@realgmhacker

2 years

On August 1st 2022, the Nomad bridge was hacked and $190M of locked funds were drained 🤯💰 The hack was replayed by different players trying to get a piece of it, but did you know the first hacker could have drained everything on a single tx? 👀⚔️ 🧵

Hack Analysis: Nomad Bridge, August 2022

Introduction

medium.com

4

15

99

gmhacker.eth

@realgmhacker

2 years

"I decided to take no shortcuts and I immediately started reading the contracts line by line. It took me about 50 hours to get to the more interesting functions, like withdrawals. Then I stumbled upon it." Hard work pays off. Great writeup by @zzykxx 🔥

The bug that codearena missed, twice

Right after joining trust__90 mentorship I was asked to do some research on Thena, an AMM exchange that combines Uniswap, Curve and OlympusDAO wizardry. Extremely excited to start my adventure, I qu

zzykxx.com

6

8

99

gmhacker.eth

@realgmhacker

2 years

In 2022, I made a decision to switch careers and finally go full-time in blockchain development and security. Rough bear market year, $billions in hacks, other $billions in cefi and scam implosions. And best career decision of my life 🔥👇

2

4

93

gmhacker.eth

@realgmhacker

1 year

An absolute MASTERPIECE of an article on Invariant Testing with Foundry, by @eth_call 🙌 I personally enjoyed the "bugs/$(bug).patch" technique, great stuff 🤓💪

Invariant Testing WETH With Foundry

Get started invariant testing with this guide to testing Wrapped Ether.

mirror.xyz

5

19

90

gmhacker.eth

@realgmhacker

2 years

If a smart contract vulnerability can be exploited to steal $1B, there should be a $100M bounty payout 💰✊ Wen +$1B TVL projects having +$100M bug bounties? 👀🕵️

14

4

86

gmhacker.eth

@realgmhacker

2 years

Often audit reports will mark 1-step ownership change as high severity vulnerability If project sets new owner with a typo, might lose ownership forever Use 2-step process to prevent irrevocable mistakes E.g.: 2021 @fraxfinance audit by @trailofbits ➡️

6

8

88

gmhacker.eth

@realgmhacker

1 year

To perform a security review on a given protocol, one needs to fully comprehend it. Sure, you can speedrun it and get those surface-level bugs. As the industry matures, so will the bugs be covered under more and more layers of complexity and abstraction. This is especially

4

20

83

gmhacker.eth

@realgmhacker

11 months

SR influencer: "Bruh you think smart contract security gets you a quick buck ofc not! You need to grind! We are hear for the tech!" Also SR influencer: "Yooow just made $200K and I'm only 6months in lol and I just do part time! If I knew it I would have started at 8 years old!"

9

2

83

gmhacker.eth

@realgmhacker

1 year

Great teams I'm admiring a lot lately (besides @immunefi obvly) - @threesigma_xyz - research blog arc - @SpearbitDAO - insane level of presentations they've been hosting - @UseArrow - building passion - @ClassLambda - ...they do everything, actually. Cryptography chads 👏👏👏

4

5

83

gmhacker.eth

@realgmhacker

2 years

Anyone can learn Solidity and deploy a freakin smart contract That's just scratching the surface. Ngmi 🤷‍♂️ If you want mastery, dive deeper into the trenches. Learn the fundamentals, crack the EVM 🕵️‍♂️ In no time, you'll be as jacked as @PatrickAlphaC 💪

7

5

83

gmhacker.eth

@realgmhacker

9 months

An outstanding article on becoming a web3 security researcher, by one of the top @immunefi hackers. Balancing foundations and the attacker mindset 🔥

2

17

81

gmhacker.eth

@realgmhacker

2 years

"You may have wondered how to decipher and read evm calldata, then attempted to read the transaction calldata of an Ethereum smart contract, only to become confused at a certain point. (...) We will delve into the encoding sequence of calldata" @DeGatchi

3

9

78

gmhacker.eth

@realgmhacker

2 years

💡 Though in this analysis I trick the 0xbad bot into giving me WETH allowance (as the original hacker did), you could actually make it transfer you the funds directly 🕵️ Encode target address + funcsig + args ➡️ WETH.transfer(attacker, $$)

Hack Analysis: 0xbaDc0dE MEV Bot, September 2022

Introduction

medium.com

6

14

83

gmhacker.eth

@realgmhacker

2 years

"So you've decided to participate in bug bounties as a bug hunter... How do the high ranking hunters find vulnerabilities in such short amounts of time? Grab your spear, anon. We're about to explore the jungle!" Speedrunning Web3 Bug Hunts @DeGatchi 🕵️🔥

Speedrunning Web3 Bug Hunts

So you've decided to particpate in bug bounties as bug hunter and are spending hours, searching, hoping to find a bug to claim your basket of gold coins...but to sometimes no avail. How do the high...

degatchi.com

3

12

81

gmhacker.eth

@realgmhacker

2 years

Beyond excited to share that I was granted @immunefi 's whitehat scholarship, to study, hunt down bugs and help secure the #defi space 🔥🔥 Started a week ago, and loving every minute of it 🙌

9

3

74

gmhacker.eth

@realgmhacker

2 years

My hack analysis is out! This was SUCH an interesting investigation 🕵️‍♂️🔎 Hacking an unverified smart contract (no source code available) is definitely a challenge, had to use lots of tx viewers and decompiling tools, along with just trial and error on a local fork 🔥

Immunefi

@immunefi

2 years

New Hack Analysis by @realgmhacker is live! We look at how the 0xbadcode MEV bot was exploited for $1.46m and walk you through how to make sense of compiled bytecode. It's tricky. If you're looking to build your skills, you'll want to read this one.

3

28

100

7

10

73

gmhacker.eth

@realgmhacker

1 year

I make an extra effort to write 'uint256' instead of just 'uint'

18

1

75

gmhacker.eth

@realgmhacker

9 months

ChainLight with a massive 2023 CTF Awards highlight reel 👀🔥

9

3

74

gmhacker.eth

@realgmhacker

6 months

Do developers write more insecure code when using AI copilots and assistants? Yes. Yes they do. I'm shocked. "Overall, we find that participants who had access to an AI assistant wrote significantly less secure code". Paper →

11

17

73

gmhacker.eth

@realgmhacker

11 months

Some securitooor freelancers just grew to big influencers with weird and cringe takes. Some of these might never get to be skillful SRs, even though they are very successful already. Industry seems broken.

6

3

71

gmhacker.eth

@realgmhacker

9 months

An extremely cautious way of handling oracle price feeds, by the folks at @LiquityProtocol 👌 A lot of code is collapsed to fit the image, but I highly recommend checking the whole thing. Code →

2

7

69

gmhacker.eth

@realgmhacker

2 years

You may think being successful in the web3 security space is easy, because there're so many new researchers exploding 🚀 You think wrong 🙅 Those are grinders. There's room in the space, absolutely. But you need to put in the effort ⚔️ and persevere 💪

6

65

gmhacker.eth

@realgmhacker

1 year

It's not that smart contract security takes an insane amount of knowledge, and thus most people will fail to reach the senior level. As in most things in life, it's about focus, work ethics, resilience, discipline. Not everybody has the will power. Do you, anon?

13

7

68

gmhacker.eth

@realgmhacker

2 years

291 critical bug reports 🪲 Will you find some in 2023 anon hunter? 🕵️💰 Images from @immunefi 's report 👉

0

14

66

gmhacker.eth

@realgmhacker

2 years

My @huff_language implementation of @Uniswap 's Permit2 is going smooth, though it will take me quite a while, I think. But I like the process 🔥🙌 Not tested yet so might have some errors 😅

10

2

66

gmhacker.eth

@realgmhacker

1 year

A comprehensive list of DeFi slippage attacks, with a massive amount of audit examples, by @DevDacian 👏 This is a great article for anyone wanting to enhance their DeFi security knowledge and master slippage vulnerabilities 🔥

DeFi Slippage Attacks

Implementing slippage protection in DeFi trading systems can lead to subtle vulnerabilities..

dacian.me

3

12

65

gmhacker.eth

@realgmhacker

1 year

Kudos to @Jeyffre and the @RareSkills_io team, this breakdown on the inner works of Tornado Cash is really awesome 👏👏👏

How Tornado Cash Works (Line by Line for Devs)

Introduction to Tornado CashTornado cash is a cryptocurrency smart contract mixer that enables users to deposit crypto with one address and withdraw with another wallet without creating a traceable...

www.rareskills.io

3

10

66

gmhacker.eth

@realgmhacker

1 year

Hey Solidity anon, wanna become a Solidity wizard? How about you check these good lookin Solidity patterns by fravoll? Sure, it's solidity 0.4, but hey, still good lookin resource

GitHub - fravoll/solidity-patterns: A compilation of patterns and best practices for the smart...

A compilation of patterns and best practices for the smart contract programming language Solidity - fravoll/solidity-patterns

github.com

0

7

60

gmhacker.eth

@realgmhacker

2 years

Web3 security is booming with young talent, which is great 👍 At the same time, I feel like the space will 10x once it booms with more experienced researchers 🤔 More experience, less repeated mistakes ⚔️

5

3

61

gmhacker.eth

@realgmhacker

1 year

Today I'm starting the @RareSkills_io ZK Bootcamp 🔥🔥🔥

7

3

62

gmhacker.eth

@realgmhacker

2 years

Value changes part on @samczsun 's tx viewer is doooope

1

3

59

gmhacker.eth

@realgmhacker

1 year

Bro I'm bookmarking so many tweets, you won't even believe how smart I'll be after I'm done with this whole procrastination thingy 🫠🤡

13

1

59

gmhacker.eth

@realgmhacker

11 months

Not a lot of bugs get submitted for Blockchain/DLT assets on Immunefi. I don't think it is because of them being bug-free. Rather, the Web3 space still doesn't have that many security researchers with that skillset. Kind of a problem. Most bugs on that layer are catastrophic.

5

15

60

gmhacker.eth

@realgmhacker

2 years

If a protocol has TVL but no bug bounty program, it is playing with fire and is not taking security of user funds seriously ✊

6

9

61

gmhacker.eth

@realgmhacker

2 years

Smart Contract Security is a topic covering all development stages, from inception to mainnet - Not just to think during design 📜 - Not just in testnet 🧪 - Not just pre-audit 🪲 - Not just at mainnet 🕵️ Security will be the constant stress test on ur team and ur product 🔐🔥

4

5

60

gmhacker.eth

@realgmhacker

1 year

A very interesting dive into smart contract creation code, by @RareSkills_io 👏 Shout out to the authors @Jeyffre @AmadiMichaels 🫡

Ethereum smart contract creation code

Ethereum smart contract creation code. This explains what happens at the bytecode level when an Ethereum smart contract is constructed

www.rareskills.io

0

6

60

gmhacker.eth

@realgmhacker

1 year

Hey anon, did you know you can use Foundry's chisel to experiment with inline assembly?

4

6

58

gmhacker.eth

@realgmhacker

1 year

Noir people will understand

5

60

gmhacker.eth

@realgmhacker

1 year

Hardly an industry has ever been so knowledgeable about a specific bug category / attack vector. Crypto bros have had enough of Reentrancy reentering their lives. The man @pcaversaccio shows us a painfully complete list of reentrancy hacks - to date...

2

57

gmhacker.eth

@realgmhacker

2 years

Start your kids early into blockchain #ChatGPT

5

10

58

gmhacker.eth

@realgmhacker

9 months

It was an honor 🫡

Solidity

@solidity_lang

9 months

To add to our tooling and security track, we were joined by @realgmhacker who showcased some of the most common smart contract vulnerabilities found in audits or hacks.

1

0

13

5

0

57

gmhacker.eth

@realgmhacker

9 months

Studies show that your auditing skills are directly proportional to your level of baldness.

19

2

54

gmhacker.eth

@realgmhacker

10 months

Been seeing a lot of people I've never seen before sharing massive wins at Immunefi. Awesome stuff

5

53

gmhacker.eth

@realgmhacker

1 year

Did you know the EVM limits the gas forwarded to an external call to 63/64ths of the total gasleft()? 👀 (see EIP-150) To see what effects this might have, check out this high vulnerability found by @zachobront in a @sherlockdefi audit to Optimism 🔥

obront - Withdrawals with high gas limits can be bricked by a malicious user, permanently locking...

obront high Withdrawals with high gas limits can be bricked by a malicious user, permanently locking funds Summary Transactions to execute a withdrawal from the Optimism Portal require the caller t...

github.com

5

8

55

gmhacker.eth

@realgmhacker

1 year

An interesting case of a so called "cross-chain reentrancy" 👀

Cross-chain re-entrancy

Multiple contracts with different instances must be considered simultaneously in cross-chain security, this paradigm introduces new…

medium.com

2

9

52

gmhacker.eth

@realgmhacker

1 year

Here's a great paper to learn about Concentrated Liquidity in Automated Market Makers 📈 The author also presents interesting performance comparisons between @Uniswap V2 and V3 👌 ➡️

4

9

53

gmhacker.eth

@realgmhacker

1 year

The hacker mentality is truly a marvellous thing. Some bugs are found by whitehats who don't understand much of the fundamentals. And there are people solid in the fundamentals who actually struggle in finding vulnerabilities in the wild. What is the hacker mentality? 🤔

15

3

54

gmhacker.eth

@realgmhacker

7 months

Very interesting article by @Elliot0x on looking at code and thinking in terms of invariants. "I guess it's either you write invariants, or the blackhats write them for you" 👀

The Invariant That Wasn’t

The ability to think about a problem in reverse is helpful in identifying logical errors and gaps in thinking. The movie Tenet explores a…

medium.com

0

7

54

gmhacker.eth

@realgmhacker

10 months

During @EFDevconnect I gave a talk at @TheTrustX on the Hacker Mentality, and a talk at @solidity_lang Summit on Common Solidity Pitfalls. I'd like to thank these organizations for the amazing opportunity, it was an honour!

3

5

53

gmhacker.eth

@realgmhacker

5 months

Last 90 days top10 @immunefi 🔥

3

54

gmhacker.eth

@realgmhacker

1 year

📖 Towards Automated Security Analysis of smart contracts based on Execution Property Graph 🔥 Authors propose finding certain vulnerabilities by traversing a combination of CTG, DCFG and PDG, allegedly finding a 0day on Uniswap V1 👀 ➡️

2

9

51

gmhacker.eth

@realgmhacker

1 year

Bytegraph is so amazing. Here's the look of the latest Huff labyrinth @curta_ctf from @0xKaden 🤯 Mind you, all those blocks can be zoomed in to see the opcodes inside it. Great job @pldespaigne 👏 ➡️

3

6

50

gmhacker.eth

@realgmhacker

1 year

A helpful Solidity fuzzing boilerplate by @patrickd_de 👌

GitHub - patrickd-/solidity-fuzzing-boilerplate: Template repository intended to ease fuzzing...

Template repository intended to ease fuzzing components of Solidity projects, especially libraries. - patrickd-/solidity-fuzzing-boilerplate

github.com

1

8

50

gmhacker.eth

@realgmhacker

6 months

TWAP Oracles by @solidityauditor . What I found most interesting was the simple explanation on how to assess the cost of a TWAP manipulation. This ties into feasibility limitations, as provided by @immunefi , and auditors should know how to assess these.

TWAP Oracles For Auditors

What is a TWAP? A TWAP oracle is a Time-weighted average price oracle that calculates the average price of an asset over some predetermined period of time. If a user wants to know the price of ETH...

33audits.hashnode.dev

1

7

50

gmhacker.eth

@realgmhacker

2 years

On the last lecture of @Artemis_HQ bootcamp, Nov22, I gave a thorough explanation of the HundredFinance hack, largely based on @immunefi 's hack analysis by the man @hephyrius 🙌 Here's the PoC I built with Foundry 🛠️ and @QuickNode ⛓️

GitHub - artemis-academy/hundred-finance-poc: PoC of the Hundred Finance March 2022 exploit

PoC of the Hundred Finance March 2022 exploit. Contribute to artemis-academy/hundred-finance-poc development by creating an account on GitHub.

github.com

2

17

48

gmhacker.eth

@realgmhacker

2 years

Want to know what's so ingenious about this Seaport's snippet of returning a string? It's the usage of just 2 mstores. Here's a @devtooligan gist with the tldr @z0age

5

0

48

gmhacker.eth

@realgmhacker

11 months

Transaction simulation with @TenderlyApp should become an industry standard

8

5

45

gmhacker.eth

@realgmhacker

2 years

Sh*tposting and cat videos are a better strategy to gathering crypto twitter followers than building a pure Yul ERC20-Permit implementation to help devs understand EVM/solidity deep stuff. Also much easier. But yeah I'll just keep on with my yul/assembly endeavors.

8

2

48

gmhacker.eth

@realgmhacker

7 months

Marvelous article by @eulerfinance on exchange rate manipulation in ERC4626 vaults, and in ways to mitigate such attack vectors 👌

Exchange Rate Manipulation in ERC4626 Vaults

www.euler.finance

2

7

49

gmhacker.eth

@realgmhacker

11 months

Let's say a whitehat finds a bug on a live smart contract 🕵️ Theoretical impact: total loss of funds with a single transaction. Actual value at risk: ZERO, because there's still no TVL on that asset. STILL. The smart contract is live. Immunefi BBP marks the asset as in scope.

6

5

48

gmhacker.eth

@realgmhacker

1 year

Just finished reading the latest masterpiece from @Jeyffre over at @RareSkills_io : ➡️ Smart Contract Security, an extensive list of the issues and vulnerabilities that tend to recur in Solidity smart contracts 🔥 Hoping to see this grow into a book 😉

0

9

48

gmhacker.eth

@realgmhacker

2 years

- Hacked protocol hacking the hacker - zkEVM founders entering a public discussion Yeah just another day in crypto, I guess

2

1

45

gmhacker.eth

@realgmhacker

2 years

@RektHQ news is both informative and highly opinionated. I find the articles pretty in-depth, as well as with a wicked style that often makes me laugh. I wish they would output more 📝

5

34

gmhacker.eth

@realgmhacker

2 years

Few people have heard of @huff_language Fewer know the huffooor community is where all the chads are hanging out Fewer have actually tried coding in Huff Fewer have fallen in love with that sweet sweet bytecode sugar Fewer are the contributors helping Huff grow 🔥🚀

10

0

43

gmhacker.eth

@realgmhacker

7 months

I'll be speaking in Amsterdam in April, on zk & security 👀

CryptoCanal

@CryptoCanal

7 months

🎤 #ETHDam Speaker Announcement: Introducing @realgmhacker from @immunefi ! Aerospace engineer with diverse experience in IoT, Finance (Analytics), and Digital TV. Currently, a Smart Contract Lead at Immunefi, a teacher at RareSkills and Security Researcher extraordinaire! 🔒

2

0

4

2

6

43

gmhacker.eth

@realgmhacker

1 year

AMM Market Manipulation, by @joranhonig 🕵️ A gem from @creeddao 💎

0

8

45

gmhacker.eth

@realgmhacker

1 year

As a triager on @immunefi , you get to see the inside of the most brilliant security minds in web3 🕵️ Some findings take the hacker creativity on just another new level. Quite marvelous to witness such gems, some of which might never get to the public sphere 👀

2

4

45

gmhacker.eth

@realgmhacker

1 year

Cool article on exploiting developer assumptions by @DevDacian 👏 Thanks @saxenism for the recommendation 😉

Exploiting Developer Assumptions

Unexpected inputs & unchecked state transitions are often a source of critical vulnerabilities

dacian.me

1

8

43

gmhacker.eth

@realgmhacker

11 months

Well, these guys work fast

3

4

42

gmhacker.eth

@realgmhacker

10 months

Damn, what an outstanding panel. Props to the speakers 👏

3

2

44

gmhacker.eth

@realgmhacker

9 months

All @ChainLight_io CTF writeups 👀

2

5

43

gmhacker.eth

@realgmhacker

2 years

I've been seeing a lot of "get all #DeFi alpha" threads out there, but none have my main source. So I thought I'd write the ultimate super duper thread on how to get all #crypto alpha!🧵 But actually it's just a tweet. Join @10b57e6da0 tg chat. That's it. You're welcome.

0

8

40

gmhacker.eth

@realgmhacker

9 months

Don't remember who recommended this one, but really dope article! 👌 - The importance of Deep Work & the 30-Hour method for learning a new skill 🔥

The Importance of Deep Work & The 30-Hour Method for Learning a New Skill

azeria-labs.com

1

7

42

gmhacker.eth

@realgmhacker

1 year

I will not be missing DeFi Security Summit next year, mark my words 🫡

7

3

42

gmhacker.eth

@realgmhacker

1 year

I would actually advise smart contract devs to have a portion of their week dedicated to auditing / bug hunting 🪲🕵️ Even if you don't get money off of it, you certainly workout that code reviewing muscle 💪 and you get exposed to different programming styles and patterns 🧠

3

10

43

gmhacker.eth

@realgmhacker

11 months

After some months of mentoring, a friend of mine finally managed to break into the smart contract security space 👏 All credit goes to his hard work and courage. He is extremely talented, and I'm glad I get to see him succeed. Getting into this industry without a guide/mentor is

5

1

42

gmhacker.eth

@realgmhacker

1 year

Here's the first documented reentrancy attack 👀 Tx on @BlockSecTeam 's Phalcon ➡️ And @pcaversaccio 's issue documenting this exploit ➡️

3

7

41

gmhacker.eth

@realgmhacker

4 months

I'll be speaking in Belgrade next month 🫡

ETH Belgrade

@ethbelgrade

4 months

🥁 NEW SPEAKER ANNOUNCEMENT Please give a standing ovation to @realgmhacker , Head of Security at @immunefi . He's going to talk about bug bounty solutions as the last line of security defense once a protocol goes to mainnet and actually has economic value at risk.

0

5

21

1

41

gmhacker.eth

@realgmhacker

11 months

Props to the Foundry core contributors team. Almost every time I get some weird unexplained error, I just do 'foundryup' and it gets resolved. Amazing.

1

40

gmhacker.eth

@realgmhacker

2 years

Trying to read all my open tabs with articles and papers. - start reading paper - halfway and already opened 3 new paper references tabs Struggle is real.

8

2

40

gmhacker.eth

@realgmhacker

2 years

Hey how about those days when people would "accidently" kill contracts full of funds and then others would propose state transition EIPs to change code in an address and unfreeze funds? Ah, youth!

3

0

40

gmhacker.eth

@realgmhacker

9 months

Really great deep dive on ABI encoding by @ljmanini 👏 Not gonna lie, that embedded struct bytes offset not starting at 0x00 got me 🤯

ABI Encoding Deep Dive

GM fam, welcome to my first medium post.

medium.com

1

4

40

gmhacker.eth

@realgmhacker

2 years

Become a blockchain shadowy supercoder by completely mastering the inner works of the Ethereum Virtual Machine (EVM), all the way to the bytecode level, with the insane EVM handbook from @noxx3xxon ➡️

3

11

40