Trust @trust__90 Twitter profile

Pinned Tweet

Trust

1 year

Check out our GOAT lineup at Trust Security's new roster page! Magical things happen when you bring the provably best auditors on the planet to collaborate rather than compete. Book your/our success story today.

17

55

227

Last Seen Profiles

@stw_pdg

@leofranca382900

@GrimlyKuro

@folkzie

@kythiraiya

@bokeplokalmalam

@GabrielIsasiV

@CZ_Christina

@dirtydcband

@alrajhibankBus

@KakiJunior1

@nccaaaaaa

@bdayrems

@_stxckr

@revkatebottley

@emyonhigh

@OxTochi

@AbuUwaisAlMerwi

@sonicdriver

@Aristois_FTP

@bokeplokalmalam

@sexy_linda001

@unknownuser7451

@stw46

@DanielJamesATL

@Mehmetozman4189

@onemanxx

@revkatebottley

@Bacon_Dick

@TejasIASAcademy

@BinorRaja

@stw_pdg

@hotelfred

@TugbaCa46292084

@BandarStw

@BHakbudy

Trust

@trust__90

1 year

People are saying all kinds of terrible things while being uninformed so allow me to share more details. I've initiated coordination privately with Immunefi officials 3 hours before the white-hack. 90 minutes later, I realized the asset is currently used by the frontend and

76

75

716

Trust

@trust__90

2 years

It has been decided. Every 2 weeks I will leak one alpha auditing/bug hunting tip that keeps me ahead of the competition. Let's hope that my pocket of tricks is deep enough...🎩

17

26

585

Trust

@trust__90

1 year

I have just white-hacked @0xSifu for 100ETH. I would like to return it, contact in DM

58

57

551

Trust

@trust__90

1 year

Two weeks ago I've discovered a bug class that impacts hundreds of projects, 20+ of which have an active bug bounty. I've reported them all simultaneously. Project responses have varied between outright denying the issue, to paying the max for that severity. This has been a

51

35

497

Trust

@trust__90

11 months

Can finally share what @zachobront and I have been working on last year. TLDR: Attacker can break neutrality guarantees of Chainlink's VRF (verifiable random function). Chainlink confirmed CRITICAL severity and paid us $300K for the finding!🎇 From the Chainlink blog:

34

35

489

Trust

@trust__90

2 years

Got lucky and went on an absolute killing spree on CodeArena 🥇🥇🥇 Will share writeups when findings are public as usual 📃🖋

32

23

330

Trust

@trust__90

1 year

Talking with the fine folks on the security panel was a pleasure. A few sessions in, I'm also convinced some of the best math / pure compsci in crypto is done at @zksync

ZKsync (∎, ∆)

@zksync

1 year

Inspiring conversation, great minds and magical views @ zkUnconference ✨

79

593

1K

8

84

230

Trust

@trust__90

2 years

Legends speak of illegal software that outputs all bugs in a given repo. They call it trustGPT.

28

12

283

Trust

@trust__90

2 years

Started working on some great educational material for auditing newcomers. Stay tuned for big announcements 😏

16

8

278

Trust

@trust__90

2 years

Gonna drop 8(!!!) declassified private audit reports soon, 100+ findings for everyone to study 👀

15

12

272

Trust

@trust__90

1 year

When a project rugs users for $500k, it is all over crypto news, police are involved and they are stained for life. When a project rugs an ethical hacker for $500k, they are silently removed from a catalog. Not. Good. Enough.

usmann

@usmannk

1 year

Remember that projects can simply not pay, whitehat. Should I drop the writeup?

22

16

210

16

36

259

Trust

@trust__90

1 year

Just got paid $333 each for 3 separate mediums reported to the same project. They list "up to $5k" for med-severity. I check the from address of the bounty payment and see this 🤡

37

13

246

Trust

@trust__90

6 months

One of the weirdest side stories of the Munchables exploit was the second exploit TX - As we were monitoring the exploit live in the Juice Fi war room, we simply could not understand why they didn't steal the entire (Juice's) $20M+ in WETH that was

12

39

253

Trust

@trust__90

2 years

Smart contract exploitation is so much more elegant than the traditional mem-corruption battlefield. As attackers, our only weapon is to turn the contract's business logic against itself. A battle of wits in its purest form. Your move, devs.

7

27

246

Trust

@trust__90

1 year

Alpha leak Monday: The most under-discussed yet critical concept in bounty hunting and competitive auditing is bug density. Every line or chunk of code has some invisible "danger" value, which is the probability of a mistake being injected. As a hunter, time and attention are

9

41

250

Trust

@trust__90

2 years

Web3 gym goals for 2023: 1. 30+ C4 contests -> #1 on yearly leaderboard 2. 5+ Immunefi high/critical bugs -> top 15 global leaderboard 3. 15+ private Trust Security audits 4. 10+ C4 contests judged 5. 10+ Trust Mentorship high/critical payouts 6. Survive to tell the tale

14

15

246

Trust

@trust__90

2 years

Hey @eulerfinance , you still haven't learned anything about bounty incentives even though it cost your users $200M dollars. If you offer the hacker 20 mill bounty, why only offer 1 mill for whitehat? Stop trying to arb and take care of your users ffs

33

16

246

Trust

@trust__90

1 year

Seen a lot of dunking on @PayPal for using an ancient Solidity compiler. Here's why I think it is actually a 200IQ move! 🧵

27

36

235

Trust

@trust__90

9 months

Months ago, Trust Security uncovered a systemic DoS issue affecting 100+ codebases. We've responsibility disclosed it to each bounty program and got rewarded a total of $50k from 15 projects, including top names like @graphprotocol @OpenZeppelin @Uniswap and @aave . We've

22

39

236

Trust

@trust__90

4 months

Seems @zksync just changed the airdrop meta - partnering with the ethical hacking community is a no-brainer move for any protocol. Big props for being first to do it!

Sock

@sockdrawermoney

4 months

💯💯 to @zksync for competitive auditor airdrop If your project wants to incentivize tons of security pros to care about your protocol and ecosystem security, reach out to @code4rena — we’d love to help you do this, too. Looking forward to helping make more of this happen.

8

12

132

83

20

219

Trust

@trust__90

1 year

This is insane. MEV bots have deployed contracts and copied the attack before I could save everything 😱

26

18

203

Trust

@trust__90

1 year

When you open a smart contract in your favorite editor, what do you see? (A "fuck it, I'm going in" alpha drop thread 🧵)

6

44

206

Trust

@trust__90

2 years

(1/3) Promised a bug-hunting alpha leak every 2 weeks, well here we go: #1 Randomization of knowledge If you study from the same sources and read the same reports as everyone, you'll likely end up with the same findings.

5

35

212

Trust

@trust__90

2 years

New in-depth bug bounty write-up IS OUT. Join me as I break the core of @fluiditymoney 💸 for $50K and Twitter glory points.

12

33

201

Trust

@trust__90

1 year

One year has just passed since my first @code4rena contest, and now's a great time to look back and take it all in. This platform is the #1 place to make a name for yourself, but at some point, the volume and appeal of external opportunities just grow too large. Since Jan 2023,

8

5

202

Trust

@trust__90

2 years

Props to @optimismFND and @sherlockdefi for hosting an insane contest! Happy to deliver a bunch of severe loss of funds and consensus exploits with @zachobront in a ~$1B TVL chain!!

22

7

195

Trust

@trust__90

2 years

(1/3) auditing alpha tip #2 : Don't think bugs, think bug classes Bugs aren't interesting. They are the result of a very specific mutation in a particular codebase which in all likelihood will not repeat in that exact way.

5

31

195

Trust

@trust__90

2 years

Let's spread positivity! Current top 5 auditors in my book: 1. @IAm0x52 - Guy barely misses anything 2. @hansfriese - Excellent findings, meticulous 3. @zachobront - Probably the best methodology 4. @romanboehr - Edge case god 5. @cccz - way too solid not to mention

8

22

192

Trust

@trust__90

2 years

Can't explain it, but there's that split second when the code base that was completely foreign to you suddenly becomes a second language. Hooked to that feeling like a drug.

10

192

Trust

@trust__90

2 years

I am pleased to start offering private audits under the Trust Security label! DMs are open. Would appreciate a RT to reach the large developer ecosystem🙏

9

39

185

Trust

@trust__90

2 years

Excited to reveal the @trust__90 x @RealJohnnyTime collab 🚀! This blockchain sec course is perfectly structured to teach beginners everything they need (verified with internal access to materials). Includes 2 Trust lectures!! 😵 EXTRA $50 OFF ONLY WITH

16

31

175

Trust

@trust__90

10 months

The takeaway from the ledger drainer scandal is not to "stop interacting with all dApps in the next 48 hrs". It's to validate every single byte of every message you sign. Having a hard time sympathizing with web3 users who don't spend the extra minute checking their calldata.

43

14

174

Trust

@trust__90

5 months

One of the most stacked contests ever, thrilled to beat 262 other participants

SHERLOCK

@sherlockdefi

5 months

🏆 @Optimism Audit Contest Results 🏆 Congrats to: 1. @trust__90 - $64,753.45🥇 2. @GalloDaSballo - $33,478.24🥈 3. @milotruck - $31,275.21🥉 @trust__90 made $14,000.00 fixed pay + $64,753.45 from the contest pot! $228,000.00 rewards ➡️ $8.2M+ paid out in rewards.

3

71

24

5

167

Trust

@trust__90

3 months

Dev pro-tip A criminally underused feature of Solidity is custom types, and they are especially important in nested mappings with repeating key types. Look at the example below: A classic token contract with allowance from allower to spender. But the dev made a mistake and

9

20

155

Trust

@trust__90

2 years

So excited to be appointed as a judge in @code4rena ! Can't wait to further contribute to our extraordinary white hat community from yet another role.

23

3

159

Trust

@trust__90

2 years

The big audit firms are pocketing massive profit margins but hire far from the best talent. Top dogs are independent and either accessed directly or through C4/Sherlock/Spearbit. Projects, if you value quality findings over PR, decide where you spend the security budget wisely.

12

16

151

Trust

@trust__90

10 months

State of Audits - 2023 Recap This overview is meant to help uncover the landscape for projects who can easily get lost in the dark forest of audits. It is very hard for those outside of our little minigame to follow the trends, and ultimately they need to decide on some roadmap

6

21

153

Trust

@trust__90

9 months

As some know, @0xHE1M was part of the Trust Security team assisting with certain audits and collaborating on several bug bounties. Approx 1 month ago I was made aware of the investigations and was presented with irrefutable proof of HE1M's malicious behavior. The entire team

ZKsync Developers (∎, ∆)

@zkSyncDevs

9 months

To the participants of the recent $1.1M @code4rena zkSync competitive audit and the zkSync community 👇 As the competition came to a close, as is customary for our team, we conducted an initial review of the results and findings. Integrity, transparency and fairness are core to

40

39

390

6

10

151

Trust

@trust__90

2 months

It's unbelievable that even in 2024 most projects don't list a security contact anywhere. Hunters are left to open support tickets or DM admins or project X accounts, where more often than not we're treated as scammers and ignored. Some just outright tell us they don't care.

24

12

148

Trust

@trust__90

1 year

New @zksync @code4rena contest scope is insane ~4500 SLOC .sol ~5000 SLOC .yul ~20k SLOC .rs All in 21 days. Strongly recommend anyone who's not booked this month to take a shot at this, I can guarantee there will be unique finds here.

11

10

141

Trust

@trust__90

2 years

More rewards announced! 🧙‍♂️ I really should start learning to say no to private audits, nothing quite beats that C4 adrenaline.

14

3

141

Trust

@trust__90

2 months

Found myself one click away from falling to a spear phishing attack today! If you're giving services in the web3 space, be VERY careful with who you interact and how the initial exchanges of information are done. 2 weeks ago, @nftbigsummer approached for security services for

10

30

144

Trust

@trust__90

2 years

Excited to release the Trust Security audits section of my website! Tons of high findings flying everywhere. DM for booking 📜

7

15

139

Trust

@trust__90

4 months

That feeling when you tell your landlord the AC isn't cooling well during summer, and he's dismissing it as a won't fix - known issue . wtf I thought this sh*t only happens in bug bounty platforms? Feeling rugged

17

2

133

Trust

@trust__90

1 year

The way Polygon handled this is highly disappointing. When it comes to intentions, it is clear zkSync has credited their dependency on Plonky2 on many occasions, albeit not technically following all MIT license clauses. Polygon on the other hand is purely warmongering here and

Alex G. ∎

@gluk64

1 year

Every decision we make as a team towards building @zksync is driven by our ethos, which is based on integrity and transparency. We have made honest mistakes in the past, but we always did our best to openly acknowledge them and take responsibility. And will always do so in the

159

323

1K

2

16

129

Trust

@trust__90

2 years

waiting for disclosure embargo windows to expire is such a pain 🤐. Can't wait to blog about the two $20K bugs my A-student @zzykxx found, a solo $50K find, and a sick ongoing submission with @zachobront . Prepare the refresh button, boys 🚀🪐

9

6

126

Trust

@trust__90

7 months

It's bounty blogging season again! Over the next few days we'll take a close look at the largest bounty program in history - @LayerZero_Labs $15M jackpot. We'll shed light on all the bugs they secretly fixed, our close-but-no-cigar moments and finally the critical-severity

2

15

117

Trust

@trust__90

7 months

Let's go back to the audit contest pot recycle attack. For context, that's when the project team abuses access to findings before the deadline by sending dups and killing the pot share for honest auditors. It's extremely tempting for anyone on the internal team to do it, and we

7

8

120

Trust

@trust__90

1 year

Years of research in IoT, iPhone and smart contract hacking are starting to take their toll on me. As someone who gets paid to think about worst-case scenarios, it is increasingly hard to go back to my personal life and "unsee" the horrors of broken security. How does one deal

15

4

117

Trust

@trust__90

2 years

First Trust mentorship bug disclosure is OUT! Find out how @zzykxx spotted a nasty permanent reward freeze bug just before production🧊. Oh yeah, and by doing that he picked up a sweet $20K reward 💰

5

11

117

Trust

@trust__90

3 months

- Robbing a bank for $3M - Sitting on it for 3 days - Realize they're caught in 4K - "IT'S JUST A PRANK BRO" @CertiK staying true to their reputation, gotta give them that

CertiK

@CertiK

3 months

CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses. Starting from a finding in @krakenfx 's deposit system where it may fail to differentiate between different internal

970

1K

3K

3

7

115

Trust

@trust__90

1 year

Thanks to too many fame seekers, the word "alpha" has become completely devoid of meaning. Please stop using it when: 1. The information is publicly known (e.g. linking to 6-month-old medium articles or paraphrasing what is read-only reentrancy for the 15th time). 2. It doesn't

13

7

114

Trust

@trust__90

10 months

Some quick reporting tips for auditors: - The title should just mention the high level impact and name the primary component/s. If it is not readable by a non-tech executive, re-write it. - The description needs to start with a summary of the functionalities in play, then dive

3

7

114

Trust

@trust__90

1 year

As an auditor, you have obligations to two entities with potentially different interests: 1. Projects require validation that their code is bug-free and how to fix discovered issues 2. Users want to know all the risks upfront, not just bug-related ones. At Trust Security, we

6

10

109

Trust

@trust__90

1 year

Enjoyed the heated debate between trad firms and crowd audits ⚔️. @ethzed saying @code4rena is not an audit and quality control is not on par with trad firms was 🤡 I'm sure top talent prefers to work for 1/3 of what they can be making independent.

12

5

110

Trust

@trust__90

1 year

Swag packs have been deployed! 🔒 Come say hi and pick up your loot 👋 @EthCC @summit_defi #PARIS23 #TrustSecurity

13

7

110

Trust

@trust__90

2 years

Had a great chat with Patrick! I'm super excited about helping devs secure the future of the internet & finance 🚀

Patrick Collins

@PatrickAlphaC

2 years

How to become the #1 Auditor in Web3

7

42

240

5

7

106

Trust

@trust__90

2 months

Clicking Launch downloaded the Zoom exe But that didn't make sense since Zoom is installed. This could happen perhaps if the local Zoom is outdated, but it was suspicious enough to start checking things. - Checking the URL was an instant fire alarm -

21

10

109

Trust

@trust__90

1 year

It's mind-blowing that we're able to pay auditors ~2.5x the respective position at T1 firms and still quote for less than a quarter of their rates while making a decent profit. Not hard to figure out where the top talent is at and where you're paying for overhead 😛

6

5

103

Trust

@trust__90

1 year

Have slept better when running private audits for 6-figure TVLs rather than 8+, not gonna lie. But fear of making mistakes is not going to make us shy away when duty calls. I'm convinced there's no better team to secure web3, and I'll fully back each auditor in our line-up,

2

7

105

Trust

@trust__90

1 year

A step-by-step guide to finding a critical issue in every private audit: 1. Choose a standard medium-severity issue. 2. Crank it up to critical severity. 3. Congratulations! You're up there with the greats. Feels good right?

5

8

105

Trust

@trust__90

1 year

The PPV model - strengths, weaknesses, and why I don't believe in it📜 Pay-Per-Vulnerability is an audit model rising in popularity. Pay is a small base fee plus payout per bug, according to severity. It is basically a low-stakes version of bug bounty, where bugs are far more

10

11

104

Trust

@trust__90

7 months

The LayerZero exploitation adventures continue today with PART 2 of the series! Two critical patched issues, a technical deep-dive and a little bit of fluff. Let's get started! ⬇️

2

16

103

Trust

@trust__90

1 year

What a day at @summit_defi ! Glad to spend time with veterans and sharing free alpha with newbies. Bullish on the positive and friendly community we have built in the security ecosystem. Ran out of giveaways today but more shirts, keychains and Trust 🔒wallets coming tomorrow!

7

3

98

Trust

@trust__90

9 months

This has been an insane growth year for Trust Security, super proud of our achievements: - From 0 to 40+ private audits with some of the biggest names ( @graphprotocol @Optimism @BadgerDAO @reserveprotocol @lukso_io @stellaxyz_ ) - 20 paid bounty reports, many on OG protocols

8

1

100

Trust

@trust__90

2 years

Feels great to do a private audit of a 6-line pull request and still land a medium-severity bug. They truly are everywhere 🔎.

6

0

99

Trust

@trust__90

18 days

"We have a judging shitstorm every week, let's outsource it so we'll be off the hook" -> Not considering second order effects: - Extremely easy to collude, bribe, manipulate results - With sheer amount of $ on line dishonest play will certainly be +EV - Most people's opinion

SHERLOCK

@sherlockdefi

18 days

Introducing Real-Time Judging The final evolution of audit contest judging is here. "Polymarket meets Community Notes for Web3 Security" Get to mainnet 3x faster on average, only at Sherlock

6

28

123

5

7

100

Trust

@trust__90

10 months

More audit gag content in the future? (yes/no)

17

9

97

Trust

@trust__90

1 year

Managed to sneak in two days of work between two large Trust Security audits. It's great that platforms like @code4rena give you a range of contest sizes to choose from!

Code4rena

@code4rena

1 year

Awards have been announced for the $40,000 USDC @basinexchange audit 🤝 Top 5: 🥇 @trust__90 - $9,339.71 USDC 🥈 @kutugu1 - $4,694.79 USDC 🥉 oakcobalt - $2,795.94 USDC 🏅 erebus - $2,177.78 USDC 🏅 a3yip6 - $2,169.89 USDC (1/2)

2

1

31

10

1

97

Trust

@trust__90

2 years

I love welcoming new protocols to the Trust Security family! 3 killer audits JUST RELEASED😵😵! Link 👇

5

11

94

Trust

@trust__90

10 months

Web2 sec 🦍 vs. Web3 sec 🐑 Can't possibly be more accurate

LiveOverflow 🔴

@LiveOverflow

1 year

Web Security vs. Binary Exploitation

107

2K

11K

3

6

95

Trust

@trust__90

2 years

Five new first-place C4 reports are now available on 🗒️🗒️🗒️ Enjoy your alpha study weekend🤤

5

11

95

Trust

@trust__90

3 months

Tell me you have a bad user sentiment problem without telling me you have a bad user sentiment problem. @sherlockdefi Public opinion bribery is not part of the white hat ethos, last I checked.

6

96

Trust

@trust__90

10 months

Glad to help secure 19 projects through bounties this year. Thanks for facilitating and providing a nice side hustle @immunefi #ImmunefiWrapped

4

5

95

Trust

@trust__90

4 months

It is becoming increasingly clear that the / operator in Solidity was a mistake. Sol compilers should have shipped with only divUp()/divDown() - implicit rounding is cute and usually harmless but not when handling 9 figures in a mission-critical accounting dApp. Most devs are

5

8

95

Trust

@trust__90

1 year

It's OK guys we can all pack up. These guys have figured out how to be hackproof 🤣 #EthCC

11

5

92

Trust

@trust__90

2 years

(3/3) Go beyond known theory and experiment in a sandbox. Pick a random 0-star GH project and tear it apart. Congrats, now there's something that makes you better than the rest of the pack.

3

2

92

Trust

@trust__90

1 year

The Astaria BeaconProxy.sol critical bug is a light twist on the uninitialized implementation takeover -> selfdestruct() bug pattern which most hackers are aware of (the $10M wormhole bounty). The proxy was in scope for both T1 audits (Spearbit and C4) and for the past month on

6

9

90

Trust

@trust__90

1 year

@hacking_this How tf is it illegal? I've returned the funds and tried to disclose to the team over an hour beforehand. I'm not responsible for what other people/bots are doing. An attacker could have stolen everyone's funds at any moment. Please, point fingers at the right people.

8

3

90

Trust

@trust__90

2 years

@eulerfinance 's bug bounty is capped at 500k. If you want to whiten hacker's hat color and save 9 figures of value, consider offering more than 0.25% of funds at risk... 😑

17

6

87

Trust

@trust__90

5 months

Over the past week, @sherlockdefi and the @Optimism team made what I believe is an erroneous re-scoping of the security contest rules. The direct consequence is invalidation of ~90% of the unique bugs submitted and re-shaping the payout. Long-term, this threatens to be a

10

4

90

Trust

@trust__90

2 years

Here's a day in the life of Trust 10:30 wake up, check inboxes 10:46 resume yesterday's C4 audit 11:20 assess a new judging review request 12:04 negotiate with project on Immunefi on behalf of mentorship student 12:38 book mitigation review for previous audit 12:30 lunch

6

1

87

Trust

@trust__90

1 year

I would ask her where she's at on the 365-day @code4rena leaderboard

Censored Men

@CensoredMen

1 year

What would you do if a girl asks for your bank account info on the first date?

2K

192

3K

12

4

87

Trust

@trust__90

1 year

Say you send your code to audit and get a report back X days later. What are the metrics available for estimating audit coverage? 1. Reputation - the only external-facing difference between auditors, which is a derivative of their demonstrated skill/misses over time. 2. Findings

4

12

85

Trust

@trust__90

1 year

Got a bunch of new reports uploaded on @stellaxyz_ @OrbitalAutoDevs @Mozaic_Fi were fantastic to audit. Some very unique findings, especially Mozaic H-1

Audit Portfolio | Trust Security

www.trust-security.xyz

9

13

82

Trust

@trust__90

1 year

Combining a few Lows into a High is great, but merging two Highs into a vault drain just hits different. Report soon ™️

3

0

85

Trust

@trust__90

9 months

Bug bounty platforms doing audit contests. Audit contest platforms doing bug bounties. Solo audit marketplaces doing contests. Contest platforms doing solo audits. Pretty wild how all the major players are rotating to extract MEV on other services, never happened at this pace.

7

4

86

Trust

@trust__90

9 months

@Hexen1337 Seen such statements way too often just before 7+ figure hacks... it's not worth the 15 minutes of Twitter glory With respect, this kind of cockiness only leads to projects having a false sense of being 100% secure, where in fact they should continually be on the defensive.

7

3

83

Trust

@trust__90

1 year

1/3 Many are asking about Trust Security, so here's some info - It's a boutique audit house where proven leaderboard-quality hackers gather to shred our clients' smart contracts. Don't bother looking for an application form, you get picked up when you've proven your worth.

7

8

82

Trust

@trust__90

2 years

At Trust Security we've submitted 4 private audit reports to clients just this WEEK. A total of 15 high/critical vulnerabilities that hackers will never get to exploit!🦸‍♂️

8

1

80

Trust

@trust__90

1 year

Can't think of a better suited person to run @code4rena than @sockdrawermoney . One of the few people I'm convinced will treat everyone fairly and do what is best for the community. So many points in time when C4 could have gone the populist path which hided some deadly

Proof Of Podcast

@ProofOf_Podcast

1 year

To celebrate our 10th podcast we bring to you @sockdrawermoney Co-Founder of @code4rena ! We cover: 🔴 Co-Founding and Scaling Code4rena 🔴 Audits vs Security Reviews 🔴 Traditional Audit vs Contest Model 🌶️ And Much More! 🔗 Links in Bio -> Available on all platforms ☝️

1

17

86

8

4

82

Trust

@trust__90

1 year

A gem of a finding by legendary researcher and friend @1_00_proof who saved no less than 9 figures of TVL!! We've been working together for many months, but I'm extremely proud to announce he is now part of Trust Security! Invaluable when looking for mile-deep logical bugs...

100proof.org

@1_00_proof

1 year

Tomorrow, @KyberNetwork will be re-releasing their KyberSwap Elastic Pools. I'm finally able to reveal that I was the whitehat who found and disclosed a critical bug that put over $100M of LP funds at risk...

51

61

410

0

6

78

Trust

@trust__90

1 year

Bounty-hunting on good faith projects is a pleasure, but very often a project becomes your adversary at a moment's notice. If you're hunting on Immunefi, reading the "For Projects" materials is a must. 🧵

6

17

80

Trust

@trust__90

1 year

TL;DR - Trust Security is offering Immunefi bug lead -> POC -> submission -> bounty negotiation -> $$$ speed train for fellow white hats 🚄 Bug bounty hunting has become ridiculously competitive. I've heard dozens of stories about criticals closed as dups, as little as 20mins

3

6

79

Trust

@trust__90

11 months

Casually reading @Dooflin5 's excellent Cosmos RCE writeup (), then looking through the website turns out he's been summarizing THOUSANDS of web2+web3 sec writeups, latest one is 8 hours ago. Hats off to people spreading knowledge and expecting nothing in

Not Your Stdout Bug - RCE in Cosmos SDK

Hacking the Cosmos SDK via the watchdog process manager Cosmovisor.

maxwelldulin.com

1

15

73

Trust

@trust__90

2 years

Really enjoyed taking this one down. Kudos to @graphprotocol for some great coding skills!

10

1

78

Trust

@trust__90

2 years

Another HIGH severity find from zzykxx and another sweet 20K payout for the Trust mentorship. Can we be stopped?

zzykxx

@zzykxx

2 years

This is how I found my second high severity vuln on @immunefi , under @trust__90 mentorship:

12

18

198

6

3

73

Trust

@trust__90

5 months

The year is 2033. Competitive auditing has become a fully standardized sporting profession. dApps allow anyone to buy equity of their favorite hunters. Gambling markets emerge to speculate on top spots. Auditors short their competitors in display of confidence. Stadium fill up to

14

5

77

Trust

@trust__90

2 years

How to book a Trust private audit, feat. C4

Code4rena

@code4rena

2 years

Awards have been announced for the $36,500 USDC @forgeries_io competition! Top 5: 🥇 @trust__90 - $18,435.06 USDC 🥈 poirots ( @DavideSilva_ , resende, naps62) - $1,134.22 USDC 🥉 gasperpre - $1,039.45 USDC 🏅 IllIllI - $813.60 USDC 🏅 evan - $663.59 USDC (1/2)

6

2

35

14

1

76