@popeye
@0xPopeye_
Followers
505
Following
303
Media
61
Statuses
563
Smart Contract Security Researcher (Auditor) @sherlockdefi , @code4rena
off-chain
Joined November 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Wanni
• 104576 Tweets
Patriots
• 104350 Tweets
Bills
• 102069 Tweets
Onyeka
• 99722 Tweets
7 اكتوبر
• 89457 Tweets
Ravens
• 84969 Tweets
Lamar
• 78985 Tweets
#الملك_سلمان_بن_عبدالعزيز
• 71783 Tweets
Bengals
• 69157 Tweets
Semih
• 67668 Tweets
Browns
• 57296 Tweets
Phillies
• 57056 Tweets
Bears
• 53361 Tweets
Watson
• 46504 Tweets
#ختام_كاريزما
• 42009 Tweets
#BBUK
• 37637 Tweets
Burrow
• 34921 Tweets
Texans
• 34506 Tweets
Panthers
• 33842 Tweets
Caleb
• 31579 Tweets
De Paul
• 30007 Tweets
Colts
• 28261 Tweets
Aces
• 24912 Tweets
Congratulations Kellyrae
• 22936 Tweets
Buffalo
• 20940 Tweets
Jayden Daniels
• 20114 Tweets
Derrick Henry
• 18602 Tweets
Josh Allen
• 16730 Tweets
De Gea
• 15582 Tweets
#سلامتك_يابوفهد
• 15469 Tweets
ثوب الصحه
• 12096 Tweets
Biggest O
• 10804 Tweets
Joe Flacco
• 10370 Tweets
Zac Taylor
• 10028 Tweets
- I am a college dropout
- currently working a full-time job in web2 security
- dedicating more than 4-5 hours daily to learning about web3 security
I wish I could quit my job and focus solely on web3 sec, dedicating 8+ hours daily to it.
I'm truly enjoying this field.
20
3
129
My 3-Month Auditing Journey Recap:
(Nov 3, 2023 - Feb 3, 2024)
Did 4
@sherlockdefi
Contests:
- 1st: Found 1 Medium issue
- 2nd: Bug-free
- 3rd: Found 1 High and 1 Low(invalid)
- 4th: Currently ongoing
Did 1
@code4rena
Contest:
- Found 1 High and 1 Medium (both were invalid)
7
1
62
Got my first payout from the very first contest I participated in.
Need more spinach to find the freaking Bugs from the codebase 💪
Thanks,
@sherlockdefi
! &
@nounsbuilder
12
2
59
My Goals for 2024:
1⃣Find 25 Highs, 50 Mediums.
2⃣5 Solo Highs and 10 Solo Mediums.
3⃣Accumulate approximately 70k USDC.
4⃣Participate in nearly 26 Contests.
I will update my progress here.
Let's see how it goes...
5
1
53
Everyone is talking about Rust nowadays, shifting from Solidity-based audits to Rust-based audits—not to mention Cairo and Go as well.
Am I the only one who feels confused without making the shift to Rust, Cairo, or Go?
Maybe I need to master what I'm doing right now.
7
1
40
How I try to understand a codebase:
- Read README
- Map scope files
- Understand libraries first
- Start small
- Tag confusing parts "
@audit
"
- Follow funds & action flows
- Check tests to see assumptions and understand more
- Diagram & take notes
- Iterate until complete grasp.
1
7
35
Working a full-time web2 security job while also competing in an Audit contest specially in
@sherlockdefi
is a grind.
Both require 100% effort and energy.
But I'm determined to balance both and keep pushing forward until I leave that job.
2
0
32
I will Never participate in a short contest (< 800 nSLOC)
800 to 2k nSLOC is the best for me.
6
1
26
Stress, FOMO, Invalid submissions, Contest failure, No immunefi reward?
Keep Grinding, my friend!
Remember, we need to secure the web3 space as much as we can from the Blackhats.
Just keep Grinding and filling the missing parts.
You are gonna MAKE IT!!
1
0
27
Big thanks to
@sherlockdefi
for the highlight!
It's rocket fuel for my 2024 mission.
Ready to tackle the goals and contribute to a safer web3 space.
Appreciative of the opportunity and eager for more contests on
@sherlockdefi
🕵️
3.
@0xPopeye_
is a new arrival and has been quick to start bringing in the achievement's.
This month 0xPopeye brought in 6 achievements and found their first medium severity issue.
1
0
8
6
1
25
Diamond Proxy (ERC-2535)
Pros:
> Max functions, minimal space!
> Easy updates, no full redo.
> Optimized, orderly functions.
Cons:
> Complex for devs.
> High-security needs.
> New-gen standard, steep learning.
4
1
23
⚠️🚨 A critical bug exists in most protocols:
To discover this, simply ask:
'What if the Admin passes away without implementing multisig ?' 😅
3
0
21
Kicking off the year with a bang!🔥
Check out this stunning screenshot, how beautiful it is!👀
Here's my game plan:
- 1. Avoiding FOMO
- 2. Pushing the limits
- 3. Tackling challenges one at a time
Captured this gem from👇
1
1
21
Nothing beats the thrill of discovering a vulnerability!
The satisfaction of knowing you helped make web3 safer is the real reward. 💯
3
0
22
Exploring a fork of DeFi platforms like Compound, Uniswap v2, Balancer, Curve, or Aave?
Check out this comprehensive list of bugs, hacks, and detailed postmortems to stay informed:
0
1
24
@PatrickAlphaC
Appreciate it! 😊
I balance 5 hours of Blue team work with 5-6 hours in Web3 security daily, including tutorials and audit contests. It's a full 11-hour daily grind but so rewarding!
Currently diving deep on various protocols and trying to understand how they work
0
0
18
Web3 Fundraising in Q4 🚀
It has increased by 64% in Q4 compared to Q3.
So, is this an indicator of the upcoming bull market?
Be ready, auditors. 🔥
2
0
9
- Will try fuzzing/invariant testing/formal verification soon, currently learning.
Still new to smart contract audit - done a few so far. But I wanted to share the process that has already helped me quickly grasp protocols.
If anyone has tweaks or additions, I'm all ears!🙏
1
1
8
Let's see how far I can get!!
Making $100k from auditing is not as hard as it sounds if you have a plan:
> 5 Top 3 finishes: 5*$5k = $25k
> Win 2 audit contests: 2*$15k = $30k
> 1-2 Immunefi bounties: $10k
> Private audits (leverage contest wins to get clients): $20k
> Judging, Lookout, bad contest payouts,
11
15
148
0
0
9
Placed 38/180 on
@sherlockdefi
's
@telcoin
Audit contest.
Surely it's an achievement for me 💪
(neglect the $$ amount😅)
@telcoin
@0xf1b0
@arzdev
@tapired
@0xadrii
@goheesheng
@AamirUsmani1552
@zzykxx
@ravikiranweb3
@IgniteLikeAFire
@0xbitsurfer
@SolidityDev
@0xNGOC
@artifact_wang
🏆
@telcoin
Audit Contest Results 🏆
32.
@0xlamide
- $2.65
33. dipp - $2.65
34. r0ck3tz - $2.65
35.
@sobieski_adam
- $2.65
36.
@Demele_W
- $2.65
37. 0xLogos - $2.65
38.
@0xPopeye_
- $2.65
1
0
2
2
0
10
Finally, I am BACK to the Audit Contest!⚡
Planning to join a bigger one this time.
0
0
8
Someday I hope to have the ability or the skillset to put "DM for private Audit" on my bio 😅
0
0
9
Huge respect ser!
@IAm0x52
🫡
You are the real GOAT🔥
Huge respect to
@IAm0x52
0x52 put together one of the most dominant strings of audit contest performances the world may ever see:
🗓️45 contests in 15 months
🥇 24 1st place finishes
🎖️35 podiums
💰$795k earned
Sherlock is lucky to have Senior Watsons like 0x52 🙏
(cont.)
2
3
84
0
0
8
@GeorgeHNTR
Just found it on a live protocol 👀 But, unfortunately they don't have any BB program on
@immunefi
. What should I do now?
2
1
6
@HollaWaldfee100
Didn't cross the 1k mark yet. It's difficult, do you have any tips from your experience?
1
0
6
23/12/2023 - (Update 1):
My first payout 🚀
Found 1M Issue at
@sherlockdefi
's
@nounsbuilder
contest
Got my first payout from the very first contest I participated in.
Need more spinach to find the freaking Bugs from the codebase 💪
Thanks,
@sherlockdefi
! &
@nounsbuilder
12
2
59
1
0
6
Now I know what it takes to become a legend like Milo Truck (
@milotruck
).
I will be the next Spinach Garden 🥬
Took a break from staring intensely at Solidity to write a blog.
I bring you: "A year of Competitive Audits" - my learnings from competing in contests for a year, and an honest review of the opportunities it gave me.
Do check it out, it's full of alpha:
59
59
411
0
0
5
0
0
4
🚨 The worst part of the Bull run
@pashovkrum
I guess there will be more hacks soon.
More audits at ones -> less eyes on one protocol
1
0
7
0
0
3
Currently doing my first contest on
@sherlockdefi
.
It's hard, it's difficult but I am grinding.
The lead Senior Watson is my idol
@IAm0x52
0
0
3
an OG
@Kel_VinTech
@immunefi
@OddlySpecivik
@0xMackenzieM
Studying this since 2017, hunting bugs since 2019, full time since 2021. Still learn something new most days.
4
1
37
0
0
3
@te3x4
Check this out, hope it'll help.
It's from
@HollaWaldfee100
Here are some tips to choose the best audit contest:
Goal: optimizing for $$$:
-> longer contests > shorter contests
-> stay away from the obvious (big protocol name, biggest pot, first to start)
-> the least obvious can become the most obvious if many people think like you
->
4
6
91
1
0
4
@pashovkrum
Every function with onlyOwner modifier, (owner is trusted). No complex equations, no fancy stuffs. 👀
0
0
3
@GeorgeHNTR
Wow!!!
Now you are crushing it totally 🔥
I hope I CAN DO IT too. Let's see what happens. Trying to put as much time as possible into this.
BTW advanced Congratulations for the Million dollar bounty from
@immunefi
👀
0
0
3
@wehavecrown
Thanks! I shifted for the innovative daily challenges and potential in web3.
I will share my roadmap, but I will suggest you not to follow any roadmap. Start with learning EVM and solidity, then jump into
@CyfrinUpdraft
's amazing courses
0
0
3
@rekxor
I think that contests with 800 to 2k nSLOC hit the sweet spot for me. They're challenging enough to push my boundaries and promote growth, without being overwhelming. I like a bit of extra stress to keep things interesting! 😅
1
0
3
@HollaWaldfee100
Let's see, how it goes.
Just finished the first audit, now the 2nd one is ongoing
0
0
2
0
0
2
0
0
2
Web2 Security -> Web3 Security.
Now, I'm Enjoying it.
It's hard but I am gonna make it.
1
0
2
0
0
2
@HollaWaldfee100
@code4rena
Wow! You did a great job!
So it's saying, smaller contests are not that bad
1
0
2
It's called web3 security
@HollaWaldfee100
1 year in the web3 security is like a decade in web2. Looking at how the currently successful folks started a year ago, will most likely not bring the same results. Competition, resources, vulnerability classes, etc. change day after day.
2
0
3
0
0
2
READ IT
Survivorship bias is what brings so many people into web3 and what makes them quit so fast.
We only hear about the people that made it big (rightfully so), as no one knows or cares about the ones that worked hard but didn't make it.
If you are thinking about quitting...
7
9
56
0
0
3
@HollaWaldfee100
cybersec has always been my passion, but college forced me into a subject that wasn't right for me. Despite trying, I couldn't find meaning in it, so I chose to follow my true interest.
1
0
2
@Shivam_Soni_333
Secureum,
@CyfrinUpdraft
's courses,
@0xOwenThurm
's tutorials, reports from
@SoloditOfficial
and learning how the big protocol works at a deep level.
At the same time trying to participate in as many contests as I can
1
1
2
@rekxor
I think that contests with 800 to 2k nSLOC hit the sweet spot for me. They're challenging enough to push my boundaries and promote growth, without being overwhelming. I like a bit of extra stress to keep things interesting! 😅
1
0
3
0
0
1
@oot2k1
In a private audit scenario, lower nSLOC makes sense. Probably it will ensure more thorough and valuable scrutiny from your end!
0
0
1