sorryNotsorry
@0xSorryNotSorry
Followers
2,503
Following
491
Media
76
Statuses
1,070
Co-Founder of @0xDup1337 || Security Researcher || Scout & Validator at @code4rena || Audit requests:
Joined August 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Elon
• 1273721 Tweets
Spaces
• 431875 Tweets
無料クーポン
• 189121 Tweets
#BTSisSeven
• 162078 Tweets
DDOS
• 155683 Tweets
増量作戦
• 127170 Tweets
#WWERaw
• 118615 Tweets
Department of Education
• 40557 Tweets
#ファミマ増量クランチ
• 36091 Tweets
Yankees
• 28641 Tweets
異世界失格
• 27409 Tweets
HORI7ON SUMAYAW SUMUNOD MV
• 12415 Tweets
スペシャルコンテンツ
• 12289 Tweets
Pumas
• 11750 Tweets
#ヒルナンデス
• 11233 Tweets
アジアツアー
• 11030 Tweets
White Sox
• 10247 Tweets
Today is the first day of full web3 security stage of my life. And I still remember signing-off from my last vessel two years back thinking about not to return back again.
This part of my life is called happiness.
32
5
222
Count me in.
I quit my 8 to 5 non-tech job only to focus on web3 security.
I don't have to try to focus only in my free time anymore which I did until now. It was painful.
I feel lighter by taking this step.
Just wish me luck and some more neurons :)
51
2
204
Its already one year since I posted this.
Never looked back, never been happier, never been so satisfied. 🤘
Barely worked at the first 6 months and made over $150k including private audits.
I regret not doing this earlier.
Today is the first day of full web3 security stage of my life. And I still remember signing-off from my last vessel two years back thinking about not to return back again.
This part of my life is called happiness.
32
5
222
24
5
197
One of the biggest dilemma at the security summit is everyone wants to meet everyone, and everyone is an introvert. Lol
18
4
118
Here is the findings summary of my first private audit. The repo is still private tho.
13
4
105
I got my first private audit today. 🔥 I will be happy to provide all spots to the client without the usual competitive time constraint.
18
2
108
I've been presorting the
@code4rena
contest submissions for a couple of weeks. It's like living the heaven and the hell at the same time. While there are amazing quality submissions, there are also low low quality ones. I will prepare a nice thread shortly regarding
18
4
105
We managed to secure in top 3 while we had painful mistakes in this contest with my man
@deliriusz_eth
Some advisory posts will follow sharing what to do and not to do later on.
18
4
96
Spotting 3 Critical and 5 High Risk vulns and many mediums at my first private audit. I'm grateful to this community shaping me with many alphas.
11
1
88
We won the invitational Hodl Contest of
@code4rena
🎉
We also achieved to grab Hunter and Gatherer bonuses 🔥 😉
22
4
84
The same feeling when the Sponsors confirm your solo finding.
4
1
81
I knew this was coming.
A client applicant sent their files with many trojans and ghosted me afterwards. They specifically asked for a Windows machine. Lol
Thank god I'm using a different pc for these audits.
7
7
76
Just received another private audit. 🔥 Can't wait to see one more happy client.
11
0
74
I've spotted a niche critical vulnerability in several platforms that causes DOS. Informed all the platforms regarding the issue (one of them is Certik certified).
So far nobody responded.
Funds are safe? Yeah, if the owners respond.
I'm tired boss.
8
0
73
When I was a sophomore in high school, my grades were among the worst in the country - no joke. Because I wasn't interested. A year later, I was solving olympic class geometry problems. Because all I was dreaming was geometry.
TL:DR,
Don't get into auditing unless you have fun.
6
0
65
This was the first contest that we teamed up
@0xDup1337
with
@deliriusz_eth
Missed a lot and learned good paths. It was worth waiting. 🎉
Thank you for the opportunity
@cantinaxyz
&
@Blast_L2
11
3
63
We criticize almost everything in life.
Try it on smart contract level, you might benefit it.
2
6
56
We (
@0xDup1337
) ranked top in this contest too with some more solos.
It resulted in taking more than the half of the prize pool🔥
Good job
@deliriusz_eth
🤘
Thank you for the opportunity
@KrystalDeFi
&
@code4rena
🌟
🏆 The results of the Krystal invitational audit are in!
Congrats everyone who helped secure Krystal, especially Team
@0xDup1337
(
@0xSorryNotSorry
, deliriusz) for taking over half the prize pool!
Shout out to
@KrystalDeFi
for their commitment to security 🫡
1
6
23
9
3
54
Touched grass today, now I have no willingness to work.
2
0
53
Solidity proposal;
Change try/catch to try/mightCatchDYORBiatch
8
0
51
I ranked in top 10 in
@code4rena
's Canto contest at November 2022. There are some mindful findings which I respect a lot. 🔥
3
3
43
Tools used:
Two eyes and a handful of neurons
It was nice to see this in a report.
4
0
44
Trying to spot the bug that you think exists in the codebase ends up missing the other bugs.
Stefan Zweig once showed this occurrence in his book "The Royal Game".
Every mistake is an experience, but it´s up to you whether you´re educatable, anon.
2
0
45
A nice day to start auditing a giant codebase without any time constraints. I feel like the ring bearer.
As
@1_00_proof
once said; there is only the code and me.
5
0
43
Finally had a break from a looong auditing period.
Will have some refreshment at Brussels.
1
0
42
A shop in Gent posted their mnemonics on the glass. We will never achieve web3 security, never.
2
3
36
The universe has different ways to tell you to go find a bug on immunefi.
5
0
33
Are you tired of tracking your C4 submissions, status of them including the duplicates?
I don´t care if you are but
@CarrotSmuggler
does :)
A must have tool to track your
@code4rena
submissions:
"C4-Table"
1
3
33
Dear devs, please impelement all validations at the contract level.
Else, your frontend becomes your project's soft belly.
Same shit, different day
4
1
30
Kill one man, and you are a murderer.
Kill millions of men, and you are a conqueror.
Kill a contract that refunds the all deployment and initialization gas, you are a god.
0
0
30
I'm happy to have met many of you at the DSS and sad about the ones missed to meet. I'd like to include an exhaustive list of pals for my appreciations but it will look like a phishing Optimism airdrop. :) I'll always remember this event as the photo credited to
@TheSmileyDAO
2
0
31
Might be funny but I'm planning to dive into gEth to seek more logic of the low level interactions.
2
0
29
The problem with DeFi is that it's fed by the DeFi users. It's against the first law of thermodynamics.
Eventually all the values will be diluted.
I have the most bizarre idea to change things.
Something is cooking.
2
0
28
We were not able to crack it on Immunefi, now let's not be able to crack it on Cantina.
Researchers, we've got huge news:
@uniswap
is moving their massive $2.25M bounty over to Cantina!
For anyone savvy enough to crack their codebase, this is the biggest bug bounty opportunity yet on our platform 🪐
Bounty link below.
10
18
102
1
0
28
Hey, newbies of web3, let me tell you my story of how I started to make money in web3 development. Here comes the money-making flood;
4
5
27
He has no tech background and already scored 2nd place in a tough contest. What a chad. 🔥🤘
That tweet aged well.
My first contest on
@code4rena
: Chainlink CCIP ➡️ Another magnificent failure - 0 valid issue.
My second contest on
@code4rena
: Chainlink Administration ➡️ 2nd place 🎉😱🎉😱
13
0
46
4
1
28
if you don't learn to spot the bug today, tomorrow you'll miss that same bug in your audit.
0
4
28
Auditing is what happens when your cats are busy with sleeping
4
0
28
Not being able to achieve everything perfectly makes the tomorrow.
Imagine everything is perfect, then there would be no progress after all.
1
1
27
Our DSS technical talks ended up like,
Who is 0x52 really, an alter ego of a warden?
Did
@samczsun
come to the C4 event?
It's a pity that
@gogotheauditor
and
@HollaWaldfee100
didn't show up.
Lol
3
1
27
When I forget about the remaining codebase once I spot the incorrect maths library implementation
0
0
27
There's nothing more relaxing than having a large ramen bowl while watching Seinfeld.
2
0
28
Am a good sauce chef 🫡🤘
4
0
27
Following this post - you can find some advisory insights about team collaboration within the thread 🧵 👇
1/9
We managed to secure in top 3 while we had painful mistakes in this contest with my man
@deliriusz_eth
Some advisory posts will follow sharing what to do and not to do later on.
18
4
96
3
3
27
Every piece of code pending to be corrected in a contract is centralization. It's not the onlyAdmin modifier alone.
Prove me I'm wrong.
5
0
26
Yesterday´s
@RektHQ
post ends with a perfect summary of web3 space especially why the DAOs are doomed;
¨But first and foremost, should we accept that humans are political creatures in the first place and that no system will ever be perfect until we perfect ourselves?¨
The
1
1
27
I wasn't aware of how well
@bytes032
's
@FindAudit
channel was organized until today.
It's definitely a promising spot if your budget isn't sufficient for big security firms and you want to have the option of max applicants to audit your codebase.
A marketplace for auditors that hate marketing
Problem
- I'm getting ~2-3 leads for audits/day
- I cant take all that work
- I'm not interested in building an agency
- You might be a better auditor than me
Solution
- Im giving away my leads for free, no commissions, no fees 👇
27
61
542
2
0
26
One of the mysteries of humankind is people believe in themselves when they have no success and lose faith even if they have succeeded before.
or is it related to entropy at all?
2
0
25
Karma is a b.tch
@cronos_chain
It's fitting that they were exploited last month, for the exact amount as the max bounty 😂
7
4
91
2
0
25
I'm too excited to listen & meet the great minds at
#defisecuritysummit
Throw some dark forest air on me.
4
1
24
What a nightfall in the middle earth
1
2
24
Losing your common sense is the worst thing that might happen during auditing.
The nastiest bugs occur in simple forms that are visible to the ones not losing it.
1
0
24
Thanks for inviting me
@RealJohnnyTime
, it was super fun to have talked to you as well as sharing my experiences.
Tomorrow I am going to interview the
@code4rena
OG Warden and Lookout
@0xSorryNotSorry
.
It's going to be an inspiring interview full of insights, especially because he doesn't come from a tech-heavy background!
What would you like me to ask him?
7
2
59
3
2
24
Michelangelo: The perfect sphere doesn't exist.
Meanwhile in Las Vegas:
3
2
23
I strongly disagree with the idea that a platform offering less bounty is prone to be hacked rather than taking the bounty.
You just can't change the mind of a blackhat guys. Raise the bounty, and they'll ask more anyways as they see 10% of the TVL as the bounty. Who's providing
4
0
24
Don't you ever forget that you can encounter cats anywhere in Istanbul even at a cable car. Adorable!
0
0
23
New phishing DM pattern,
Don't fall into this 👇
Woman profile photo ✅
Handle name ends with numbers ✅
Spammer claims that she's a member of {x} ✅
Spammer wants to interview with you(!) ✅
Spammer profile is full of retweets from {x} ✅
None of your followers follow her ✅
3
3
23
Checking the Arbitrum contest, I again reminded myself why a vetoer is crucial in Governance contracts.
5
1
22
Blockchain is unbreakable and secure.
Meanwhile;
A reentrancy causes ETH to be hard forked,
A precision loss causes 9 figures loss,
A MEV bot steals your profit,
An owner siphons the funds.
This should not be the tradeoff of the blockchain is an unbreakable argument
1
0
22
Working with 40 hz is a brain drainer.
I won't leave the good old white noise again. 🫂
5
0
22
Stuck in a transferownership function in the Middle of 18k SLoC of a private audit. It just doesn't make me feel right.
6
0
22
What a night!
Being an ex-captain, I never imagined that someday I will be on a boat full of hackers. It's close to being sci-fi for me.
⛵️
#TrustX2023
"Cruising Bosphorus, Securing Ethereum" over great conversations!
🙏 Thank you
@cantinaxyz
for co-sponsoring this wonderful Bosphorus cruise
1
5
31
2
0
22
The first function overloading that I wasn't aware of;
Du,
Du hast,
Du hast mich,
Du has micht gefragt...
:D
7
0
21
It looks like my favorite game changer rules the game again.
🔥🔥🔥
Introducing Code4rena Pro League 🏆
⭐ All-star auditors
🔒 Custom security services
🥇 The best security talent including
@cmichelio
,
@samczsun
,
@hellocccz
,
@IAm0x52
,
@xuwinniexu
,
@zachobront
, and more!
Read more:
14
131
242
0
1
21
The bot owner who poisons block scanners with fake token transfers;
Please DM me, I want to upgrade to pro and pay you just to exclude my addresses from your service.
0
2
21
Getting old is cleaning the house listening to The Prodigy
2
0
20
I managed to find a spot in top 5 by a solo medium. Congrats all.
Awards have been announced for the $90,500 USDC
@TimeswapLabs
competition!
Top 5:
🥇
@hansfriese
- $21,290.00 USDC
🥈 mookimgo - $7,471.29 USDC
🥉 chaduke - $7,423.71 USDC
🏅sorrynotsorry - $4,626.00 USDC
🏅
@codeIslight
- $4,626.00 USDC (1/2)
4
5
47
1
0
19
"Is this what you do with the eternity?"
This Groundhog Day quote changed my approach in the life.
At the end we're all trying to hit the hat to pass the day. What a waste of time. But not for me anymore.
1
0
19
Everything seems nonsense in all the codebases I reviewed.
2
1
19
Transferring to Tornado Cash for a white hat hack??
I would assume that every exploited Certik audited codebase had a backdoor then.
A Recap of Certik vs Kraken👇
1.Certik discovered a critical bug in Kraken and
they waited 5 days to disclose the vulnerability.
2.They ran "tests" and withdrew $3M in the process.
3. In their defense, Certik claimed they were testing
Kraken's defense system, which failed to
6
6
39
3
1
19
Not sure how many times it was recommended but it's all in your able hands
@immunefi
Hey
@Immunefi
, consider requesting deposits from projects. It could help ensure commitment, especially when a project promises a $400k bounty but backs out after receiving a valid report. Maybe 10% of the max bounty as a security?
1
2
20
1
0
17
I recently had a disclosure to a project and they stated that they discourage users using the referenced function in the reported flow. Ok :) I have a zero day then
1
1
19
This is what a newbie researcher sees when s/he reads the old audit reports
1
0
18
Take this precious advice from a top researcher. You will not regret.
It’s natural to get amazed by seeing the amount of money web3sec researchers made by starting their career two years ago
But guess what, someone starting two years from now will say the exact same thing for you
The best time to start your web3sec journey is RIGHT NOW🎯
4
6
86
1
0
18
It was nice and smooth to work with
@ShieldifySec
team in this audit with my man
@deliriusz_eth
Looking forward again 😉
The Shieldify team completed another DEX Protocol Audit, which was 2500 nSLOC 🫡
The Findings Summary is:
Critical/High: 5
Medium: 13
Low: 11
The audit report is coming soon!
2
1
25
5
2
17
In addition, while the others are entities with many engineers,
@trust__90
is a person rocking everything in solo. Yes, he's a Jedi.
Some of my favorite web3 security auditors:
1.
@trailofbits
2.
@OpenZeppelin
3.
@trust__90
4.
@ConsenSysAudits
A big reason is they not only do great security work but give back to the community as well.
And of course,
@CyfrinAudits
because that's what I'm working on!
6
8
137
0
1
18
"Calm seas never made a good sailor"
^^ Bullshit, it's all marketing
1
0
17
He only deserves respect at the wake of the recent things. Would you rather be waking up to a morning with your swept funds? He's one of the brightest assets of this ecosystem, but crypto Twitter adores the drama as always.
People are saying all kinds of terrible things while being uninformed so allow me to share more details.
I've initiated coordination privately with Immunefi officials 3 hours before the white-hack. 90 minutes later, I realized the asset is currently used by the frontend and
76
76
717
0
0
16
It's always a quadrable win when you deliver your last brain cell for a solo high that you're not aware of.
1
0
17