0xFrankCastle🦀
@0xcastle_chain
Followers
1,675
Following
1,082
Media
61
Statuses
1,010
smart contract (Web3) security researcher. CosmWasm , Solana , polkadot +5 Audits with @PashovAuditGrp 🦀 Tm:
Joined April 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#Jin_Happy
• 942185 Tweets
Errejón
• 439185 Tweets
#IllBeThereOutNow
• 369141 Tweets
seokjin
• 266730 Tweets
Gaga
• 185640 Tweets
期日前投票
• 95534 Tweets
LINGORM X VOGUE THAILAND
• 85047 Tweets
Rams
• 57922 Tweets
halsey
• 56841 Tweets
農業バイト
• 56564 Tweets
علي النبي
• 56406 Tweets
Rohit
• 48256 Tweets
YINWAR X GARNIER
• 45936 Tweets
Kohli
• 44971 Tweets
#INDvsNZ
• 42442 Tweets
LINGORM MAJOR FANDOM
• 37217 Tweets
連載マンガ
• 36111 Tweets
Hayırlı Cumalar
• 34245 Tweets
Durk
• 29554 Tweets
JD WITH ISSEY MIYAKE
• 26485 Tweets
上げ底弁当
• 24664 Tweets
セブン社長
• 23682 Tweets
#私にも2000万下さい
• 20646 Tweets
下請法違反
• 18632 Tweets
Recep Tayyip Erdoğan
• 16356 Tweets
Visi Kerja Prabowo-Gibran
• 15514 Tweets
addison rae
• 15031 Tweets
Lebih KOMPAK Lebih KEREN
• 14613 Tweets
#جمعه_مباركه
• 12075 Tweets
Pinned Tweet
Constant work always pays off; you need to keep working every day.
It was a perfect Rust experience🦀, regaredless the results.
Achieving 4th place in this contest as a side hustle beside my private auditing work informs me that I have larger capabilities than what I thought.
20
1
112
I do not believe my eyes, I got the 2nd place in my first rust audit , and the first Polkadot audit on C4 , I found :
The only 1 high 🟥
2 meds 🟨
the best QA reports
And I won 21,000 as reward ,this is 10x of all my past rewards , this is a great achievement at the age of 19.
38
9
298
Achieved 2nd place with a $21,555 reward! Many have asked about my learning path and the Rust resources especially with Rust-based contracts and
@Polkadot
. I'm excited to share my comprehensive learning path and resources in the thread 🧵,repost this to help spread the knowledge
13
67
262
If you want to learn Rust🦀/Solana Programming and Security, you can try those two courses by
@AckeeBlockchain
which will level up your Solana skills, or it will give you a good introduction and put you on a high level in Solana programming and hacking.
2
32
240
The best YT courses to learn Rust🦀:
1) beginner :
2) intermediate (let's get Rusty by
@letsgetrusty
):
3) advanced (Crust of Rust by
@jonhoo
)
those courses will take your Rust skills to another level🦀
2
52
249
If you are looking to learn Rust Solana 🦀🦀 , this is the best resource to start with from
@RareSkills_io
, and it is free .
It is not finished yet, but the 33 lessons are really great.🦀💪
5
24
136
THIS IS RUST:
→ Introduction to Rust
↓
→ Ownership and Borrowing
↓
→ Data Types and Variables
↓
→ if else & loops
↓
→ Functions and Closures
↓
→ Structs and Enums
↓
→ Error Handling
↓
→ Traits and Generics
↓
→ Memory Management
↓
→ Modules and Crates
↓
2
9
101
1.5K followers milestone has been achieved ✅
Thank you all, Great security researchers and developers. 🫡
7
2
93
The best auditing technique for me, and using it now:
- Starting with the code,line by line.
- Billions of comments describe the system.
- Hundreds of audit tags on the critical areas.
- Tens of #[test] to test exploitation scenarios.
- 50+ external notes to start my reports from
2
5
84
Here is the most comprehensive guide for the most common attack vectors in web3 security , I personally learned a lot from it
I appreciate retweet this and spreading the knowledge for more safe web3
3
27
79
Many people who are interested in becoming Rust auditors asked me if there were ongoing Rust audits, so I decided to keep track of all Rust audits that showed up and inform you all.
1)
@axelar
on
@code4rena
:CosmWasm /Rust🦀
2)
@centrifuge
on
@cantinaxyz
:polkadot /substrate🦀
1
6
74
If you did not stay until 4 am searching for a bug in 6000 sloc project 🦀 , you are not a Real auditor .
For real auditors , what do you prefer horizontal or vertical monitors ? Or a combination of them like me ? And why ?
10
4
72
If you need a roadmap for learning Rust and start auditing Rust-based projects, this can help you.
#Rust
Achieved 2nd place with a $21,555 reward! Many have asked about my learning path and the Rust resources especially with Rust-based contracts and
@Polkadot
. I'm excited to share my comprehensive learning path and resources in the thread 🧵,repost this to help spread the knowledge
13
67
262
1
6
70
I do not believe my eyes🫣❤️, I got my first 4 digits payout and came in the 9th place in the
@centrifuge
contest on
@code4rena
, and also I have the best QA report in the contest , thanks to the amazing platform and all the people who helped me reach this place after 2 monthes .
18
2
63
Although I am busy working on Rust private audits, 🦀, Finally, I have updated my Github portfolio.
Check it out here:
Keep your eyes on it, because I will update it multiple times this month. 🦀💪
2
4
60
If you have 10 billion dollars and do not know where or how to invest them, I invite you to go there and get inspired. 😊
2
7
58
I have been accepted to Solana Auditors Bootcamp 2024 by
@AckeeBlockchain
🦀💪
You can also apply, and Join me in learning Rust security,
2
2
56
If you're looking for Rust audits, here are 3 of them:
1) Superposition (AMM) on C4: 5,250 lines of Rust, deployed on Arbitrum.
2) ZetaChain (Gateway) on
@cantinaxyz
: 312 lines of Rust/Solana.
3) Centrifuge (AMM, lending, and borrowing) on Cantina: 7,200 lines of Rust/Substrate
0
6
52
Recently,I completed my first Rust/Solana audit with
@PashovAuditGrp
,and the experience was exceptionally smooth. I was able to focus entirely on the codebase, with virtually no time spent on administrative tasks or other less engaging aspects that often accompany private audits.
3
2
49
My dual monitor hacking setup with the i9-14900k processor and 64 gigs of RAM.
Can someone give me advice about lightning and how to set the most comfortable lighting for my eyes?
What do you prefer the most, single, dual, or no monitor setup ?😂
Show me your hacking setup.
15
2
45
THE SPACE NEEDS MORE RUST CONTESTS..🦀
Rust protocols should prioritize public audits alongside private ones. I've seen multiple Rust/Solana protocols pay ~$1M in bug bounties to whitehats, yet they’ve never held a public competitive audit on C4 , sherlock , or cantina.
5
0
47
If you are looking for Rust audits, here are 2 of them Right now:
1) WOOFI SWAP on
@sherlockdefi
: Rust/Solana🦀.
2) starknet on
@CodeHawks
: Rust/Cairo 🦀.
I hope to see more competitive rust audits in the coming auditing wave, especially on
@code4rena
and
@cantinaxyz
🦀
1
3
46
Native Reentrancy Attack Protection in
@CosmWasm
CosmWasm offers native protection against a common and critical vulnerability in smart contract systems. reentrancy attack occurs when a contract calls an external entity to execute a function before fully updating its own state🧵
2
8
40
the state of the first month in web3 security : ✅
findings 🐛 :
8 highs 🔥
7 mediums 😌
11 lows
total payouts : 610$ 💵💰
I worked on
@code4rena
and
@sherlockdefi
and
@CodeHawks
this is just the beginning ,and I am targeting getting over 2 K and a 1th place next month
4
4
39
Reaching the top 50 was a 2024 goal of mine, and I've not only achieved it but also landed in the top 20 of the C4 90-day leaderboard. I'm now 14th on the 90-day and 56th on the 365-day leaderboard , and My next target is to be among the top 10!
Hard work truly pays off .🦀🥰⚔️
2
2
35
Me too; this is the first thing I read about blockchain at all, although I finished it in 3 days, and I did not understand a lot of complex things about the nodes and consensus. But I am sure that if you read that book, you will stick with Ethereum and Web3 for your entire life.
1
1
35
It was a dream to me to be mentioned in the Top 5 post by C4 ,and this is even more better ,since I have achieved the 2nd place🥈,and found (1/1) of the highs,which was in fact a critical one , and also this is my second time get the best QA in the contest, I am so proud of me😍.
Awards have been announced for the $100,000 USDC
@hydra_dx
audit! 👏
Top 5:
🥇
@J4X_98
- $23,597.20 USDC
🥈
@0xcastle_chain
- $21,555.12 USDC
🥉
@bin2chen
- $8,911.28 USDC
🏅 TheSchnilch - $7,861.35 USDC
🏅
@CarrotSmuggler
- $7,510.89 USDC
6
5
45
3
3
35
All this cash in the contests , and I will end up making 10 usdc .
3
0
36
Currently I have finished my second Rust audit with
@PashovAuditGrp
The client was a well-known protocol with 9-digit TVL. It was a very good audit with multiple highs and meds found by me and the team. Unfortunately, the audit was under NDA, but the report may be public soon🦀
3
1
34
Climbing the leaderboard of
@code4rena
as I promised after 2 months of working and my first 4 contests on the platform 😉💰👨💻
Found :
5 highs
4 mediums
4 QA reports class A
Making : $ 1487 💰
A lot more is coming soon 🔥🙏
5
1
33
Wow , I got my second 3 digits reward on the same day of the first reward 😂❤️❤️❤️
This time on c4 tangible caviar contest
@code4rena
I am now the happiest man on the planet ☺️ ❤️❤️🫡🔥
3
0
31
I started auditing august 2023 and stopped in october 2023 because of my 3rd semester in electronics engineering , I returned to auditing february 2024 and did HydraDx , then I stopped again to my 4th semester .
total time : 3 months
total reward before HydraDx rewards : 2500$
1
1
32
Conditional pots are the worst thing in Web3 security, giving the sponsors an incentive to invalidate as many findings as they can to pay less. People are doing contests because no one has an incentive to do this manipulation.
A reward pot of $100K is better than 2M fake rewards.
If you are planning to join UniswapV4 contest on Cantina, you should read this.
UniSwap Foundation had a contest on Code4rena before for their Staking Contract, I managed to secure the 2nd position in it, but the judging process involved a lot of things.
The contest was
13
9
127
0
3
30
Woow , I got in the 6th place in my forth contest ever , and my first contest ever on
@sherlockdefi
, I got my first 3 digits reward in the cooler contesr , and I am very very happy , thanks for all the people who helped me , and specially to
@shealtielanz
❤️❤️🫡
7
2
28
@cantinaxyz
Can you please set the camera wider to get me in the picture 😠📷.
We’re back with more competition results! Here are
@centrifuge
’s 🪐
Your top 3 ranked researchers are:
🥇
@J4X_Security
: $70,209.75
🥈
@watermelon_sec
: $25,108.96
🥉
@krikoeth
: $7,889.22
Thank you to everyone that participated! Full leaderboard below.
4
2
60
6
1
29
Whoever helps me reach 1000 followers will win a big contest soon.
4
1
26
This is incredible from
@Al_Qa_qa
He is one of the best solidity auditors I have ever seen.
Congratulations mate 🫡🫡
Alhamdulillah, I managed to secure 1st place in
@ArkProjectNFTs
contest on
@CodeHawks
- 5/5 High
- 3/6 Medium
- 5/6 Low
The last months were not good for me, so I challenged myself in that contest, and the results were satisfactory. Here is the comeback 🚀
44
1
146
0
1
27
I fall in love with the deep dives of
@DevDacian
through the different defi attacks , and specially this one is super great .
thanks
@DevDacian
for adding value to this space and the whole web3 space.
1
1
24
38 days of working hard in a picture 📸 🫠
Are they enough, or do I need to submit more ? 🤔
Keep your eyes on
@hydra_dx
contest discord on
@code4rena
to see the results .
2
0
25
This is one of the best vulnerability explanation that I have ever read ,
@0kage_eth
fully delved into each small detail in the code and described it very well , and he was focused on the understanding of the contracts concepts and the vulnerability.
1
1
22
Massing critical checks like verifying that the message sender is a trusted entity before minting tokens on the destination chains seems like a very common access control issue that will have 10+ duplicates in public contest.
I think I should stop doing contests and start BB 😅
New blog post: Circle CCTP Noble Mint Bug by
@evonide
. A critical vulnerability in Circle’s Noble CCTP implementation could have allowed the circumvention of message sender verification to mint arbitrary USDC tokens.
9
26
160
3
0
21
a 6 hours RUST course is very good resource to learn rust and apply on what you have learnt by doing 19 practices , If you will participate in
@hydra_dx
on
@code4rena
, I advice you to watch this course to learn the basics of rust in such a little time .
1
4
20
only 130 remaining 🦀🙂
1
0
21
My payout from
@OndoFinance
contest on
@code4rena
, I am kinda frustrated from this result , because I spent alot of time doing this contest , but I missed the important bugs 😕
I will try in coming contests to avoid be distracted by QA and lows and focus on the valuable ones👨💻
0
0
21
@code4rena
@hydra_dx
@J4X_98
@bin2chen
@CarrotSmuggler
I am so happy to achieve the second place in the first
@Polkadot
contest and help securing a well-design and complex protocol like this , I am also feel happy to have the best QA report in the contest , thanks
@code4rena
for the opportunity , together for more safe web3 ⚔️🫡
1
1
19
If you intend to participate in
@fuel_network
contest on
@immunefi
, you can start learning sway language by watching this amazing playlist made by the greatest 🔥👌
@ProgrammerSmart
0
1
19
@PolkadotAssured
I am happy to help securing polkadot ecosystem and providing more safe environment to the users , I also was impressed by the volume of evolution and security that the zero layer of polkadot provided to the applications to grow in safe way , together for more safe web3 ⚔️🔑.
0
2
20
We will see something different from C4, although I will not like it since it will force C4 clients to get an audit from zellic so it will add more cost if the project wants to combine spearbit audit with C4 audit.
It will be something like cantina, which gets fewer audits.
We're proud to announce that we've acquired
@code4rena
!
Code4rena is the gold standard for competitive audits, and we're thrilled to join forces with them.
We acquired Code4rena for one simple reason: because it enables us to do better audits for our clients.
Here's how. 🧵👇
31
68
518
3
0
19
One of my favorite sources of inspiration which I competed against him in HydraDX polkadot contest on C4, He impressed me with his ability to think about all edge cases that can happen. I learned a lot from him, and I and he became friends
@J4X_98
Congratulations on your journey
It's weird to say this, but I've just ended my first year as a full-time auditor. It feels like I just started a few months ago, but the calendar is proving me wrong. Inspired by some of my friends, who also did recaps after their first year, I will try to give you guys some info
50
23
356
1
0
18
I think I should have submitted one more finding to win the contest 😅 🫠
38 days of working hard in a picture 📸 🫠
Are they enough, or do I need to submit more ? 🤔
Keep your eyes on
@hydra_dx
contest discord on
@code4rena
to see the results .
2
0
25
1
0
17
1.2.Level Up to Efficient Rust : After grasping the fundamentals, solidify your knowledge by diving into an intermediate-level course like " Crust of Rust" , This highly-recommended course is designed to enhance your ability to write efficient Rust code.
1
1
18
Do not ever trust centralized exchange or centralized entity.
3
1
17
FOMO is killing me .
in your opinion , what is the best contest to participate in ? , and which contest will have less competition ?
3
0
17
Boost Account AA Contest has reached an unrecoverable state .
5
0
17
you can start bug hunting on
@immunefi
or participating on the
@PolkadotAssured
funded contests on
@code4rena
, and start see the results .
I appreciate reposting this post to spread the knowledge for more secure web3 ⚔️🫡 .
0
0
16
New achievement unlocked 🔓
Matching the number of followers and followings. ✅️
Followers ==Followings.
Next milestone:
Followers = 2 * Followings.
Who will break the first one and help me achieve the second 🫡❤️?
1
1
16
so much ALPHA here 🔥 with
@DevDacian
a great talk and valuable information and a lot of motivation to be successful in this space
thanks
@DevDacian
, and thanks
@shealtielanz
for these good questions
2
3
15
1. learn RUST 🦀
1.1. Rust basics course :
you can start by watching "Let's Get Rusty" course & the official Rust book. Combining both offers deep understanding of the basics of rust and you will be able to read rust contracts .
2
2
16
@Al_Qa_qa
1) Understand the protocol
2) Save the protocol until you dream about it .
3) Write a lot of useless tests and waste a lot of time trying to understand how to set a suitable environment for testing .
4) Start finding vulnerabilities
2
1
15
Only 40 followers remain to celebrate .🥳
Whoever helps me reach 1000 followers will win a big contest soon.
4
1
26
1
0
11
I went through all the polkadot docs to understand all the properties of this cutting edge technology .
this playlist helped me to understand the concepts that were hard to be understood in the docs by doing code walkthrough .
1
1
13
what a course made by
@letsgetrusty
,
since hydra contest on
@code4rena
has a period of 28 days , I decided to give rust more time to reach the intermediate level , so I will do this playlist in the next two days and then move to building with substrate
0
1
11
2.2. You can also check the
@paritytech
youtube channel which has a great content about polkadot and substrate , and offer a lot of practical explanation of polkadot ecosystem , I found this playlist very useful .
1
1
12
I have updated my github portfolio . check it out :
and let me know if you have any suggestions to enhance my portfolio .🥰🫡
0
0
12
2. Learning about Polkadot
2.1. When it comes to mastering Polkadot, there's no substitute for the official docs and YouTube channel , which features an exceptional series"Polkadot Deep Dives," offering comprehensive explanations of Polkadot and the main framework substrate .
1
1
9
@_hrkrshnn
@solana
I am waiting for the 1M Solana audit and you will owe me a top3 winning card.🫡🤝
1
0
10
- …- …- …- …- …- …- …-
1
2
10
"Account Abstraction" security Guide :
ERC-4337: Users can now utilize smart contract wallets with custom verification logic instead of traditional EOAs. This removes the necessity for seed phrases. Transactions are facilitated by UserOperation objects stored in an "alt mempool."
1
0
10
3. Learning substrate , ink ,and frame .
substrate is the main framework powers polkadot ecosystem , you can learn it form the official docs
ink : is the programming language used by substrate to develop pallets which is corresponding to smart contracts
1
1
9
@abruzuc
I want to dropout of engineering college to go fulltime in web3 security, although I made more money than 5 senior electronics engineers in my country, but the society cares about your degree more than your personal achievements. 🙂💔
2
0
8
@code4rena
@xuwinniexu
@arbitrum
I want to be winnie 🙂
@xuwinniexu
,give me the secret recipe. How can I do it ? 😂
1
0
8
I was shocked when I saw that hydra contest removed and I do not finalize my findings 😠
I thought that all my effort in the last 5 weeks of working on hydra and learning rust🦀 went to waste .
HydraDX contest is still live , it was the hardest contest for me , but I enjoyed it.
1
0
8
This is the best thing that I watched today 😂😂
0
1
7
ink docs for developing smart contracts :
after learning ink language you are now able to read rust smart contracts so you need to learn how the pallets can be created and how custom pallets are created
1
1
8
Can someone help me find L2 infrastructure-related bug reports? I only see DeFi reports on C4 and Sherlock, nothing about infrastructure, nodes, consensus, or compilers.
1
0
8
This is me waiting for my random test to finish running to know whether my finding is valid or not 😂
2
0
8
I managed to find this high finding after working 5 days on one single function on the contract . ❤️🫡
@0xcastle_chain
@hydra_dx
@code4rena
Saw one of your H reports on this contest. Clean, right to the point, and with real impact. Nice finding!
3
0
4
0
0
8
I revealed my secrets 🙊
@Al_Qa_qa
1) Understand the protocol
2) Save the protocol until you dream about it .
3) Write a lot of useless tests and waste a lot of time trying to understand how to set a suitable environment for testing .
4) Start finding vulnerabilities
2
1
15
0
1
8
@WhiteHatMage
> Zero audits: The project has bugs for sure, but they won't pay for any bounties. They don't care about security. Let them get rekt.
I can't help laughing 😂😂😂😂
1
0
7
@0x3b338
@code4rena
@GuardianAudits
This is a good strategy; I do the same. I create two folders for each contest I work on:
one for notes during the contest and another for findings analysis just after the contest ends.I review and analyze all findings, both valid and invalid , to learn from others' mistakes 🙂.
0
0
7
@pxng0lin
@Polkadot
It was necessary to understand substrate framework before I started the contest, so I learned it 10 days before the contest to be able to understand the basics of the protocol and then I learned a lot about frame pallets during the contest since it is necessary to control runtime
0
0
7
the final step that you need to learn is FRAME which offers two of the most important pallets to manage the parachains and the protocols on polkadot chain , frame_system and frame_support pallets .
frame_support :
and frame_system
1
1
7
@J4X_Security
@cantinaxyz
@centrifuge
congratulations ,sir.
I think I need to visit Bulgaria ASAP 😆
Great job , I have learnt a lot from your findings as usual😁
1
0
7
there is Commen vulnerability with Chainlink Price Oracle and the Arbitrum Sequencer, If the sequencer goes down, the Chainlink oracles will have stale prices from before the downtime.this article discuss the details of this vulnerability comprehensively .
0
2
7
The final report for this audit will be made public soon, contributing valuable security materials for Rust auditors and protocols to strengthen their security measures🦀
Thank you,
@pashovkrum
, for the opportunity. I look forward to continuing our collaboration in the future 🤝.
0
0
7
is there any auditor who wants to team up and participate in chainlink staking V2 contest ? 🙂😊
2
0
6
@Al_Qa_qa
I hope that the pot is not like this😂
If one or more medium-severity bugs are found, the reward pool will be $25,000 USD
If one or more high-severity bugs are found, the reward pool will be 100,000 USD
If 3 or more Critical severity bugs are found, it will be $2,350,000 USD
1
0
5
I am shocked ، I think this is not fair
@trust__90
@sherlockdefi
@Optimism
Should link to this instead:
The number of bugs that will be fixed but aren't rewarded
6
1
37
2
0
6
1
0
6