0xladboy | Sparkware
@Xc1008Cui
Followers
2,204
Following
1,478
Media
107
Statuses
1,186
@code4rena @sherlock blockchain security researcher Security researcher in @spearbitdao @cantina DM for audit or fill in form:
Joined August 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Elon
• 1328967 Tweets
Elon
• 1328967 Tweets
無料クーポン
• 225617 Tweets
DDOS
• 166480 Tweets
増量作戦
• 161975 Tweets
#ファミマ増量クランチ
• 46607 Tweets
#ولي_العهد
• 46191 Tweets
異世界失格
• 29660 Tweets
アジアツアー
• 27892 Tweets
HORI7ON SUMAYAW SUMUNOD MV
• 18508 Tweets
Pumas
• 14866 Tweets
LagunyaZAGAT PasBANGETTT
• 14533 Tweets
GALAUmu GALAUku
• 14062 Tweets
智弁和歌山
• 12814 Tweets
智弁和歌山
• 12814 Tweets
聖和学園
• 12689 Tweets
石橋高校
• 12041 Tweets
22500 USDC. My second highest payout (the first one is on
@immunefi
)
Reward payout 1 / 3 in USDC, 2 / 3 in OP token.
@sherlockdefi
@optimismFND
Starting today let me use Twitter to trace and record my bug bounty-hunting journey.
18
6
165
🧵1/6 My journey as a
#BlockchainAuditor
&
#BugHunter
🕵️♂️: You might know me as ladboy233 on
@code4rena
, ctf_sec on
@sherlockdefi
, or as a bug hunter on
@immunefi
. I started my journey in late August 2022 and have since made over $150K! 💰 I want to share my thoughts
10
19
138
I recently got promoted to senior watson under my name handle ctf_sec at
@sherlockdefi
, the 10K per week payout sounds alluring, but it is not quick money. This thread is about the role of senior watson.
11
5
131
Doing smart contract audit and do not know where to start reading the code after reading the doc? I find a feature of this VSCode extension very useful!
6
27
130
combing with combining with is the best data analysis tool for smart contract auditor / independent blockchain security researchers!
Solodit
Solodit is a platform that aggregates all findings from popular audit platforms.
solodit.xyz
2
21
101
Back in Mid-April, I submitted a bug report in immunefi, the project is unresponsive, after after 4 months, the project confirm the report and just paid me 15K, I don't think this can happen without the help from
@immunefi
and
@0xMackenzieM
!!!!!! They helped follow up! ❤
8
8
100
Making this repo for collecting a list of independently hosted web3 bug bounty, for example, stargate are independently hosting bug bounty up to 15M and frax are idepedently hosting bug bounty up to 10M, free feel to make pull request and expand the list!
5
24
87
Thanks
@trust__90
for the offer! I am glad to have the opportunity to team up with the best top-tier auditor in this space. Also by reading the portfolio, I notice c3phas's skill set is special. I would love to @ him but I cannot find his twitter.
17
1
86
My thoughts on
#Code4Rena
after diving in: Inspired by
@andyfeili
video &
@PwningEth
incredible $8M earnings in 6 months through bug hunting, I decided to become a blockchain security researcher. Here's what I discovered about the evolving landscape of this competitive space.
4
6
78
Meeting legendary security researching
@zachobront
and jack from sherlock
@jack__sanford
did any think jack looks like david beckham???
3
2
78
Scored 17k in a bounty with a solid medium bug find in the contest! Always read the code and test every assumption it makes to find those hidden bugs.
Awards have been announced for the $50,000 USDC
@delegatedotxyz
audit 🤝
Top 5:
🥇
@Xc1008Cui
- $17,158.88 USDC
🥈 d4r3d3v1l - $17,118.75 USDC
🥉
@DadeKuma
- $1,118.51 USDC
🏅 pfapostol - $927.61 USDC
🏅 Sathish9098 - $586.41 USDC (1/2)
4
4
49
8
2
76
Bought a puppy and drive 4 hours to pick him up and drive 4 hours back today
5
0
70
I just can stop laughing. Please do not submit a report like this.
18
2
66
summoning circle
🕯
🕯 🕯
🕯 🕯
🕯 critical finding 🕯
🕯 🕯
🕯 🕯
🕯
6
4
57
0x52 is one of the low-key auditors. He barely tweets because he is busy leading Sherlock contests and finding bugs!!
First year stats:
Made ~$680k
Audited 115 codebases
Found ~140 high risk vulnerabilities and ~250 medium
Spent ~1300 hours reviewing code
Created 267 files in remix
Drank ~90 gallons of pre-workout (my caffeinated beverage of choice)
130
98
1K
3
0
55
There are currently 17 senior watson in sherlock. To earn 20K per week audit in 25% percentile, you need to be better than IIIIII, watchpug, thec00n and xiaoming90 🥲🫡😲🫠
6
4
56
For the contest that is not listed and I participated, I got my ass kicked, but I consistently learn from failure and apply my learning to new audits. I really enjoy that!
@code4rena
@sherlockdefi
@immunefi
2
5
52
1/ I wanted to take a moment to share some exciting updates on my recent journey. It's been an incredible experience for me as I started my own company and embarked on the path of building a business. I'm humbled by the opportunities that have come my way
#Entrepreneur
8
3
48
Sherlock recently hide the preliminary reward and instead display the number of valid issue. In the beginning, it looks confusing but after thinking about it, it is a great move to not shill the anxiety of seeing drastic payment change after escalation
7
0
46
12
2
44
This is actually a pretty good article to summarize some of the attack vector / edge case in lending protocol.
@DevDacian
0
6
44
1/ 🚨 PSA: Are you a protocol developer in need of comprehensive QA testing? Look no further than
@code4rena
's QA testing service! I recently tried it out and was blown away by the results. 2000 USD hourly rate with 8500 USD total rewards 💯
7
3
38
🚨 Attention all crypto enthusiasts! 🚨
Have you heard of the Sherlock Judging Contest? This is a great way to earn while learning and improving your auditing skills. Let me tell you more about it!
@sherlockdefi
1
5
38
2
2
34
The recent adoption of AI by ChatGPT has quite unsettled my heart regarding blockchain security. If AI can audit smart contracts, does this eliminate the need for security auditors? This thread introduces the C4 AI bot race to embrace the technology!
2
6
31
looking forward to the zksync contest, solely web3 auditing is too hard these days, I am trying to change my approach and accumulate more knowledge. web2 + web3 security :) we will see
Let’s take a look at the 90-day C4 leaderboard. A huge shoutout to all the Wardens who continue to help secure the web3 ecosystem 🫡
Top 5:
🥇
@milotruck
- $89,689.53
🥈
@xuwinniexu
- $54,458.81
🥉
@Xc1008Cui
- $42,912.08
🏅
@0ximmeas
- $38,106.34
🏅
@iamdirky
- $34,844.52
7
4
79
2
0
31
Me writing 20 bug report for price pool 30K auditing contest.....
5
0
28
Ooops Escalation rejected. End of story for this submission!
4
0
27
I just everyone can view their immunefi ranking as well. can view in the setting
2
1
27
Two new senior Waston after the contest??? lol
🥇IllIllI just made $121547.02‼️
Congrats to:
🥈float-audits - $13831.38
🥉stopthecap - $12341.18
and everyone in the
@GMX_IO
audit.
IllIllI made $60000.00 fixed pay + $61547.02 from the contest pot!
$225000.00 rewards ➡️ $3.1M+ paid out in rewards.
0
2
40
1
0
27
10K reward for a 32M bug?
Draining $32M in 5 Minutes.
On October 3rd, 2022, we discovered and reported a critical bug in
@perpprotocol
that could have drained $32M, the entire deposited USDC in the pool.
The critical bug was discovered in the "AccountBalance" contract, which serves as the protocol's
18
14
131
4
0
24
Just to take notes myself, will raise PR later. there are other indepedent bug bounty program: Aptos, pool together, ethereum foundation, convex finance... anyone is welcome to help expand the list!
2
0
25
Impressive stats. Doing an audit contest in
@code4rena
and
@sherlockdefi
requires the auditor to be creative, finding unique high-severity bugs to get a good payout, while doing a private audit requires the auditor to find "all bugs". Both secure the codebase in different manners
Personal smart contract auditing stats for March:
- 3 private audits
- 9 Critical, 4 High, 9 Medium severity issues found
- 54 hours of focused work
- $46500 earned in total
Doing security related stuff outside of solo audits, updating you soon🫡
40
22
469
4
0
25
added a few independent bug bounty including compound and convex
1
1
23
this is really true
1
0
23
I can add a few more that paid me, oasys, brahma and union finance
@immunefi
I am sharing the recent 5 immunefi projects which paid and acted in good faith for my submissions.
If others can also share, we can have a list of many good faith projects
1. Radiant
2. Push Protocol
3. Stader for BNB
4. Oasys
5. Eco
10
5
51
1
2
23
@Blast_L2
audit contest just ends. Thanks
@cantinaxyz
for hosting such a great competition. Blast is add native yield feature on top of OP stack. Currently the ETH yield comes from LIDO stETH, USD yield comes from maker DAO. The gas yield comes from user's gas spent in contracts
2
2
23
Web3 security is very new. Code4rena is about 2 years old while sherlock's audit platform is barely 1 year old. This basically means that starting one year before is like leading the industry 10 years ahead. if we start auditing now, we are 10 years ahead of others!
2
2
21
@trust__90
I never pay attention to this. Someone can be consistently ranking the top in gas optimization. Consistently ranking the top in anything is a skill and not easy. A lot of respect. Because gas optimization does require deep understanding of the protocol and even low level EVM code
3
0
22
why this keep happening?the risk of whitehat researcher…
Was just offered a bounty of $5,000 for reporting a $2,000,000,000 vulnerability lol
104
52
1K
6
0
21
This is awesome!
🚀We integrated Sherlock! And added some new features & fixed bugs that we've received from users since the MVP.
5
1
16
1
0
21
This project host a audit competition with
@sherlockdefi
but then they terminate the competition and launch in rush without reviewing / mitigating the bug submission.
⚠️ Seneca exploited ⚠️
@SenecaUSD
was exploited earlier today, with approved user funds at risk. Millions were stolen from users of the protocol.
If you've used Seneca in the past, we recommend checking if you're at risk using our Exploit Checker 👇
4
25
57
2
0
20
🚨🔒👀 Stay ahead of the game in the world of cryptocurrencies with ! This platform is a crypto exploit aggregator that collects and shares information about the latest security breaches and risks in the blockchain industry 🛡️💰💻
1
2
19
Rename gas to mana
1
1
18
errrr top trend for auditing contest. If a codebase seems hard and scary. must do it. must do it. must must do it.
1
2
19
I should print this out and put in my wall to get motivated consistently
Prospective bounty hunters, you're gonna have to get used to getting no return on work that deserves it.
I say this as if it doesn't hurt. It does.
This year I successfully landed one bounty out of many attempts.
That said, the ROI is worth it. Stay the path.
10
9
101
1
0
18
This thread is valuable. I love the charge 📷Per-vulnerability-found model. That sounds fair to protocol and also makes sure the auditor's finding is fairly compensated!
1/43
How I went from charging just $50 down to $50,000+ per Smart Contract audit.
The ultimate guide to "making it" as a Smart Contract auditor so you can do it too.👇 🧵
12
42
230
1
4
17
This is very useful
Introducing Code4rena Test Coverage: a scalable approach to ensuring comprehensive test coverage for web3 projects 🤝
Read more about implementing Test Coverage as part of your security approach here:
Visit the webpage here:
7
9
62
1
0
17
@code4rena
@sherlockdefi
@immunefi
🧵6/6 If you're considering a career in
#BlockchainAuditing
or
#BugHunting
, take the leap! The opportunities to learn, grow, and contribute to the security and innovation of the DeFi space are endless. I hope my experiences inspire you to embark on your own journey. 🌟 Good luck!
0
1
17
great finding, we need to know how to trade stock to be an auditor I guess. 不懂如何股票交易的researcher不是好senior watson 哈哈哈
2
2
17
Emm I just realize 1 unique = 5 medium in sherlock, while 1 high = 3.3 medium in code4rena / cantina. Because 1 high = 4.5K, 1 medium = 900 in this contest.
@tapioca_dao
@0xhyh
@cergyk1337
@bin2chen
🏆
@tapioca_dao
Audit Contest Results 🏆
4. duc - $10,834.32
5.
@0xadrii
- $10,583.55
6.
@windhustler
- $9,808.38
7.
@Composable_Sec
- $5,728.87
8.
@0xTendency
- $3,620.58
9. ctf_sec - $3,437.32
10.
@Auditorpraise
- $906.11
2
2
9
2
0
19
number 1 earn 13 million number 50 earn 100k
This is what
@immunefi
's leaderboard looks like now.
What features would you want to add to it if you could have everything you want?
13
1
55
2
1
15
@BlockSecTeam
@ParaSpace_NFT
🧵7/7 The story of blocksec's successful whitehat rescue is a shining example of how the right tools, knowledge, and dedication can make a huge difference in the fight against cyber threats. This is a glorious tale that should inspire and encourage us all. 🌟🎉
#crypto
#security
1
7
11
auditing world cup? haha
𝟯𝟰 𝗖𝗼𝘂𝗻𝘁𝗿𝗶𝗲𝘀 𝗥𝗲𝗽𝗿𝗲𝘀𝗲𝗻𝘁𝗲𝗱 🫡
17x, Bulgaria: 🇧🇬
11x, India: 🇮🇳
6x, Nigeria: 🇳🇬
5x, Pakistan: 🇵🇰
4x, United States of America: 🇺🇸
4x, Kenya: 🇰🇪
3x, South Africa: 🇿🇦
3x, France: 🇫🇷
3x, Portugal: 🇵🇹
2x, Indonesia: 🇮🇩
2x, Austria: 🇦🇹
2x, Armenia: 🇦🇲
18
12
100
1
0
16
What is some of the way to learn Rust and Golang and web2 security? Please share with you!
5
1
15
0
0
14
I love the chatgpt!!!!!!!!!! POC is running with the help of chatgpt!!!!!!!!!!!!!!!!!
2
0
15
This repo is good. Sadly I see so many not-paid status.....
If you are doing or planning to do
@immunefi
you should check out the following repo from
@sayan_011
which includes write-ups from past researchers. Great resource!
4
12
83
1
0
14
1
0
13
Mental status of the college student during final week hahahahaha
1
0
12
a lot of respect. being a whitehat is just a hard but right thing to do.
People are saying all kinds of terrible things while being uninformed so allow me to share more details.
I've initiated coordination privately with Immunefi officials 3 hours before the white-hack. 90 minutes later, I realized the asset is currently used by the frontend and
76
76
717
1
0
13
@akshaysrivastv
Lead this contest with me together!
🥇ctf_sec just made $10,198.67‼️
Congrats to:
🥈
@berndartmueller
- $2,421.17
🥉
@bin2chen
- $1,940.46
and everyone in the
@Bond_Protocol
audit.
ctf_sec made $6,000.00 fixed pay + $4,198.67 from the contest pot!
$23,600.00 rewards ➡️ $4.8M+ paid out in rewards.
0
1
12
1
0
12
@merkle_bonsai
31. but most of them are low / informational. haha. I am not sure I get high but I wish someone can bump the reward pot to 1.2 million using high severity finding and then people that found medium can get a large share as well!!!!!
2
0
12
@0xDjangoOnChain
lead this contest with me 👍
🥇
@iamdirky
just made $2,095.38‼️
Congrats to:
🥈ctf_sec - $6,034.10
🥉ast3ros - $1,928.82
and everyone in the
@DinariGlobal
audit.
ctf_sec made $4,000.00 fixed pay + $2,034.10 from the contest pot!
$16,000.00 rewards ➡️ $4.6M+ paid out in rewards.
1
1
21
0
1
11
0
0
11
With 2K submission in recent c4 contest, I must agree, a huge survival bias is clear
Frankly, I joined web3 security because it paid higher than web2 sec. Last year I was telling everyone to switch due to the opportunities and growth in this industry.
However with the job market tight and competition fierce in audit contests, it is no longer the case for the
24
9
142
0
0
11
0
0
11
A threat to collect funny / special / humorous bug report names. Need to take a break my brain power is consumed.
2
2
9
@Blast_L2
@cantinaxyz
When researching the yield provider integration, I came across this report from
@GalloDaSballo
1
1
10
@pvpcoffee
@code4rena
@sherlockdefi
@immunefi
1 year of software engineer experience, then 1 year of self-taught blockchain / solidity experience.
4
0
10