Arabadzhiev
@arabadzhiev_
Followers
1,124
Following
191
Media
36
Statuses
408
Full-time Web3 Security Researcher | Former Web2 Software Engineer
Joined April 2023
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
#Fittingข้ามฟ้าเคียงเธอ
• 422207 Tweets
THE NEXT PRINCE
• 241820 Tweets
Army Day
• 197522 Tweets
#WWERaw
• 160610 Tweets
石丸構文
• 150308 Tweets
KIM TAEHYUNG
• 133107 Tweets
Kaveh
• 123588 Tweets
FURIA ES GRAN HERMANO
• 121760 Tweets
Mami
• 104310 Tweets
#RIPCartoonNetwork
• 82746 Tweets
Tucumán
• 61353 Tweets
#IRIAMメンテ中のフォロー祭り
• 58506 Tweets
Rhea
• 54770 Tweets
Hobi
• 41846 Tweets
カーヴェ
• 34874 Tweets
Kendall
• 32222 Tweets
プール中止
• 25269 Tweets
#sandy
• 24880 Tweets
OneDrive
• 21586 Tweets
Sneako
• 20019 Tweets
Viva la Patria
• 17222 Tweets
Feliz Día de la Independencia
• 17096 Tweets
Edey
• 15623 Tweets
アランナラ
• 12856 Tweets
अखिल भारतीय विद्यार्थी परिषद
• 12451 Tweets
Pinned Tweet
The past few months were tough. Loads of blood, sweat and tears without much in return. I felt like I wasn’t going anywhere.
But today, I am finally happy to share my greatest accomplishment so far - My first ever contest win.
The story continues, we are just getting started...
25
4
197
Ladies and gents, I recently took on what was probably my greatest Web3 security challenge to date - A Solana Rust contest, without any prior knowledge on any one of those two.
And it looks like I did it again…
Thanks for the opportunity
@code4rena
!
32
5
204
For the last couple of months, I have been contemplating the idea of going full-time into Web3 Security. And today, I am finally happy to announce that I have decided to pull the trigger and take that step. Today is my last day at my full-time job as a Web2 Software Engineer.
I
37
1
123
Managed to make it in the top 5 of the Napier contest at
@sherlockdefi
, while also securing my first unique medium finding
It ain’t much, but it’s honest work
4
2
96
Can’t find any vulnerabilities on a given audit?
Give the good old Solcurity Standard checklist a look.
I can bet you will get some fresh new ideas.
👇
3
13
87
The results from the first invitational
@code4rena
contest that I've participated in are out. I tried really hard on this one and am happy to share that I managed to secure the top spot on it.
Thanks for the opportunity, it was a pleasure!
12
4
86
Last night I got my first 4 digit award from a smart contract security contest. This has been a big goal of mine ever since day one, and finally achieving it tells me that I’m on the right path.
Thanks to
@sherlockdefi
for the opportunity!
I think it’s time for big moves now…
21
2
86
Managed to make a few bucks from the Olympus RBS 2.0 contest at
@sherlockdefi
.
I must say, the architecture of this protocol is absolutely brilliant. Working on it was a blast.
16
3
86
1/ In my opinion, as of now,
@sherlockdefi
judging contests are the best way to get started with web3 security.
Because of this, I decided to make a 🧵, where I explain the methodology that I personally use when participating in them.
Sounds interesting? Then follow along 👇
5
7
59
Another contest, another top 5 finish. Looks like we are on a streak now.
3
0
57
1/ What is MEV?
What are some of the most common types of MEV?
Follow this 🧵 if you want to find out 👇
1
10
55
I keep on falling asleep with my laptop for the last couple of days. For some reason, that helps me sleep like a baby (and also to think about exploit scenarios in my dreams 😎).
GN frens
15
1
51
The more I use Hardhat, the more I start to realize how much superior Foundry actually is...
6
3
47
Man, the Web3 Security space is simply the best.
Everyone is super ambitious, dedicated and hard working.
New valuable information is constantly being shared on various platforms.
And we are all doing this with one common goal in mind - To make Web3 a better place.
4
2
49
Want to become a better Web3 Security Researcher?
Then stop scrolling Twitter all day and go do some auditing instead. It works wonders, I promise.
3
1
49
I’ve been going back to basics for the last couple of days. More specifically, I've been deepening my Uniswap knowledge. The main resource that I am currently using is
@jeiwan7
’s Uniswap V3 book. And I must say, it's a masterpiece. So enthralling 👇
0
0
45
Managed to place 7th out of 208 participants in the latest
@TheSecureum
RACE.
It was not an easy one for me, I scored 5/8 (but I guess that was not the case only for me 😄).
Had a lot of fun while doing it though.
2
1
43
Ain't no better feeling than finding a bug while writing the PoC for another
2
0
43
Doing web3 security, while also working full time can be tough. However, you have to put in the hours, there is just no way around that.
This is my screen time report for the last week. We keep on pushing. 🫡
2
2
41
Recently, I've been getting a lot of questions in regards to what my auditing methodology is.
The answer is actually pretty simple - I just read code with the intent of breaking it. Everything else I've tried to add on top of that in the past has done me more harm than good.
2
0
42
Just wrapped up my first Pay-Per-Vulnerability private audit.
Thanks for the opportunity
@ShieldifySec
, it was an absolute pleasure working together.
The report is coming out soon, so stay tuned - it’s going to be a good one.
1
0
40
Got my first reward from a
@sherlockdefi
judging contest yesterday. We are just getting started though, the best is yet to come.
1
1
39
The educational aspect of Web3 Security has improved tremendously over the past year. So many new great resources were created, both free and paid, that it's unbelievable.
So to everyone that is just starting out - Take full advantage of this, it can change your life.
2
2
38
It's easy to work hard when everything goes your way.
But what about when things start to get tough and you feel like you aren't going anywhere? - Well, those are the times when you have to show what you are truly made out of.
Remember this, no matter where you are right now.
5
5
36
The best time to get started with Web3 Security was 2 years ago. The second best time is now.
So stop waiting for the perfect moment and get to work, anon.
0
1
35
I’ve been using the Remove Comments VS Code extension for the last two audits that I did. And I must say, WOW, it is a game changer.
For some reason, diving into pure code at the beginning of the audit seems to remove a lot of overhead.
Highly recommend giving it a try.
4
1
32
🚩There are certain things, that when we as Security Researchers see, when starting a new audit, let us know that we are about to work on a protocol of a low quality. I call those red flags.
Here is my top 3 list of those👇
- The test coverage is bellow 80% 🥲
- There is no
0
2
28
My latest reward from a
@sherlockdefi
judging contest. 🎉
I am telling you, this is one of the best ways of learning in this space - if getting paid for going trough past audit reports doesn't incentivise you to do so, I am not sure what else will.
5
1
31
Even when I'm traveling, I still try my best to put some work in.
Every second matters ✌️
8
0
30
An update on the Lavarage invitational contest results
A lot of things happened after the announcement of the initial results, some that were deeply disappointing for most parties involved.
I won’t be going into the details of what exactly happened and how. I just want to
Ladies and gents, I recently took on what was probably my greatest Web3 security challenge to date - A Solana Rust contest, without any prior knowledge on any one of those two.
And it looks like I did it again…
Thanks for the opportunity
@code4rena
!
32
5
204
2
0
33
To be a great security researcher, you have to be a great learner, anon
1
1
31
Auditing a protocol that has poor/no documentation?
💡 Take a look at its tests. They are the purest form of software documentation there is.
2
4
28
If you need a quick, yet comprehensive introduction to Compound V2, this article by
@bytes032
is the right one for you 👇
0
3
29
It was a long time coming, but I finally got my +backstage role at
@code4rena
.
Now, let the learning begin. I've got some catching up to do.
0
0
28
Your mindset going into an audit is crucial. If you go in thinking “Man, this protocol is so well written, there can’t be any bugs in it” then congrats, you’ve just set up yourself for failure. You probably won’t find anything.
Take this from me, I learned it the hard way ✌️
1
0
27
Just finished watching
@pashovkrum
's latest interview with
@RealJohnnyTime
.
This interview is pure 🔥. It's fully packed with alpha.
Definitely a must watch, for all aspiring auditors out there. 👇
0
0
25
Audit
#2
with
@ShieldifySec
is a wrap.
Thanks for the opportunity once again guys, it was a pleasure 🫡
3
1
25
🧠 Something that I always keep on forgetting - Learning something because you actually need it is 10x better than just learning it for the sake of it.
If you are mostly doing the latter, don't be surprised if you keep on forgetting most of the information that you consume.
3
1
23
Ok, hear me out.
It is completely normal to feel like a dumbass, when starting to audit a protocol that is new to you.
You just have to trust the process - put in some focused hours of reading through the code, and you will see how the magic slowly starts to happen.
0
1
21
Looking for a learning resource on EVM opcodes?
Then look no further. The EVM Opcodes Interactive Reference has to be the best one out there.
Give it a try 👇
1
0
21
Okay, since August is almost over, it’s time for some stats.
As far as earnings go, this has been my best month so far, since the beginning of my web3 security journey. I have managed to make a grand total of ~$2,300 from security contests.
We are just getting started. 🫡
1
0
22
My friends
@EgisSec
are starting an awesome initiative.
If I were someone who is just getting started with Web3 security, I definitely wouldn't want to miss out on it👇
Win $1000!
At
@EgisSec
, we were inspired and supported by other researchers, and we want to do the same for those who are starting right now.
That's why we plan to give $1000 to the winner of the following challenge. ↓
59
44
94
2
0
21
The automated findings from
@code4rena
bot races seem to be getting much better with time.
This one is the winning report from the latest Amphora Protocol contest.
It's crazy how many issues it was able to catch (albeit, some are probably invalid).
2
0
21
❗️ERC20 tokens can be dangerous to interface with, if you are unaware of the quirks that some of them possess. Here is a great list that covers a lot of those. 👇
0
1
21
Thanks to everyone who has been there with me ever since the beginning of my Web3 Security journey - This one is for you
1
0
19
A great playlist to get you stated with inline assembly in Solidity.
As always,
@ProgrammerSmart
does not disappoint 👇
0
0
19
That feeling when you close 50+ tabs after completing an audit... priceless
1
0
20
"Building the POC was my first step down the rabbit-hole of programmable money. It was the most intriguing thing I had worked on in my life. It didn’t even feel like work."
This article written by the man himself,
@haydenzadams
, is truly inspiring. 👇
0
1
17
There are some code bases that utilize outdated versions of OpenZeppelin's smart contract library.
When auditing such code bases, it is crucial to familiarize yourself with the vulnerabilities present in some of those versions.👇
1
2
18
Quick tip.
Never leave writing reports for the last minute. It never turns out well...
4
0
17
This should never happen. Change my mind.
1
0
17
The learning never stops. It is very competitive. Everyone doing it is super ambitious. Your work has high impact, in a positive way. And last but not least - freedom.
2
0
16
If you are anything like me and don’t like taking notes, this tweet is for you 👇
I’ve come to the realisation that taking structured notes during an audit, especially a bigger one, are absolutely necessary if you want to max out your efficiency.
Without doing that, you will
1
0
14
1/ Have you heard of the “First Depositor” vulnerability? If not, well, you’ve come to the right place.
In this 🧵I am going to walk you trough what it is, and what are some possible ways to mitigate it 👇
1
2
14
If on most days, you go to bed feeling proud of yourself - you are on the right path, anon.
3
0
14
Yesterday, I came home with a massive headache. All I wanted to do was to just lay in bed and chill.
Instead of doing that though, I did what I had to and went straight to my laptop.
It doesn't matter how you feel anon - you have to do the work, in order to achieve your goals.
1
0
12
Ain't no better way to spend the Friday night, than reading trough past audit reports.
Sharpening the arsenal for a weekend full of auditing. 😈
0
0
11
💡Pro tip
When reading past audit reports, take notes for each finding and group those together by their respective category.
You will be amazed at how much more you will be able to learn this way.
1
0
9
Another rockstar auditor is about to join the full-time club. Keep an eye out for him, I'm sure that his journey will be an epic one.
Godspeed brother.
Big news on my end.
Today I gave my notice at work. In a couple of weeks I'll be all in in web3sec. The past months were just warmup, now the real work begins.
On a side note,
@nmirchev8
and I have something to cool to show you.
More on that, soon.👀
16
5
81
0
0
10
With so many audit contests going on simultaneously once again, it can be tempting to participate in all of them
What would actually be a better approach instead is to participate in only a few of them, while trying to understand their codebases to the best of your abilities
2
0
9
🧠 Whenever you are auditing a code base that makes use of an excessive amount of hard coded decimal values, make sure to double check that all of those are correct.
You may end up finding out that one, or more of those are wrong, resulting in an easy high severity finding 😉.
0
1
9
If you need an introduction/refresher on Merkle trees, this is the perfect video for you. 👇
0
0
8
@xb0g0
@MarioPoneder
I recently had the pleasure to participate in a contest that was judged by
@MarioPoneder
.
Although he rejected my attempt to upgrade an issue of mine, he did so in such a manner, that I actually wasn't mad about it at all. Not only that, but I was also able to learn a thing or
3
0
7
A short and sweet primer on the StableSwap bonding curve used by Curve Finance. This video is a hidden gem 👇
0
0
7
@AmrMalakX
@code4rena
I started in February last year and am still learning fren. The learning never stops in this space ✌️
0
0
7
13/ Link to the whole Criteria for Issue Validity doc 👇
0
0
6
@windhustler
@14si20
@code4rena
I share the same opinion here. Plus, writing those long ass analysis reports looks like a chore. But hey, to each their own 🤷
1
0
5
I didn't come up with this methodology by myself though.
Shoutout to
@andyfeili
for sharing it in one of his videos. 👇
0
0
5
This is HUGE!
@PatrickAlphaC
has just announced the launch of a new platform, that is both going to host audit contests, and serve as a marketplace for private audits.
LFG 🚀
0
1
3
13/ And that’s a wrap!
Thank you for coming to the end of this thread ✌️.
I hope that you found it helpful and managed to learn something new 🤓.
If so, a retweet would be greatly appreciated. Let's help spread the knowledge 🫡.
0
0
4
1
0
4
@windhustler
@code4rena
Congrats man! Those are some massive numbers.
You have proven once again that hard work does indeed pay off at the end of the day 🫡
1
0
3
1
0
4
@GiuseppeDeLaZa
Man, this is so relatable.
I have gotten used to it somewhat, but there still hasn't been an audit contest, where I haven't gotten hyped asf on a finding that eventually turns out to be a false positive 😃.
1
0
4
Potentially exists in one of the currently ongoing contests 😉
🔥 Get a FREE medium severity finding on ANY
@code4rena
or
@sherlockdefi
contest using Chainlink on L2!
This vulnerability stems from the potential for the sequencer to go offline, which could result in outdated and stale oracle data. 🧵
9
27
170
0
0
3
@GiuseppeDeLaZa
@HollaWaldfee100
@0xreentrant
Oh man, German music is where it's at.
My personal favourites are 187 and Capital Bra.
@GiuseppeDeLaZa
you should give them a shot (I suppose
@HollaWaldfee100
already knows about them 😃).
4
0
3