Ilchovski
@ilchovski98
Followers
1,025
Following
276
Media
81
Statuses
1,421
Security Researcher 🥷 Providing high-quality smart contract security reviews 🤝 SR @0xPaladinSec
Portfolio 👉
Joined November 2015
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Adalet
• 192561 Tweets
Linkin Park
• 188537 Tweets
Gazze
• 117684 Tweets
Engin Polat
• 113053 Tweets
ベイマックス
• 102148 Tweets
Chester
• 96814 Tweets
雇用統計
• 37124 Tweets
Game Day
• 36623 Tweets
大阪府警
• 35838 Tweets
NANON LETSGO NYFW
• 35768 Tweets
エイリアン
• 33655 Tweets
#サクサクヒムヒム
• 31946 Tweets
#ساعه_استجابه
• 30476 Tweets
金メダル
• 29204 Tweets
#浦島坂田船11周年
• 22857 Tweets
#DAY6_9th_Page
• 22276 Tweets
KIDNAP CHAPTER ONE
• 21550 Tweets
Franco Escamilla
• 20680 Tweets
HAPPY BIRTHDAY TANNIE
• 20408 Tweets
#데이식스_청춘의_9번째_페이지
• 13850 Tweets
おぱんちゅうさぎ
• 11552 Tweets
ロムルス
• 11407 Tweets
Pinned Tweet
I just got 1st place in a
@code4rena
competition! 🥇
🏆 This got me to 28th place on the 90-day leaderboard
Extremely happy with the result! More is coming very soon 💯
Thank you
@THORChain
for the opportunity to secure your protocol 🫡
35
8
264
A month ago I quit my job as a blockchain dev to become a security researcher full time 🥷
Today I managed to get 10th place in the DittoETH contest and get my first 4 figures reward!
I would like to thank
@pashovkrum
for his great initiative of supporting the community by
21
4
142
Excited to be joining
@0xPaladinSec
as a security researcher! 🥷
It is a pleasure to be working side by side with one of the best in the industry! 🫡
18
0
109
Managed to secure 9th place in the
@RenzoProtocol
@code4rena
contest with 4 highs and 4 mediums!🥷
This catapulted me in the 90-day leaderboard to
#81
place! 🏆
Auditing Renzo was very pleasant and exciting for me as it was my first time exploring an
@eigenlayer
integration 🫡
12
6
94
Web3 security contests ALPHA 🚨
If you want to have fewer duplicates of your issues just don't share them in the discord channel of the competition where all wardens can see them 🤯
Follow me for more web3 security advice 😂
6
3
86
July 2024 - $5,000,000 in contests
If you want to:
🤑 make serious cash
🔨 build your reputation
🥷 start a career in web3 security
make sure you give your all during the following 30 days!
Thats your shot, it is time to double down!
Future looks bright 🤩
5
5
79
Understand Eigen Layer & Renzo in under 5 minutes!🧵
Like & Retweet! ✅
3
13
74
New goal: beat just one of the reserved auditors for the MakerDAO $1.35M contest
9
4
53
Being financially stable is waiting for the results of 3-4 contests you have done to come out 😅
3
0
52
Currently, I have a free time slot between contests and I would like to provide a security review to one protocol free of charge.
If you need a security service or know somebody that needs one DM.
I would be happy to give as much value as possible 🫡
3
6
39
I see many codebases still using unchecked { i++ } gas optimization inside a for loop.
You no longer need to do it as of solidity 0.8.22
2
3
36
You do a competitive audit and you don't know where to start? Make sure you do these:
- Join the contest discord channel. There you can ask questions regarding the codebase and see questions and answers that other people are talking about.
- Run Solidity Metrics in VScode on
5
6
36
Improve your auditing by analysing your results from contests 📊
Write down the titles and the duplicate count of the issues you found and separately do the same for the issues you missed ✍️
What does the data show you? Do you submit mainly highly duplicated findings? Or do
2
6
34
Worked hard on an audit...
my head was about to explode...
went on a walk for 30 min...
found 2 issues while walking and playing the code inside my head 🤓
Note to self: take breaks
2
1
31
Some auditors have very deep niche knowledge and outperform hundreds of auditors in contests.
Protocols could make a pretty sweet deal if they manage to secure a private engagement with them. Quality over quantity.
I don't have anyone in particular in mind 🤫
@EgisSec
👀
2
2
31
There is no way you can't improve if you do this with all your missed findings
3
1
29
Whenever you see token.transferFrom(from... and from is not msg.sender there is a high chance you found a bug
1
2
27
Mentality is everything.
How you look at things can alter your performance so much.
Coming from a place of curiosity, abundance and competing with yourself instead of with others can make your journey so much enjoyable and efficient.
1
3
27
Always write down your attack ideas during an audit and go through them.
Otherwise you risk to end up like me while sitting on a bench in the park 2 days after the contest’s end to remember an issue with the codebase
1
0
25
If you get past the boring phase during the last days of an audit you can find crazy amount of findings.
Looks like a trend with me 💪
4
0
20
🧑💻 Here is the progress I made on my web3 journey so far:
• managed to secure a position as a web3 developer ✅
• went through ton of materials such as the book mastering ethereum, multiple smart contract programer’s playlists, the inner workings of the EVM, multiple
2
1
17
This aged well.
Expecting the contest platform to sanction in some way the people who do such a thing.
Web3 security contests ALPHA 🚨
If you want to have fewer duplicates of your issues just don't share them in the discord channel of the competition where all wardens can see them 🤯
Follow me for more web3 security advice 😂
6
3
86
2
0
19
If you do contests make sure to read the Q&A section very carefully.
You can come up with some unique findings based on the info there or improve your valid findings ratio by not submitting that much invalid issues.
1
1
18
If you hit a plateau in the thing you do, it might be time to change things up. Experiment with new approaches, explore new ideas and talk to more people.
You can't expect to get a different result if you do what you have always done✌️
1
0
19
Team audits provide a ton of value 💯more experts looking at your code is always better than one expert
BUT
Solo auditors have their place and are a perfect fit for:
👉 protocols with little to no external funding
👉 small codebases
👉 in-house security
👉 niche expertise
1
0
18
Integrating
@Uniswap
swaps in smart contracts during the day at my dev job and going through the Tswap section of the
@CyfrinUpdraft
course at night 😈
This is going to be a good combo 😏
2
2
15
Rebasing token issues are simple and yet not reported that much in the competitive audits I participated in.
If the protocol says that they are included it is worth to check if they are handled correctly.
1
0
16
If the same 200k contest is running on multiple competitive audit platforms where would you compete?
Code4rena
179
Sherlock
37
Cantina
57
Hats Finance
18
7
1
15
Just finished Part 1 from
@CyfrinUpdraft
!🥳
I must say that
@PatrickAlphaC
and his team do an amazing job leveling up the skills of the web3 security community!🫡
All concepts were clearly explained, up to the point, with practical tips regarding audit processes, common attacks
3
0
14
Looks like negotiation skills apart from the technical ones are very valuable in web3 security.
A unique high-severity vulnerability that paid 17k was first considered out of scope, only to be considered valid after numerous discussions.
Whether it is bug bounties, private
2
0
12
Have you tried console logging bytes/bytes32 value in Foundry only to get an error?
Use console.logBytes() / console.logBytes32()
2
0
13
One of the smartest things you can do as a dev is to go through the parts of the
@SoloditOfficial
checklist that are relevant to you.
This will save you from many hacks (yes, really) and prevent low-hanging fruit findings.
Solodit
Solodit is a platform that aggregates all findings from popular audit platforms.
solodit.xyz
1
0
13
Consistently putting highly focused hours of work is what everybody who wants to master a craft must strive for.
FOMO, dopamine spikes, bursts of outrages focused hours followed by lack of sleep and drop in performance and consistency, lack of confidence, focusing on others
2
0
12
Assumptions in web3 development or auditing are very dangerous.
Instead you should always verify!
1
0
12
🚨🚨🚨
Just so you guys know, some people are sending DMs looking for consultations or offering gigs for their project but then they want you to download their application, install it on your machine and you will be prompted to input your password to make a “system update”.
4
3
12
@zanderbyte
I also think that by focusing on one contest you can maximise your learning. Wishing you luck and we all wait for the 1st place tweet! 👊
1
0
12
Visited Defillama's hacks section expecting novel bugs, but found protocols losing millions due to basic mistakes.
Teams are overwriting storage variables with contract upgrades or failing to batch multi-sig transactions, leading to "known compound v2 donation attacks".
Why?
0
0
12
In the context of EIP712 do you know:
- When to use encode vs encodePacked?
- How to handle arrays or nested structs?
- Which types are atomic / dynamic / reference and how each type must be properly handled?
Recently discovered such issues in contests so I decided to drop the
0
2
12
Why in the last 30 days protocols lost 70M and what you can do about it?
The reasons for this include:
- trusted role making a mistake during deployment
- 3 X trusted role’s private keys got compromised
- contract updates - introducing a new storage variable that overwrote an
0
1
11
18/18 Thank you for coming so far. If you found this valuable please like and retweet! 💪
1
0
11
1
1
11
This is what happens when preparation meets opportunity. I love it
Awards have been announced for the $1.1m USDC
@zksync
Era audit 🎉 🎉
Top 5:
🥇 xuwinnie - $502,041.99 USDC
🥈 ChainLight - $157,696.85 USDC
🥉 Audittens - $140,480.81 USDC
🏅 minhtrng - $38,573.19 USDC
🏅 erebus - $25,342.88 USDC
Read more at:
26
45
399
0
0
10
Magic numbers 👀
Growing fast 💨 Big announcement coming soon! Keep your eyes open
@The_Meta_Portal
#themetaportal
#NFTProject
0
2
9
Just wanted to share that going to the gym frequently 💪 + running for 15-20 minutes after the workout 🏃♂️ while listening to web3 security interviews 🎧 with different people in the security space was and continues to be extremely beneficial to me.
Fits perfectly into the
1
0
9
I’ve been studying the whole weekend, preparing to join my 3rd contest for the month. There are so many opportunities in this space, I love it!
I feel January is going to be a very successful month for many people in the space 🚀
1
0
9
I have been auditing more and more cross-chain protocols lately.
Looks like this is one of the main directions where innovation is happening in the industry and investing some time exploring recent innovations could be a good ROI.
2
0
9
Time to teleport into the
#Metaverse
🧑🚀
Meta Portal:
Coming soon!
@The_Meta_Portal
#NFTLAUNCH
#gamingcrypto
#NFTGame
#NFTGiveaways
#metaverses
0
1
8
@pashovkrum
Results will be the solid proof of your experience + marketing skills to spread the word about it
0
0
9
Honestly, the kindest, supper dapper Dino familia goes to
@DapperDinoNFT
!
Big things happening right now! Check them out!
$WTF, it is about to explode 🚀🧑🚀🚀
1
1
8
You want to be a part of something special in the NFT space? Come join us!
@DapperDinoNFT
#SaveTheDinos
0
0
7
@pashovkrum
The industry have improved since then in orders of magnitude. The quality of audits and security researcher expertise have skyrocketed. Still it was great financial opportunity for wardens back then. Felling bad that I missed this money printing period 😂
0
0
7
@The_Meta_Portal
Roadmap! 2 days until mint 🔥 Dropping a mini game with extra hardcore levels tomorrow on the website.
The first person to complete it gets free NFT and the first 50 will get WL spot! 🚀
Wait for the announcement in discord 👀
0
1
6
$1.3M contest? Are you still wondering whether to become a security researcher?
Immunefi is excited to announce that we've joined forces with
@fuel_network
to launch the $1.3M Attackathon - the largest competition series in history!
🎯 The Fuel Attackathon Education Period Starts on June 3rd
🎯 The Fuel Attackathon Hunting Period Starts on June 17th
Learn
21
50
457
0
0
7
If you are not sure how lending & borrowing protocols work, I recommend the beginner-friendly video made by
@eattheblocks
to get your foot in the door.
1
0
7
Shill me a web3 related article or resource that impressed you recently 🤓
5
0
7
@0x_jp_86
If we have contract A that accepts deposits and Alice wants to transfer her 100 USDC, she will approve contract A for 100 USDC before making the deposit.
After that, an attacker could make a deposit (before her) by using Alice's tokens If contract A allows the use of arbitrary
0
0
5
🫡
I followed the advice from
@ilchovski98
to ask myself as many questions as possible and realized that the protocol interacts with Uniswap V3 on a low level.
And guess what? I haven't dived deep into Uniswap V3.
So, I started watching
@ProgrammerSmart
's playlist and coding along
0
0
5
1
1
6
@eminabec_NFT
@Sharpp
@Mel__Scott
@TheRealDJDrizzy
@lazerow
@ilrockya
@linyuanhui
@AmarKadic
@thoreo_nfts
@GoTrillaGorilla
@matttombs
@DayTheCEO
@Hayzie
@vak0v_
@emweitz
@andreouam
@thatloftis
@NFTprospector_
Thank you so much for counting me in <3
0
0
6
@DapperDinoNFT
@dapperdino
@JoelEmbiid
This project is about to get huge once it delivers the breeding and the fossil.
#SaveTheDinos
0
0
5
@preslavsec
Go through all the findings you have missed in a contest you participated in. For each create your summary of the finding and write the reason why you missed it. This way you will learn a ton and you will be building intuition for next time.
0
0
5
@MartinMarchev
@code4rena
@THORChain
Thank you Martin, just learning from the best 🫵!
It is definitely a breath of fresh air since I started doing it full time.
This month will be very busy for sure and I can’t wait to post the results from it!
0
0
5
Wow! Incoming C4 changes!
Can’t wait to compete based on the new incentives 🕵️♂️
0
0
5
2/18 Ethereum Proof of Stake algorithm requires each validator to lock 32 ETH to be able to participate in securing the network.
By validating the network the validator earns rewards. If it acts maliciously, the validator is penalized and risks losing all his deposited ETH.
1
0
4
Does anybody know an NFT project where people can group up as in a guild and compete against other guilds within their community? Wondering if
@The_Meta_Portal
is the only one with that idea...
0
2
5
By participating in contests you can easily identify where you have gaps in knowledge, take a step back, do your research and more forward.
This way learning is not passive and you retain information a lot better when you put into practice the new concept you just grasped.
0
0
5
Guys when you are searching for an NFT project what are you looking for? What you would like it to have the most?
#savethedinos
@nft_crap
@eminabec_NFT
@HedgehogSavely
@NFT_ChrisC
2
2
4
When you get an audit pay attention to the incentives!
❓Are auditors well incentivized to find as much bugs as possible
❓Is the audit pay per vulnerability
❓Are auditors competing with each other
❓Is the security company new and the founders are hungry to prove themselves?
1
0
5
6/18 Ethereum security is unmatched.
This is good until you have a brilliant new idea/service that has a decentralization aspect and you need to create a brand new network of validators, incentives, and capital to secure it.
1
0
4
@cc20__
@DapperDinoNFT
100% agree. We have one strong community and the soon things will get very interesting 🦖
0
0
5
@sirajraval
Siraj, I like you but very often you do things like these. Be real, it’s ok to be you and take your time. It is a marathon not a sprint. I believe in you and you should too!
1
0
5
Pretty good advice for dealing with codebases.
I think that it would be very beneficial for junior auditors to hear what senior ones have to say.
Personally I am curious to know what are
@zachobront
and
@0xDjangoOnChain
2 cents on this 👀
Got a pretty cool question about dealing with big codebases
Here's my reply
5
9
107
0
0
4
Grinding through the initial months 💪🏼
I realized there were some distinct phases in my auditing journey:
1) Month 0-1:
Learned basics, started doing contests but desperately failed
2) Month 2-3:
Good contest results coming in but still lacking a lot of Web3 specific knowledge
3) Month 4-6:
Learned specifically
14
18
165
1
0
5
9/18 Developers with brilliant ideas💡 that need validators to secure their system go to Eigen Layer and say (proposing AVS - Actively Validated Services):
Dear Validators,
Secure my network by running my software on your machine.
Act according to these rules and you will
1
0
4
@xb0g0
@SoloditOfficial
I would pay close attention to hash... This guy has something going on 🔥
1
0
4
@santipu_
On the other hand, I was amazed at what findings got validated (unique) by just having a 3rd party admin of a protocol the code integrates with marked as Restricted.
1
0
2
@dethSCA
@EgisSec
@sophon
@sherlockdefi
You guys should rename EgisSec to Unstoppable Security. Great work! The pace is insane!
1
0
4
3/18 Many users do not want the overhead of running a validator node or do not have 32 ETH to participate.
Liquid Staking comes to the rescue.
Protocols like Lido and Rocket Pool run their own validator nodes and allow users to deposit small amounts of ETH for a proportional
1
0
4
@windhustler
I am proud of all the risks I took so far. Still work in progress but whatever happens at the end at least I went to the arena.
1
0
4
7/18 It is very difficult to pull this off because you need to convince people to run your client software and move their capital from mainstream methods such as Ethereum POS to your system for higher rewards.
Effectively competing with Ethereum for security.
1
0
3