konfushon
@konfushon
Followers
407
Following
3K
Statuses
1K
I stare at smart contracts until they break
Joined May 2020
First time doing this. 2025 goals:- 1. Get paid with every contest participated in focusing on @cantinaxyz as the end goal is to join @SpearbitDAO 2. Participate in bug bounties. 3. 1K Twitter followers? Have to be a web3 security content machine to get here though.
2
0
27
see anon, I told you it happens more frequently than you think. Make sure you check for such in your next engagement.
An interesting code snippet I found in the Liquid Ron contest on @code4rena Have a look at lines 6 and 15 and tell me what you know about prefix and postfix Do you understand exactly how increment and decrement work here?
0
0
1
@kelvinfichter @cantinaxyz has 2 big ones coming (EigenLayer & ethereum pectra upgrade) or you can participate in the many ones currently ongoing. But a gigabrain like you should definitely partake in the 2 big ones said above, because why not!
1
0
5
become as petty as Kendrick Lamar ending his Superbowl performance at the fifty yard line. He actually dropped and gave Drake a 50.
1
0
2
RT @infecteddotfun: we're deploying #Pandemic2025 very soon. 132,000 sign-ups in 48h. they will compete to spread viruses across the chai…
0
460
0
@windhustler but there's beauty to it in how it exposes certain bugs that only appear with that specific setting.
0
0
2
RT @shakoistsLog: Ending a Claude instance that helped you deal with some real shit in your life when the context has become too long and i…
0
389
0
2021 was a very wild time to be alive. Just remembered GameStop and RoaringKitty and not to forget the horrible JPEGS(NFTs) of the time.
0
0
2
petition for @cantinaxyz to make bounty reports public when the report has been resolved(rejected or paid out) just like how Hackerone does it. cc @_hrkrshnn
1
0
14
market your product like the way @PopPunkOnChain shills @g8_keep, the way @_hrkrshnn shills @cantinaxyz and the way @ethereumintern_ shills ethereum.
3
0
10
@_jensec @fransrosen @albinowax @Rhynorater If I can traverse up the response body to overwrite the routerAddress(and other values), I believe it's called a JSON injection.
0
0
2
RT @Cointelegraph: 🚨 JUST IN: Tornado Cash co-founder Alexey Pertsev has been released. “Freedom is priceless, but mine cost a lot. My fi…
0
253
0
@0xaudron @fransrosen @albinowax @Rhynorater Well, I'm glad to tell you that yes, I can traverse up the response to rewrite the routerAddress and no kind of validation is done. In fact, when the smart contract gets this from the API, it just `abi.decode()`'s it.
0
0
2
@_jensec @fransrosen @albinowax @Rhynorater If I can traverse up the response body to overwrite the routerAddress(and other values), I believe it's called a JSON injection.
0
0
1
@ktaddeyy you're just saying what I'm saying in different wording. If the routerAddress is changed to one you control (a contract you deployed) then you decide how those trades move.
0
0
0