vnmrtz.eth
@vn_martinez_
Followers
1,480
Following
318
Media
75
Statuses
1,428
co-founder @EnigmadarkLabs | whitehat | invariants guy | saved $33M+ live TVL at risk
Ethereum
Joined July 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Into the Depth with YUTA
• 40114 Tweets
TEN FIREWORK IT
• 36660 Tweets
ORM BKK INTER CATWALK
• 33748 Tweets
#素のまんま
• 28647 Tweets
JACK AND JOKER FLEXTALK
• 19597 Tweets
SB19 LIVE
• 18548 Tweets
タリーズ
• 18161 Tweets
True Way Of Worship
• 16239 Tweets
紫耀くん
• 15525 Tweets
Mauritius
• 13187 Tweets
マックス
• 12172 Tweets
Chagos Islands
• 11411 Tweets
コータロー
• 11298 Tweets
OHMLENG HAPPINESS FAIR
• 11046 Tweets
イグナイター
• 10860 Tweets
チカッパ
• 10730 Tweets
Pinned Tweet
“the auditor that found it” is me 🫡, while working in the Solidified team
Funds are safu anon, zero day is no more
When forking RAI into HAI, design changes were carefully discussed with
@reflexerfinance
experts, ensuring that there were strong reasons to change any line of code.
When an auditor (
@SolidifiedHQ
) pointed at an old flawed requirement, we realized what the bigger issue was: RAI
1
2
19
9
3
84
Created a Foundry (PoC) template to easily fork any EVM chain, saving you from spending 15 minutes setting up a new project whenever you need to test for possible vulnerabilities in mainnet.
8
13
121
Just published a deep dive into extreme EVM Bit Masking with a practical example, reject abstraction anon embrace assembly
5
22
103
I got mentioned in the Certora proposal on AAVE for finding a High Severity Vulnerability on the Aave v3 token, was great contributing to the security of the protocol!
11
6
63
Thrilled to announce that I have partnered with
@eulerfinance
in developing a fuzzing test suite specifically for the protocol vaults.
This shows Euler's commitment to adopting innovative approaches to security.
I will publish details about the suite and properties tested soon
Been working closely with some really interesting projects implementing invariant test suites for their codebases.
I will probably start releasing a series of articles going into details and issues found as soon as reports can be made public. Ready for the edge case bugs, anon?
4
2
38
6
8
64
Recently got a “it’s not a bug, we can upgrade the contracts and fix it” response from a protocol.
Why bug bounty program then???
20
1
63
Ever wanted to check that multiple variables are 0 in a function?
Reject shortcutting, embrace bitwise OR clauses, anon
17-31 GAS savings on across all truth table states
4
3
62
I wrote this cheat sheet for whitehats/devs on how the Celer cBridge works, terminology, some questions, and focus areas that caught my attention. Check out this thread for a quick overview!
6
10
58
Today we finally unveil
@EnigmadarkLabs
!!
An elite group of researchers, led by
@0xWeisss
and I. Each an absolute specialist in a different niche skill, with a mission to establish a new way of doing security in the space.
Check out the launch thread and the official article:
𝗨𝗻𝘃𝗲𝗶𝗹𝗶𝗻𝗴 𝗘𝗻𝗶𝗴𝗺𝗮 𝗗𝗮𝗿𝗸
“Perfection is not attainable, but if we chase perfection we can catch excellence.” – Vince Lombardi
Enigma Dark is an elite group of security researchers where everyone is an absolute specialist in a different niche skill
1/ Read more:
5
3
40
7
4
62
Just published a write-up of the bug I discovered in the RAI stablecoin, that was introduced by a huge auditing firm after an audit
-sometimes even auditors can introduce vulns anon
8
13
62
I have published the repo of the talk "Mastering fuzzing" I did a few weeks ago for
@calyptus_web3
It provides several practical examples of fuzzing using both Echidna & Foundry, two popular property based testing tools
1
12
54
Just noticed that my "tips to master fuzzing" talk is the most viewed one of the TrustX 2023. Looks like a good chunk of auditors and devs are getting into it.
A lot more fuzzing alpha ready for 2024
3
6
50
The recording of the talk I gave about "Fuzzing Euler v2" is now published on YouTube
If you are participating on the contest you cannot miss it, anon
1
7
46
seems fuzzing is the new buzzword, pls learn about it before writing a million articles and x threads on how to win 100k a month with it, we DO NOT need more misinformation
3
1
39
Been working closely with some really interesting projects implementing invariant test suites for their codebases.
I will probably start releasing a series of articles going into details and issues found as soon as reports can be made public. Ready for the edge case bugs, anon?
4
2
38
I wrote a tool that lists contract selectors to save you the pain of entering function signatures individually in `cast sig`
5
3
37
In case you missed it, you can watch the talk
"Tips to master fuzzing" that I gave on
@TheTrustX
at devconnect, on Youtube:
1
6
35
Recently found a live bug introduced by a huge auditing company after an audit that has been years living on the chain unnoticed
will try to do a write up as soon as it gets sorted out
5
0
34
You can improve assembly block readability with Yul functions, and use them multiple times inside the same block
This enables various use cases, such as having ternary branchless "operators" inside Yul blocks.
3
2
34
I feel like the space could benefit from better testing techniques, specially good integration testing.
Yes, fuzzing is great for finding rare bugs, but integration tests are key for eliminating low hanging fruit.
Speaking as someone who stares at echidna call traces all day
1
2
33
Hot take, why is someone who got into sc security two months ago making an auditor roadmap and selling courses?
11
0
34
Gave a talk on
@opensensepw
about low level evm code and vulnerabilities.
Don’t miss it🫡
Don’t miss this amazing talk by
@vn_martinez_
on EVM low-level vulnerabilities! 🔥 Learn how to write, debug, and test low-level code in Yul, Fuzzing, Bit safety, Memory Constraints. Discover the common bugs and pitfalls that can compromise your Yul code. Find out how to use
3
18
88
1
7
31
Excited to share that I been collaborating with the team at
@tapioca_dao
to build an invariant suite for their protocol as the final step before the deployment!
It’s a pleasure for me be able to contribute and provide value to such based teams
Many said it would be impossible, but we did it, with a LOT of help:
@0xWeisss
who became our in-house security engineer and immediately put us on the right path- one of the best guys I’ve ever met in this space: passionate, hardworking, and extremely knowledgeable.
@0xriptide
3
2
29
3
2
33
Been accepted to
@yAcademyDAO
zk auditing fellowship!
Block 5 was great, looking forward to this one 😎
Acceptance emails to the ZK Auditing Fellowship started going out. A few more tomorrow.
Please read the acceptance offer carefully .. there are time sensitive items because the Fellowship kicks off Monday 22nd.
1
3
23
5
1
32
One great aspect of invariant testing engagements is that once you fix a bug, the fuzzer verifies the fix against the same properties.
This means the fix review efforts are backed up by the fuzzer, unlike in normal audits where fixes can be overlooked or less carefully reviewed
3
3
32
broken invariant after a gazillion runs and u still limit your calls to 50k, ngmi anon
7
1
31
I can announce that Ive been accepted on
@yAcademyDAO
‘s block 5 fellowship 🫡
Most of the Block 5 fellowship acceptance emails have been sent out 🖅👀
But the rejection emails have not been sent yet, because it's possible a few slots for the block may still be available. The suspense...
14
1
45
9
0
31
I will give a talk about fuzzing and invariant testing at
@TheTrustX
See u in Istanbul anon 🤝
🎉
#TrustX2023
Speaker: Víctor Martínez
🎙️ Víctor Martínez
@vn_martinez_
, EVM & Security Researcher,
@TuringCons
@SecurityOak
will speak about "Tips to master fuzzing"
0
1
8
2
0
29
I will be giving a talk/workshop about the invariant testing campaign of the Euler vaults at the event, don’t miss it!!
Introducing the first-ever Spearbit HackerHouse with
@eulerfinance
&
@CertoraInc
.
This is the highest EV Web3 security event in history with $1.25M on the line at
@cantinaxyz
.
Full access to Euler's team. All meals provided. No costs. Just show up. Seats Limited.
RSVP Below:
11
16
80
2
1
30
The real constant product:
bullshit marketing * auditing skills = 1
0
1
27
I did a talk yesterday about fuzzing smart contracts on
@calyptus_web3
If you are a dev or a security guy that wants to know how to approach fuzz testing for your protocol check it out here!
0
7
27
It’s talk season,
Next week we will be hosting a defi security related talk in Andorra. With the help of top sec researchers and the Chainlink community
Thrilled to announce that on May 29th, we'll be hosting the 2nd
#Chainlink
community meetup in Andorra. We'll discuss DeFi risk mitigation strategies with top cybersecurity experts and smart contract auditors.
Looking forward to an insightful event!
➡️
4
23
67
2
2
25
That’s it that’s the tweet
4
4
25
Had a great time discussing testing and invariants best practices on
@tapioca_dao
‘s 100th TapTalks episode. Big thanks to
@twMattt
for having me on the show!
It's a century of TapTalks and today rightly featured some Tapioca famous names like
@0xRektora
and
@vn_martinez_
🤗
1
1
3
1
2
24
I will be talking about evk invariants live here in 30min:
Resources for the workshop:
I will be giving a talk/workshop about the invariant testing campaign of the Euler vaults at the event, don’t miss it!!
2
1
30
0
5
24
Always a pleasure to review assembly and OSS projects
Shout out to
@optimizoor
for trusting us!
Blog post coming soon on the improvement
@0xadrii
& I recommended to the ERC6551, anon
Thank you
@vn_martinez_
and
@0xadrii
for looking through Asterix staking contracts!
They also found some very good improvement which was added to the ERC-6551 reference implementation.
7
6
65
2
1
24
This was a blast!
I'm glad to have had the opportunity to talk about the fuzzing suites I built for
@eulerfinance
and to meet so many great devs and researchers IRL!
Thanks to the
@SpearbitDAO
team for organising such a great event, looking forward to the next one.
At the very beginning of the $1.25M
@eulerfinance
competition at
@cantinaxyz
, we hosted our very first Hacker House in Berlin, Germany.
A full-day of hacking away at the codebase live alongside the Euler protocol team and some of the best security researchers in the industry.
1
3
58
2
0
23
We just released the report of the invariant testing engagement we did for Euler v2. We found some cool edge case issues showing the importance of integrating novel security practices to any protocol's security pipeline.
Reach out to book an invariant testing engagement with us.
We have just published our Invariant Testing Engagement report for Euler's v2 EVK. We uncovered some highly interesting issues, edge cases, and checked over 55 invariants.
Read the report here:
1
7
39
0
1
23
Will cover some known low level vulns, compiler bugs, and errors when writing assembly code.
See u on Wednesday anon!
Discover how to detect and prevent low-level vulnerabilities in smart contracts with
@vn_martinez_
, Learn about the techniques he uses to find and exploit different attack vectors.
Join
@opensensepw
to watch
Wednesday 01 of November, 16:00 UTC
1
3
33
3
3
23
Nothing worse than an over-engineered protocol, the goal should be to keep things as simple as possible, not to flex your solidity skills.
>The engineer problem, trying to solve problems that don’t even exist. Sometimes you just need to zoom out and see the bigger picture.
3
1
22
Let’s talk about hyper-optimizing smart contracts, saw some guys one this platform do something similar, so now that I'm an optimizoor I had to hyper-optimize the PaymentSplitter contract by openzeppelin
a thread :|
2
3
21
conclusion: writing handlers and improving coverage is a pain in the *ss, and foundry not being coverage guided makes it a lot worse than the other two fuzzers
PD: medusa getting better by the hour
1
1
21
how it started vs how is it going:
One of the worst rabbit holes I've ever dived into, I s*ck at Haskell
4
0
19
Expect quite a few more articles soon
1
0
18
Until we have some kind of universal testing framework, take inspiration from some of the best test suites out there. Learning from the best is underrated:
- Sablier
- Euler v2
3
4
17
Back in November I said "Medusa is not production ready".
Sad to say this is still the case, even though it is a few orders of magnitude faster than echidna (in terms of calls/s) it misses bugs.
TLDR; do not use medusa on its own.
3
0
17
@1_00_proof
@0xOwenThurm
@CyfrinAudits
This is common sense actually, foundry input generation is random. You just played with probability
>Any symbolic execution tool would catch this easy
For this cases, such as math libraries, we use halmos (takes 40ms for the tool to find a counter example)
2
2
17
Who are the best independent quant researchers in defi?
Asking for a friend
3
2
17
I been saying this for too long, biasing your testing handlers is the worst thing you can do, at that point just write unit tests smh
Pls "let the fuzzer fuzz", almost every invariant testing suite I see is full of bias in the handlers.
Simple theory right?
Price moved more than 5% in the exploit.
Price moved less than 5% in the tests.
I have a feeling we're onto something here. 🤔
1
0
24
2
2
17
For those wondering this technique is called equivalence testing, halmos-solady by zach obront is a great example of how to use it
Remember to check for reverts tho (since halmos will skip those) either using try catch statements or raw calls, anon
Formal Verification is the process of mathematically proving exactly one property of your system holds.
A property like:
"My gas-optimized huff code gives the exact same output as my solidity code"
This is known as an "equivalence check"
With this knowledge, what can you do?
2
2
14
1
1
16
Im going to start making more tweets about assembly and security.
Lmk what topics do you want to know more about, bit masking, accessing nested memory/call data structs with Yul, memory safety…
1
0
14
One more achievement in smart contract security!
First high severity bug I've found
2
0
15
Most important thing on this space, be kind to everyone
Second most important thing write good tests using a proper technique
0
1
16
It was a pleasure working on this large codebase with such a skilled team. We identified key issues and suggested improvements for their testing suite.
Many thanks to the
@juiceboxETH
team, especially to
@me_jango
&
@0xBA5ED
for trusting Enigma Dark to secure their new codebase
We have just published our Security Review Report for
@juiceboxETH
's v4. A huge codebase with many integrations, we uncovered several intricate issues and concerns.
Read the report here:
0
1
10
1
1
16
"top tier security firm"
0
0
15
Catch two of our Lead Security Researchers
@vn_martinez_
&
@0xadrii
at the, "Web3 Security: Mitigating Smart Contract Risks in Defi" panel at the
@chainlink
Community Meetup in Andorra
For more details:
0
4
18
1
0
13
This raises the question, how safe is it to rely on just one price/oracle?
Earlier today, Chainlink wstETH/ETH price feed on Arbitrum reported an inaccurate value, resulting in the liquidation of 5 positions.
Our friends at Chainlink are on it.
No bad debt accrued, Silo is performing as usual ✅
🧵
26
39
169
4
0
14
🫡🫡
If you want to get as much alpha as possible about
@eulerfinance
fuzzing suite (and fuzzing/invariants in general), do check
@vn_martinez_
from
@EnigmadarkLabs
code walkthrough.
Watch:
4
5
47
1
0
13
Hot take: that protocol probably needs a few more audits, same as a lot of the protocols that did a contest these past months. No way a “mid” that would get 300 dupes in the bear is a solo finding getting 18% of the pot.
Obv I’m not trying to disrespect any of the participants
🥉won $18,274.25 with 1 unique medium: incompatibility with fee-on-transfer & rebasing tokens.
Very basic finding normally with tons of duplicates but with audit demand so high there are less eyes on every contest.
Great time for auditors - if you want it, go get it!
18
3
164
2
0
12
it only takes one "bug-fix" to inject a crit into a protocol
read that again
1
0
12
If you write your invariant handlers similar to how you write unit tests, with a lot of preconditions and hardcoded sequences, you significantly limit the potential branches that the fuzzer could explore (including those sweet edge cases)
let the fuzzer do the hardwork anon
3
1
12
Not many know that one of the most interesting panels at ethcc was at the side event hosted by Spark
Fully recommend watching the recording when it’s released
3
1
11
Some one do one of these for defi pls
2
0
12
I'm trying so hard not to get into the rabbit hole of making my own fuzzing tool
1
0
12
Write up is ready, still have to wait a bit to publish it tho
Recently found a live bug introduced by a huge auditing company after an audit that has been years living on the chain unnoticed
will try to do a write up as soon as it gets sorted out
5
0
34
0
2
11
Really useful specially when writing fuzz tests or working with formal verification tools.
An interesting metric to take into account is that your fuzz test is “good” when it catches introduced mutations. Else you should rewrite it.
Mutation testing, or intentionally introducing bugs into your code to check the quality of your tests.
100% coverage does not matter if your tests are not properly designed to catch bugs. Top article by
@RareSkills_io
🫶
Test your code properly, anon🫡
3
11
58
1
2
11
Lol, just noticed im 6th on the leaderboard despite not participating on the formal verification contests for almost a year
Kudos to everyone on it, we def need more researchers focused on invariants!
@CertoraInc
contests are a great way to train your invariant testing skills
Are you on the leaderboard?
Our community audit leaderboard now includes all contests up through the
@ionprotocol
audit 🎉
1
3
17
3
0
11
calling the "multi-screen auditors":
cmd + P
> duplicate as a workspace in new window
thank me later
2
0
11
One great tip for both auditors and developers doing peer reviews is to check for integration and E2E tests.
Whenever you see `vm.mockCall` or mocked contracts double-check the basics—they often hide the most obvious bugs like interface DOS or wrong parameter order.
1
0
8
@windhustler
@0xWeisss
and the 360 security advisory service we offer at
@EnigmadarkLabs
is the proof that this is one of the best decisions you can make as a protocol
1
1
10
I find invariant testing one of the best ways to discover rounding issues in the most unexpected places of a codebase
Which type of vulnerability is the most challenging to identify during auditing and the easiest to introduce during development?
0
1
3
0
0
10
Is not web2sec vs web3sec
It is financial-web2sec vs web3sec
Web3 sec is expensive because 99% is money related ppl seem to forget that
Just check money spent by banks and financial institutions on security you will change your mind anon
3
2
10
This PoC template generator by
@deliriusz_eth
is by far the best one I’ve ever used
If you do bug hunting u have to check it out, game changing!
0
0
9
If you want to implement an invariant suite for your protocol and uncover hidden edge case bugs, feel free to reach out!
0
3
9
Nothing like finding a crit that’s out of scope on a Sunday morning
1
0
9