Olivia
Online
ICON0X
@0xIconoke
Security Researcher || DM for private
Joined March 2025
435 Following
196 Followers
384 Posts
Pinned Tweet
Security update 🚨
Completed a private Solana audit for CONI Wallet and the results are a reminder of why audits matter:
• 1 Critical vulnerability
• 2 Medium issues
• 6 Low-risk findings
Every bug caught before deployment is a win. The critical issue is already being addressed, and we’re working closely with the team to strengthen the overall security posture.
Now looking to partner with more builders who take security seriously.
Need a smart contract audit or security consultation?
Reach out on Telegram 📩 https://t.co/N9dyFiHLFQ
Build fast but secure it faster.
@pashov is landing private audit requests like clockwork.
The question isn't "How do I get more leads?"
It's: "What lead magnet is creating this much demand?"
The fastest way to get clients isn't chasing them. It's becoming impossible to ignore.
P.S. @cvetanovv0, if capacity is the bottleneck, @Icon0x is a solid auditor who can help absorb the overflow.
@Pelz_Dev We’re fried 🤤😅
@thatboivikky We’re all working toward making this space safer 🤝
Security update 🚨
Completed a private Solana audit for CONI Wallet and the results are a reminder of why audits matter:
• 1 Critical vulnerability
• 2 Medium issues
• 6 Low-risk findings
Every bug caught before deployment is a win. The critical issue is already being addressed, and we’re working closely with the team to strengthen the overall security posture.
Now looking to partner with more builders who take security seriously.
Need a smart contract audit or security consultation?
Reach out on Telegram 📩 https://t.co/N9dyFiHLFQ
Build fast but secure it faster.
Last month, I completed a private security audit for a project, and the sponsor was highly satisfied with the results.😊
This month, I’ve been reaching out to more project founders, encouraging them to take security seriously and protect their users, assets, and reputation. While some founders have responded positively, others are still skeptical about investing in security early.
The truth is security is not optional in Web3. It is a necessity.
Many projects only realize its importance after an exploit or loss, and by then, the damage is already done (e.g. @hyperbridge)
Big respect to the founders who are proactive about securing their projects before problems arise. Prevention will always cost less than recovery.
Let’s spread awareness so more founders understand the importance of smart contract and project security. Retweet and share this with builders in the space.
If you want to improve the security of your project, my DMs are open.
Security update 🚨
Completed a private Solana audit for CONI Wallet and the results are a reminder of why audits matter:
• 1 Critical vulnerability
• 2 Medium issues
• 6 Low-risk findings
Every bug caught before deployment is a win. The critical issue is already being addressed, and we’re working closely with the team to strengthen the overall security posture.
Now looking to partner with more builders who take security seriously.
Need a smart contract audit or security consultation?
Reach out on Telegram 📩 https://t.co/N9dyFiHLFQ
Build fast but secure it faster.
@cocoahomology Pls, check dm.
@CramptonBuilt Love what you're building with Farside 🔥 Could you open DMs Thomas, slid in something that could be really valuable for the project's security
Imagine! If this same issue was found in a public contest, they would probably mark it as invalid.
I submitted a bug on Base Azul with my hard-earned $20. The issue was pretty obvious, and even the Immunefi triager escalated it, but the sponsor said it was “intended behavior.”
So users gaming the system is now intended behavior? 😂
I just left it because I didn’t have the $75 needed to escalate the issue further.
It’s concerning the issue private audits validate as Highs and Mediums, whereas in public contests, they wouldn’t even make it to informational findings. They are just plain invalid findings.
What do you mean by:
“Note: the vulnerability is not currently exploitable under the assumption of standard ERC20 tokens (no ERC777/transfer hooks), but would become actively exploitable if tokens with callbacks or an alternative vault implementation were introduced.”
And you called this a valid Medium vulnerability!
I think we need to go back to 2020/2021, where issues like this were considered valid criticals and were handsomely paid for 😂
Some private audit firms need to do better. We expect more from you guys. Pls, I’m begging 🙏
@0xMax2557 The standards be shifting depending on the room 😂
@totdking True, but severity should still match the current context and sponsor assumptions.
@Huntoor Glad someone gets it 😂🤝
That’s true. But my problem is these same rules rarely apply in public contests.
In public contests, if an issue depends on future assumptions that don’t even align with the context or constraints provided by sponsors, it usually gets marked as informational or invalid.
But in some private audits, the same type of issue suddenly becomes a valid Medium.
So why is the severity changing depending on the setting?
@asen_sec How? If the work is right, and the people who value it never see it.
I think it’s important to optimize for both, to become undeniable.
@WhiteHatMage You're a legend✨. Everyone wants to tap from your anointing🤗
Ethereum needs more security engineers.
Attackers are scaling faster than defenders, and the pipeline of qualified researchers is too small.
Guild Academy is building that pipeline — 5 cohorts in.
We're in @thedaofund 500 ETH Ethereum Security round on @Giveth, and it uses Quadratic Funding.
That means $1 from 100 donors > $100 from 1 donor. Your small donation unlocks much more from the matching pool.
If our work matters to you, even $1 helps.👇
🔗 https://t.co/NnYhz98uZz
Out of 1009 researchers in a @Sherlock audit contest…
I came 12th.
Top 1%.
Proof that the reps are working.
Open for private audits. Let’s secure your contracts before attackers try.
Last Seen Users on Sotwe
osmaniye ifşa
Seen from Turkey
türk gay bulge
Seen from Turkey
Syasya Laura
Seen from Singapore
Whatsapp Antillaise
Seen from France
...
Seen from Turkey
Kucing Cipondoh
Seen from Canada
Lu ♡
Seen from Argentina
dep va dam 😋
Seen from Vietnam
Tante dolly
Seen from Indonesia
Xasset1(Olgun hatun seven)
Seen from Canada
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers