Olivia
Online
Cryptor
@Cryptor256
Web3 Security Researcher
ZK Student at @RareSkills_io
Profile:
Joined May 2019
337 Following
1.1K Followers
574 Posts
Pinned Tweet
Wow! I am speechless. Making the top 10 in the UniswapV4 competition was something that I never expected in my wildest dreams. Thanks @cantinaxyz and thanks to the sponsors at @Uniswap for hosting such a great competition!
It's 39 now. This is why I dislike bug bounties. AI + Submission fee have turned them into pay 2 win opportunities.
This is wild this was just posted 1 hour ago, start date was today may 13th and has a deposit fee of 30USD but there is already 17 submissions!.
Who to follow
Tried going back to immunefi for audit competitions. Hoping for a decent result
@Haxatron1 @sujithsomraaj I would too. But SRs see 1 million dollars, and feel that the risk-reward is in their favor. When you add in the mid-context fixes, you can see that spray and pray is still a viable option.
@Haxatron1 @sujithsomraaj This contest doesn't have high PoC requirements. You can have a report escalated and maybe even accepted without a valid working validator test. Otherwise, it would be impossible to put out over 40 reports like some have done
Took a few months, but we finally got some great opportunities; a million dollar contest on immunefi and a 550k contest on Sherlock
The @jump_firedancer Audit Competition is live! ⚡️️
A $1,000,000 scaling reward pool is up for grabs for finding eligible bugs in the Firedancer V1 code
📅 April 9 - May 9 2026
💰 Scaling reward pool of up to $1,000,000
⌨️ Language: C
✅ KYC required
Get hunting: https://t.co/ITAKgX99OI
@0xcastle_chain This is a problem created with public submissions, which would be a distraction, as SRs would be better off focusing on the contest instead of looking at other submissions. And SRs who started "late" will be discouraged by the volume of submissions and not compete
Let’s be real: this is embarrassing. Seeing this and recent Monad C4 drama makes me wonder why this space treats contest players and bug bounty hunters so poorly? They are the last line of defense. Keep this up, and they will either walk away or turn into blackhats.
We should not allow this to become the new norm in security research. This must change.
https://t.co/k1iu8O9rjn
#BugBounty #CryptoSecurity #Web3 #SecurityResearch
@cantinaxyz @MonadOfficvn @monad @bountywriteups @VitalikButerin
@WhiteHatMage Most of them have small scopes and only pay out criticals
@lonelysloth_sec Many of those AI companies do not practice what they preach.
They’ll claim their models can replace jobs, and then you go to their careers page and see 50+ open roles across multiple industries
Great article for learning ZK security. On another note, how am I just now hearing about this $500k bug bounty? Clearly need to do a better job curating my feed. Recommendations for who to follow in the ZK/Audit space?
We found the same Fiat-Shamir bug in six independent zkVMs.
The result: an attacker can bypass the cryptography entirely and prove mathematically impossible statements (like minting $1M out of thin air).
Full breakdown ↓
Added my portfolio to my profile. Some stuff is a work in progress but happy to see my latest result reflected and crossing the 50K mark
The C4 report for Succinct is out. This is a great resource for those learning ZK *Security*. I came in top 5 in this contest, finding the only high finding, but there are plenty of solid Medium finds that I unfortunately didn't catch. I think it will be good to go over each one of them in the future, since it wasn't that many
https://t.co/78OXAWlbF1
@J4X_Security That isn't the problem IMO. The problem is that contests are dead so there are no opportunities for newbies to apply their AI skills. There are bug bounties but that is another can of worms
IMO the protocol already believes their code is secure. The contest is mainly a signal to users that due diligence was done, even if they know it won’t attract elite SRs. At this stage it’s more about optics and reassurance than security.
Why not a bug bounty after 7 audits for 6 months with conditional pot $0 if no H/M?
"Live audit contest" H/M pool of $96,000 🤔
- Securing $1B TVL
- Launched in September
- $70k fees generated daily
- 35% Solana marketshare (https://t.co/aL0atWQqeK)
I know this is a joke, but contests/BBPs already function like unpaid internships—minus the mentorship, structure, or career path. When satire mirrors reality this closely, something’s broken.
We are hiring SR interns who must have:
1. Under 25 years old with 26 years of web3 security research experience
2. Strong portfolio in EVM and Move and Solana and L1/L2 and ZK circuits
This internship is 12-month unpaid, if you succeed you get fulltime unpaid position
@TheWavexyz What's going on with Cantina? They should be better than this
This is crazy. Where is the transparency? This creates an obvious conflict of interest, and auditors will have no confidence that their findings will be judged fairly
"Competitions are not dead"
Meanwhile the said competitions:
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers