Hunter

@Huntoor

Hunting Bugs Everywhere | for private audits

Web3

Joined June 2020

215 Following

1.4K Followers

808 Posts

Pinned Tweet

Hunter @Huntoor

about 1 year ago

Alhamdulillah, i have won the @InfraredFinance contest. Its been a while since my last posted win😅. 2nd consecutive contest and win, is it the rise? Some stats: - Time spent: 7 days - was the only one to find all high severity issues - Found the only solo in the code The main thing iam happy with in this contest is the amount of learning i got: - read a lot of EIPs (some were unrelated to the code but was intuitive to read more through) - read some geth code, and got a grasp of how consensus/execution layers work on the code level - read one GEAS - run my first local node to build a POC Downside for the above learnings is the % of coverage of those beautiful medium severity edge cases by those beautiful auditors This code has one of the longest call flow i have ever seen. I Love staking More than DEXs Auditing, Had much fun auditing this one Also i may decrease my contests participation alot(in general and not related to specific platform) Plans? - Leverage more time on niches i believe in and love - Join firmsss - Only participate in contests that add to my knowledge and have proper incentives - Become a judge (judging protocols that i love auditing), meh least likely because of the big amount of spams currently in the space and how judging may make me a hated person from newbies.

Huntoor's tweet photo. Alhamdulillah, i have won the @InfraredFinance contest.

Its been a while since my last posted win😅.

2nd consecutive contest and win, is it the rise?

Some stats:
- Time spent: 7 days
- was the only one to find all high severity issues
- Found the only solo in the code

The main thing iam happy with in this contest is the amount of learning i got:
- read a lot of EIPs (some were unrelated to the code but was intuitive to read more through)
- read some geth code, and got a grasp of how consensus/execution layers work on the code level
- read one GEAS
- run my first local node to build a POC

Downside for the above learnings is the % of coverage of those beautiful medium severity edge cases by those beautiful auditors

This code has one of the longest call flow i have ever seen.

I Love staking More than DEXs Auditing, Had much fun auditing this one

Also i may decrease my contests participation alot(in general and not related to specific platform)

Plans?
- Leverage more time on niches i believe in and love
- Join firmsss
- Only participate in contests that add to my knowledge and have proper incentives
- Become a judge (judging protocols that i love auditing), meh least likely because of the big amount of spams currently in the space and how judging may make me a hated person from newbies.

53

272

3

28

15K

Hunter @Huntoor

about 11 hours ago

@dvrvsimi @only01Essential @0x15_eth @lonelysloth_sec you don't. make a recurring script till the bug gets deployed. learned that the hard way, trust me

0

2

0

0

59

Hunter @Huntoor

4 days ago

@WhiteHatMage happened to me twice already

0

1

0

0

67

Hunter @Huntoor

18 days ago

@0xriptide Informative

0

4

0

0

321

Who to follow

founder/artist of @chungolabs i don’t really tweet here

Rachel Tashjian Wise

@theprophetpizza

Fashion Reporter and Critic. Senior reporter at @cnn @cnnstyle Creator of Opulent Tips Prev: @washingtonpost

Huntoor retweeted

18 days ago

As promised. Today, we have a big announcement We're launching registration for SpecSiege. It's our double-check format for audits. First, an internal private audit went through the code with a full manual review. Then the community review follows. 10 days of open review on a fairly large codebase, we know, but the chance to work on an ERC-6909 European bond platform, an institutional project, doesn't come around every day. - €15K total pot (€13K community pool, €2K fixed for the lead researcher). - If only Lows are discovered, €5K is distributed instead. Simply find bugs after us and get rewarded. We value your participation. We're not here just to squeeze you. Link below ⬇️

CODESPECT's tweet photo. As promised. Today, we have a big announcement

We're launching registration for SpecSiege.

It's our double-check format for audits. First, an internal private audit went through the code with a full manual review. Then the community review follows. 10 days of open review on a fairly large codebase, we know, but the chance to work on an ERC-6909 European bond platform, an institutional project, doesn't come around every day.
- €15K total pot (€13K community pool, €2K fixed for the lead researcher).
- If only Lows are discovered, €5K is distributed instead.

Simply find bugs after us and get rewarded. We value your participation. We're not here just to squeeze you.

Link below ⬇️

5

67

16

21

5K

Huntoor retweeted

@lonelysloth_sec

25 days ago

If LLMs finding bugs missed by multiple human auditors makes it super-human. When I find bugs missed by multiple humans and AI does it make me super-super-human? When then people catch bugs I missed do they become super-super-super-human? Congrats to teams finding bugs with whatever tools they use. But for the people making a living off bounties, finding stuff missed by dozens of the best auditors is just a Tuesday. Nothing super human about it.

12

108

11

12

5K

Hunter @Huntoor

26 days ago

@0xfrsmln @brandon_shi its informational. if you think about it for a second, everything can turn informational

1

0

0

0

93

Hunter @Huntoor

30 days ago

@0xIconoke agree

1

1

0

0

99

Hunter @Huntoor

about 1 month ago

@bichistriver 🙃

0

0

0

0

93

Hunter @Huntoor

about 1 month ago

where are those roadmap to success posters. i miss you guys.

7

32

1

0

2K

Hunter @Huntoor

about 1 month ago

@0xlookman smuh, don't please😂

0

1

0

0

76

Hunter @Huntoor

about 1 month ago

@ret2basic 😂😂😂

0

2

0

0

111

Hunter @Huntoor

about 1 month ago

@seunlanlege @adeolRxxxx

1

2

0

0

175

Hunter @Huntoor

about 1 month ago

@banditx0x sir, you are spending openzeppeline money for having fun or for actually earning?😐

0

1

0

0

58

Hunter @Huntoor

about 1 month ago

@Haxatron1 confirmed, people are paying more than will be earning🤣

0

0

0

0

112

Huntoor retweeted

0xFrankCastle🦀

@0xcastle_chain

about 1 month ago

It is happening! Week 4 is finally live. Join the Super League of Solana hackers, find vulnerabilities in the FrankSol protocol built with Anchor V2, and earn real money. 1st place: $500 2nd place: $300 3rd place: $200 Like and repost as a sign of participation — let's go!

0xcastle_chain's tweet photo. It is happening!

Week 4 is finally live. Join the Super League of Solana hackers, find vulnerabilities in the FrankSol protocol built with Anchor V2, and earn real money.

1st place: $500
2nd place: $300
3rd place: $200

Like and repost as a sign of participation — let's go! https://t.co/xQvhZfv4KT

10

135

30

44

7K

Hunter @Huntoor

about 1 month ago

The norm is to not follow SLA

0

8

0

0

523

Huntoor retweeted

about 1 month ago

@oot2k1 @asen_sec thinking in systems + bug hunting intuition + AI => you can audit pretty much anything

4

9

2

4

660

Hunter @Huntoor

about 1 month ago

@ZeroK_____ @jump_firedancer you need a nuclear reactor for a PoC😭

0

1

0

0

101

Hunter @Huntoor

about 2 months ago

@zerocipher002 i think its the way arround. you shouldn't hunt on any protocols except 1.2.3 the honest parties are very narrow

0

1

0

0

326

Hunter @Huntoor

about 2 months ago

@0xMSF14 @immunefi @code4rena web2 did worse than that and it still lived

0

0

0

0

118

Last Seen Users on Sotwe

Trends for you

Most Popular Users