Olivia
Online
KeySecurity
@KeySecurityLtd
40+ conducted audits
Have been working with: Ai Agent Layer, Cookie3, StarHeroes, GameSwift, DYAD, DayHub
Reach out on Telegram
Joined June 2024
1 Following
200 Followers
56 Posts
Pinned Tweet
Almost 30 Published Security Reports are in our portfolio
You will find:
- 40 high severity findings
- 60 medium severity findings
If you want to increase your security knowledge, you may want to read them.
Star the repo if you like the findings⭐️
https://t.co/eWGVpxdriz
Issues in DAI & WETH with Permit ERC-2612
1. DAI have two additional input parameters in the permit function, which can cause the call to revert.
2. WETH does not have a permit function, but the call will execute without errors because the fallback function will be triggered.
📄New Security Report Published
I conducted a small audit back in October on a project that is a fork of OKX.
No critical, high, or medium issues were found. The new changes are well written and have been reviewed✅
Full report 👇
https://t.co/d5ltWVzCyH
Sharing the report from a 3-week solo audit:
• 16 High
• 6 Medium
• 4 Low
• 16 Info
Large codebase using the Diamond Proxy pattern and integrating with Uniswap.
Report 👇
https://t.co/SmW9KziAJE
8 new reports dropping in the coming weeks.
20+ High severity issues already found and fixed ✅
I appreciate everyone who chooses me as their auditor. Regardless of budget, I always give my best to prevent their project from being hacked.
That’s why most of my clients keep working with me.
I’ve been working with one client for 2+ years and we’ve done 10 audits together.
Sharing our security report for @alaska_game
One year ago, we conducted a small audit of their CARAT ERC-20 multichain token, which uses CCIP
The codebase was well-written and no crucial vulnerabilities were found ✅
Report 👇
https://t.co/ko6dA8Q7iu
Sharing our security report for @alaska_game
One year ago, we conducted a small audit of their CARAT ERC-20 multichain token, which uses CCIP
The codebase was well-written and no crucial vulnerabilities were found ✅
Report 👇
https://t.co/ko6dA8Q7iu
🚩Replay Attacks/Signature Malleability
Every signature should include:
- nonce, as a unique identifier to prevent reuse
- expiry time, after which the signature is no longer valid
- chain. id, to prevent reuse on different blockchains
Also, proper check of the signer whether it's msg.sender or the project's off-chain address.
🧵For 2 years (2023-2025), @ether_fi conducted 18 audits
More than 25+ High vulnerabilities were found.
Here is a short, simple explanation of the 16 most important findings.
🔖Bookmark this thread or read it now👇
🚩Common DAO Vulnerabilities
- Flash Loan Manipulation
- Transferable Voting Power
- Execution and Voting in the Same Transaction
- Insufficient Proposal Validation
- Spamming or Creating Invalid Proposals
- Double Execution of a Proposal in the Same Block
Finding from one of our audits
Avoid calculating the slippage amount on-chain.
Consider implementing an off-chain price feed for slippage checks to minimize the risk of manipulation during swaps.
📄New Security Report Published
Our client is building early invoice payments on top of @compoundfinance
After two days of auditing, 2 Medium findings were found and resolved the next day.
Full report 👇
https://t.co/Baa9CzxXBA
This bug was spotted in one of our recent audits.
If you want to read it and see 3 more high vulnerabilities.
Here is the report 👇
https://t.co/5E4ZmnprzH
The reward should NOT be calculated based on token.balanceOf(msg.sender); it should be based on the amount of tokens the user deposited into the contract.
The bug is trivial, but it still occurs nowadays.
13 Chainlink Oracle Security Considerations
If your project uses Chainlink Oracle, you must read this
https://t.co/HKOLouQihF
Q1 2025 Stats:
> 6 private audits & 2 mitigation reviews
> 3 projects launched
> 15M TVL protected
> 1 large audit scheduled for April
Follow @KeySecurityLtd, where we will share every High & Medium severity issue we find.
Reports👇
https://t.co/Ir2SIKdyi6
Today we finished our 4 audit for @honeydotfun
In the last few months, we were able to audit their Tokenomics contracts twice and their Platform contracts.
All 4 reports have been published and can be found here👇
https://t.co/eWGVpxcTt1
📄New Security Report Published
We conducted a very small audit of a project that was previously audited by us one year ago.
No critical, high, or medium issues were found. The new changes are well-written and reviewed ✅
Full report 👇
https://t.co/pZeBYU9njG
📄New Security Report Published
We conducted a second audit of our client for one day.
We were able to find a critical issue in how the already claimed amount is stored and updated in their vesting contract
Full report 👇
https://t.co/SYEXrLwSu1
📄New Security Report Published
For 2 days, we were able to audit 2 staking and vesting contracts, as well as the airdrop contract.
We found 2 High and 1 Medium findings, which were resolved by the dev team. ✅
Full report 👇
https://t.co/vKIsWokIyR
📄New Security Report Published
For 2 days, we were able to audit 2 staking and vesting contracts, as well as the airdrop contract.
We found 2 High and 1 Medium findings, which were resolved by the dev team. ✅
Full report 👇
https://t.co/vKIsWokIyR
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.6M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.1M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers