Test smart contracts as you have a black box. Disregard what you know about the code and work as QA based on requirements knowledge - that will help you find all edgecases and potential vulnerabilities. As vulnerabilities start from bugs, and bugs are deviations from requirements
It's been a while since I posted smth on twitter. But last few weeks were so packed with events and breaches, that I felt an urge to return to investigations and researches in cybersec and web3 sec. Could not imagine axios npm compromise, solana dex hack, balancer compromise and row of other events packed so closely.
@ddimitrovv22 web3 finally discovers requirements based development and integrity checks. on own painful lessons - instead of learning from several decades of software dev best practices. Better later than never.
I really enjoyed our International Conference in PQC and AI today, and where we had an amazing opening talk by Jaime Gómez García: https://t.co/wnkQSb2dil
Currently attending another webinar - on modern approach to cybersecurity. And the framing thought resonates a lot within me:
‼️Cybersecurity is about risk management, and risk management is about money (loss).
The one should never underestimate the necessity of security budget
Another point from event - live demonstration of PQC readiness assessment by automated tools. Example shown on panel - analysis of TrustWallet core repo. That was ... well ... impactful to see how web3 industry is still in procrastination phase for PQC (even from single example)
Great event on post-quantum cryptography, organized by @billatnapier
The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️
It is good the world already started work on compliance and migration planning, but we are still procrastinating this.
Another thought why PQC awareness matters - even now principle works ❗️Harvest Now, Decrypt Later❗️
Adversaries harvest data, waiting around for quantum computer to crack it later. Even if you have strong confidentiality, encrypted data breach is still a breach (just delayed)
Great event on post-quantum cryptography, organized by @billatnapier
The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️
It is good the world already started work on compliance and migration planning, but we are still procrastinating this.
Another thought I liked from the discussion - that while PQC expects certain technical and hardware updates, it is still heavily based on crypto-hygiene, awareness and understanding of foundations of integrity and confidentiality.
Great event on post-quantum cryptography, organized by @billatnapier
The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️
It is good the world already started work on compliance and migration planning, but we are still procrastinating this.
One of points which I liked in PQC discussion - that blockchain is an actual technology reviewed to become a component of PQC frameworks
Maybe it will finally achieve its initial technological goal.
Great event on post-quantum cryptography, organized by @billatnapier
The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️
It is good the world already started work on compliance and migration planning, but we are still procrastinating this.
Great event on post-quantum cryptography, organized by @billatnapier
The framing thought ❗️it is not a sci-fi, but a real threat - just delayed in time ❗️
It is good the world already started work on compliance and migration planning, but we are still procrastinating this.
Two world-leaders in Post Quantum Cryptography (PQC) - Jaime Gómez García and Daniel J Bernstein - in our PQC Seminar on Wednesday, 24 Sept 2025 (1-4pm - UK time), and a whole host of innovation presentations. Register here: https://t.co/VdYow0j4Aq
These days I'm getting into auditing Defi perpetuals. If you'd like to know more and discover about them with me, you're invited to read the first piece of the series. More to come!
PS: Any corrections are appreciated!
https://t.co/LdbmAsO0xj
@0xGondarxyz great initiative 👍
looking forward for next posts (as I am working on certain materials on lending protocol security and may take some inspiration if you don't mind 😅)
Great read on the newly discovered supply chain vulnerability. It brings several important topics:
❗️why decentralization matters - even in zero-trust systems
❗️why cryptography and zk particularly matters
❗️why SRs should have damn good qualification https://t.co/xXzoKCkAKI
@chrisdior777 if it make newbies feel better - it will not become easier on higher levels 😅
from some point of view everyone is in the same conditions here. But you will become better in understanding why it is hard 🤷♀️
Being gone for a while - inspected closely how governance works on one of the lending protocols. Not to say that it is slow, but I'd say that close monitoring of proposals expiration and renewal dates is a must have for any protocol. Just in case, to avoid highjacking.