MrPotatoMagic @MrPotatoMagic - Twitter Profile

Pinned Tweet

over 1 year ago

After 488 days of highs & lows on @code4rena, I've finally secured my first win on a C4 contest 🏆 11 out of 15 H/M (including a solo finding) helped me secure the Top Hunter & Gatherer + Top QA report. Now in the all-time Top #100! Thank you @code4rena and @phi_xyz for this opportunity!

MrPotatoMagic's tweet photo. After 488 days of highs & lows on @code4rena, I've finally secured my first win on a C4 contest 🏆

11 out of 15 H/M (including a solo finding) helped me secure the Top Hunter & Gatherer + Top QA report.

Now in the all-time Top #100!

Thank you @code4rena and @phi_xyz for this opportunity!

17

184

6

18

13K

MrPotatoMagic retweeted

Cyfrin Audits

@cyfrin

15 days ago

Happy to share, Cyfrin has wrapped our audit of @0xspiralstake v2, a non-custodial protocol that amplifies yield using flash-loans on @Morpho. Read the full report 👇

5

103

28

6

12K

MrPotatoMagic

@MrPotatoMagic

18 days ago

Tough to see this happen. The impact C4 had on so many wardens will far outlast the platform itself. Thank you for building this platform and community. It's been an honor to be part of this journey🐺

Code4rena

@code4rena

23 days ago

After careful consideration, we’ve made the decision to wind down @code4rena. This community has meant a great deal to everyone who has been part of building it, and sharing this news is not easy.

26

274

31

19

132K

0

17

0

849

MrPotatoMagic

@MrPotatoMagic

5 months ago

@zzebra83 congrats🐐🔥

1

0

180

MrPotatoMagic retweeted

Code4rena

@code4rena

5 months ago

In 2025, Code4rena Wardens prevented 286 high- and medium-severity vulnerabilities from entering production. Here’s a look back at what the C4 community accomplished this year!

code4rena's tweet photo. In 2025, Code4rena Wardens prevented 286 high- and medium-severity vulnerabilities from entering production.

Here’s a look back at what the C4 community accomplished this year! https://t.co/X6hktQ4KIO

3

60

10

7

6K

MrPotatoMagic retweeted

CharlesWang

@0xCharlesWang

7 months ago

Creativity is one of the most important traits if you want to become a great auditor. I did a small training session with two of our auditors on a very small, trivial scope. It was clear from the beginning that the attack vectors are limited and the task was to find all issues in itself and incorporate creativity to find very hidden issues. If you do something like that regularly, I believe you will level up quickly.

0xCharlesWang's tweet photo. Creativity is one of the most important traits if you want to become a great auditor.

I did a small training session with two of our auditors on a very small, trivial scope.

It was clear from the beginning that the attack vectors are limited and the task was to find all issues in itself and incorporate creativity to find very hidden issues.

If you do something like that regularly, I believe you will level up quickly.

4

47

3

12

4K

MrPotatoMagic retweeted

Dacian

@DevDacian

8 months ago

Shout out @MrPotatoMagic & myself great result on this challenging cross-chain TradFi auditing finding: * 4 Med * 4 Low * 15 Info & 9 Gas This audit was quite challenging because we were auditing a TradFi protocol's Solidity integration between Wormhole & Circle CCTPv2, at a time when: * Wormhole's official documentation and Solidity code examples were all related to CCTPv1 integration * Wormhole's publicly available off-chain code only integrated with CCTPv1 So based on the publicly available information at the time, it was extremely difficult to verify the correctness of the proposed implementation - we couldn't see how the Solidity Wormhole <-> CCTPv2 integration should look nor the off-chain code that would process the emitted events then call the CCTPv2 API. We overcame these limitations by: * reaching out to our contacts to get some draft unpublished integration specs * simplified the client's protocol while keeping the same core integration logic, wrote some Foundry scripts to deploy & test our simplified contracts then successfully performed live end-to-end integration testing In the end we were able to find some nice edge-case bugs delivering good value to the client under challenging circumstances!

DevDacian's tweet photo. Shout out @MrPotatoMagic & myself great result on this challenging cross-chain TradFi auditing finding:

* 4 Med
* 4 Low
* 15 Info & 9 Gas

This audit was quite challenging because we were auditing a TradFi protocol's Solidity integration between Wormhole & Circle CCTPv2, at a time when:

* Wormhole's official documentation and Solidity code examples were all related to CCTPv1 integration
* Wormhole's publicly available off-chain code only integrated with CCTPv1

So based on the publicly available information at the time, it was extremely difficult to verify the correctness of the proposed implementation - we couldn't see how the Solidity Wormhole <-> CCTPv2 integration should look nor the off-chain code that would process the emitted events then call the CCTPv2 API.

We overcame these limitations by:
* reaching out to our contacts to get some draft unpublished integration specs
* simplified the client's protocol while keeping the same core integration logic, wrote some Foundry scripts to deploy & test our simplified contracts then successfully performed live end-to-end integration testing

In the end we were able to find some nice edge-case bugs delivering good value to the client under challenging circumstances!

4

43

1

2K

MrPotatoMagic

@MrPotatoMagic

8 months ago

@DevDacian thank you for the shoutout, pleasure cracking this codebase together🫡

0

1

0

47

MrPotatoMagic retweeted

BailSec

@bailsecurity

9 months ago

Our quotes are always 100% exact and fair. We never try to overcharge our clients. But 6 months ago, we had 2 cases where our teams completed audits earlier than estimated. We informed the partners ourselves and sent partial refunds back, several thousand dollars each. They were stunned by the honesty. BailSec stands for: 100% transparency, quality, and trust in Web3. @CryptoAlgebra @lista_dao

21

83

8

2

35K

MrPotatoMagic retweeted

Code4rena

@code4rena

12 months ago

Code4rena will run audit contests for free, as public goods. 100% of funds from sponsors will go directly to auditors and judges. We won't take any cut. Why? 1. Competitions are commodities. They're CRUD apps. Why should builders pay premium for a website just to submit bugs? Especially smaller teams without VC funding. 2. Everyone deserves competitions. We tell all our clients to get a competition after their audit. That's because competitions simulate real world conditions, where there's thousands of eyes on a protocol. We want to make competitions as affordable as possible so everyone can get one. 3. It benefits our wardens. In 2021, we invented the competition format. We're still the platform with the largest auditor pool (10,000+ registered). Not only should builders have access to the best security talent, we believe auditors should have opportunities to work with great projects. Opening up our platform benefits our wardens. How will you afford this? Zellic is a profitable business. We make money doing traditional private audits through Zellic and Zenith. This benefits us because: (1) our clients are more secure after they run contests, and (2) Code4rena is a talent pipeline for Zenith. Will you stop maintaining the platform? Of course not. Since we acquired Code4rena, we've shipped several features and have several more already underway. C4 has a dedicated dev team that we're fully committed to. Besides, many of our clients at Zellic use C4. We're incentivized to make sure the platform works well. It's just that now we're allowing everyone to benefit from our investments in Code4rena. In conclusion: Run a contest on Code4rena! We won't take a cut, your prizes will go directly to wardens and judges. For full details, check out our blog post here: https://t.co/IaqxFLZ7rq