Every champion needs a solid defense — thanks @delabsOfficial for letting us guard your corner. 🥊
From KOs to rewards, we make sure everything lands exactly where it should. 🎯
🛡️ Security is our daily quest.
Thanks @BugBlow for a routine check‑up on Boxing Star X, making sure every KO, reward & asset stays in the right hands, ours.
Play bold, play safe.
Security audit in progress
Flipper Perps is now undergoing a security audit with @BugBlow, a smart contract security audit team focused on DeFi protocols across Ethereum, Solana, and TON
For us, this is not just a technical checkbox
Flipper Perps is built around smart contracts, vault-based fund flows, margin logic, fee distribution, position execution, and liquidations. These are the components where security, economic logic, and risk management matter the most
@BugBlow is reviewing the core parts of the protocol, including:
> Smart contracts and vault-based fund flows
> Fee distribution across the protocol, insurance fund, and vaults
> Position opening and closing logic
> Liquidation logic
Economic and protocol-level risks
Their audit methodology includes architecture review, threat modeling, manual testing, issue classification, reporting, and remediation guidance
This is an important step before bringing Flipper Perps closer to users
Security in DeFi is not only about finding bugs. It is about checking how the whole system behaves when real value, leverage, and market risk are involved.
Audit reports will be shared once the review is complete
@flipper_trade × @BugBlow
One of the core issues in today’s Web3 bug bounty ecosystem is the lack of transparency: researchers cannot see which vulnerabilities have already been reported, nor can they verify whether a submission was truly a duplicate or simply dismissed without payout.
We're giving AI coding agents full shell access to our machines. Cursor, Claude Code, Copilot - they can read, write, and execute anything.
Yes, they ask before running commands. But the permissions are already there. The confirmation is UI, not security.
Now imagine the company behind one of these tools gets breached. What runs on your machine next?
Here's my offer: we take a random smart contract.
Your agent audits it, then my team does.
We commit hashes of our reports, then reveal the reports.
If my team finds fewer or an equal number of vulnerabilities (except 0), I publicly acknowledge that your agent is better.
And pay you a $100.
Last week I sat down with a senior smart contract auditor from a top-tier security firm and tested my AI agent plugin on contracts his team had professionally audited.
The AI independently flagged the same HIGH severity vulnerability that the audit team found.
No hints. No context about previous findings. Just raw contract code.
Here's what I built 🧵
@darkp0rt@Ehsan1579 I think the point here is that devs will be using AI to push a more secure code, where AI won't be able to find bugs, but people will
More and more people are integrating LLMs into their apps. The other day, some friends asked me to audit their LLM integration.
A marketplace where every product must be unique. To catch duplicates, they plugged in an LLM as a validator.
The LLM became an attack surface.🧵
If you have an LLM built into your app, chances are, you might already be vulnerable.
By the way, we built a playground where you can test everything yourself - run the attacks, tweak prompts, see what breaks.
https://t.co/6vQta0GGnh
Full article: https://t.co/eDBIQ9af3i
The fix has to be architectural.
1. User input is untrusted. Always.
2. Don't mix it with system instructions in the same context.
3. LLM output is a recommendation, not a decision. Verify externally.
4. Every tool available to the LLM is a tool available to the attacker