Olivia
Online
Dan Ogurtsov
@danogurtsov
Head of Audits @PashovAuditGrp
prev: audits @mixbytes, research @P2Pvalidator, strategy @EYnews, vc @tenzorcapital
Joined June 2018
111 Following
391 Followers
235 Posts
Pinned Tweet
I guess it’s time to finally introduce myself.
My name is Dan.
I’m the head of audits at @PashovAuditGrp.
I've led 400+ security audits and helped in structuring timelines, reviewing findings and (most importantly) making sure that both clients and auditors are satisfied with the process.
Pashov Audit Group was among the first to introduce the model of working with independent security auditors - the best talent in the industry, not locked into one firm.
And also, I'm researching something that I’m super hyped about and that I believe might reshape the industry: how AI handles problems that require deep expertise and complex reasoning, and how it helps to be more productive (as a human, and as a firm).
I'm building tools, testing every major AI security product I can find, and trying to figure out where the real limits are.
I'll be writing about all of this here - AI for optimizing project management and processes, AI in auditing, web3 security, my projects and research. I will also share some of my other schizo interests for good measure.
If any of this is your world, stick around.
@0xcastle_chain and it's actually going down 🥲 We will see for how many months
Just should be taken into account, and maybe for newbies it's an opportunity
While attending @Morpho's incredible Vault Summit at NYSE 2 weeks ago, a LP with 10-fig allocation complained about how vaults today are mostly doing very similar & simple things:
> lending against cbBTC, WETH, wstETH etc blue-chip assets
> the top 12 markets on morpho accounts for >80% of total active loans
In short, there's not much complex risk to curate. This LP is considering going directly to Moprho markets as lender
I think the future of vaults is either to
a) expand to more exotic trading strategies across cex, dex, options, perps, and options venues or
b) if more public credits and yield-bearing collateral types take-off on-chain
For crypto-backed loans there's little to curate
@0xngmi 30d rate, and never annualize sub-12mo
and yeah, annualizing assumes fees are stable, which is never true in month 6.
And the same for "Revenue".
on the naming btw (saw the thread below) - maybe something like "LP revenue" vs "Protocol revenue"?
@0x3b33 funny one, love it
great catch sir!
@thepantherplus Love things like that, for me it's a solid Medium. But yeah, in practice, clients accept it as Low or Info very often -_-
@0xaudron and also building more advanced ai systems helps haha like an engineering challenge for the brain
@BengalCatBalu and same challenges for firms/teams -_-
it will change us all, will require hard work and smart moves, more than ever
@Huntoor well maybe 1k/day will sound sweet
if it works like an auditor with an edge other tools don't have - maybe it's worth it
so as not to get commoditized like every other AI. -_-
@Schnilch it's so good in onchain analysis 👀 studying any topic/hypothesis was such a pain in the ass always, I remember we could easily spend weeks there. Now even without any MCP (but with rpc key of course) it can do crazy research
@0xcastle_chain hey welcome back sir 👀
It takes real mental toughness to choose web3 security as your path in the current market.
The fact that many people — even very experienced auditors — are finding it harder to get work is undeniable.
For newcomers it's worse. Contests (if any) and bug bounties are flooded with AI submissions that drag judging out for weeks. And that's before the mental pressure of sitting in a contest with ~3k findings, where staying in the chair to the end is itself a test of resilience.
You could justify all of this if protocols were getting safer and hacks were going down. The opposite is true. The field is in a transitional state — the mechanisms for working well alongside AI aren't built yet, and a lot of researchers are operating under pressure that does nothing for their actual output.
So what can each researcher do individually? First, accept the rules of the game and decide honestly whether you're ready for them. The space is more competitive than it has ever been, and only genuinely effective work will be worth paying for.
If that doesn't stop you, start doing something about it. Improve your audit workflow. Study harder things. Spend more hours sitting with the codebase. Do your maximum to be useful, because nothing less clears the bar anymore.
None of this guarantees success. It only maximizes your chances of it. A 100% guarantee doesn't exist, and being at peace with that is part of the job.
🤯An AI security tool has 1st-place performance on security contests from just 1yr ago. Solidity-auditor v3 is out, FREE & Open Source.
Thousands of Solidity developers are using the tool already. Upgrade your security baseline, use the tool🫡
https://t.co/SfxjuQ17gA
Currently experimenting with a new type of web3 security contest. All web3 Projects will love this one.
Trying many things and failing a lot right now, but learning fast. The existing solutions lost their glory a while ago, but the talent is still there - seeing an opportunity🙏
Secured by Pashov Audit Group.
📍New region
Black Sea Central and East (Trabzon), Türkiye 🇹🇷
Regions: 132 / 1,353 (+1)
UN: 43 / 193
UN+: 47 / 265
TCC: 53 / 330
(map: NomadMania)
What's open on my desk right now:
- Claude API credit balance page
- Sarawak wiki page (going there soon)
- CFA Practical Skills Module (have to prove them I know Python)
- Re-applying to my driving licence online
Most of what I read isn't about web3 or AI.
It's about regions. Histories of countries, market structures in specific economies, why certain cultures ended up with certain industries.
Asian markets in particular.
The relationship between policy, geography, and what an economy looks like over a 50-year window.
Bleeds into the day job sometimes.
But that’s just a bonus.
I mostly enjoy reading about these subjects.
I remember how hard it always was to dig into a new hack and fold it into your expertise.
Reading the writeup. Decoding the tx. Working out what actually happened.
Now there are more hacks than anyone can keep up with - and surprisingly, this is where agents shine.
Not finding the next bug - making sense of the ones that already happened. Explaining the writeup. Decoding the tx.
Hours of catching up compressed to minutes, with reasoning written down as it happens.
I’m fascinated (in a good way) by some people on this platform.
Posting revenue figures, client wins, whatever's on their mind, at the speed their thoughts arrive at.
And it works. It’s good stuff.
I'm wired the opposite way.
Read twice, sit on it, edit, sit on it again.
By that point the pull to just not post is strong.
Last Seen Users on Sotwe
File selingkuh
Seen from Germany
Anem A Pams - Rosa
Seen from Spain
sera
Seen from Indonesia
Bí Tên
Seen from Vietnam
penggemar janda
Seen from Indonesia
nycto
Seen from Indonesia
Aldo golo
Seen from Indonesia
eksib indo
Seen from Singapore
VManiak Jilbab
Seen from Singapore
Dikdik
Seen from Indonesia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers