The $40,000 SukukFi Audit Competition results are officially in! 🏆
Huge congrats to everyone who submitted valid findings!
And a special shoutout to @Audittens for for earning a spot on the Top 10 leaderboard for the last 90 days
Shoutout to @sukukfi for their commitment to security, full list of winners in thread!👇
I am happy to say i topped 6 out of 500+ participants in the Move contest on @sherlockdefi
> I didn’t touch the code once.
> I built an algorithm from absolute scratch.
> It found 4 out of the 6 issues that made the top 6.
> I never opened the source
> I and @Pelz_Dev only wrote the reports and submitted the findings.
> I’ve been building this in silence. No clout. No noise.
> Because I don’t talk about shit I can’t prove.
> This isn’t here to replace auditors.
> It’s here to show the beauty of hacking live contracts on-chain in real time.
No lowballing. No shortcuts. Just straight, undeniable proof of work, exactly how black hats are already using AI.
> I built this because I’ve been cheated on, played, and ignored too many times.
It runs in 3 phases:
1. Contests: This was my backtesting ground.
2. Bug bounties: where I show real results.
3. Live chains: Instances deployed on mainnet, auto-targeting protocols that push unaudited commits straight to chain.
Currently at 50% complete. still building and implementing.
One of its features is that when it hits a protocol with closed-source code on-chain, it automatically decompiles the bytecode back into clean, human-readable source, then throws its entire knowledge graph and reasoning engine at it. It systematically breaks down every layer until the protocol is fully reverse-engineered and every vulnerability is exposed.
This is just the beginning.
Ngl I like weird people. The black sheep, the odd ducks, the eccentrics, the artists, the loners. People who actually think for themselves, the kind whose morals are not swayed by groupthink. These people have the most beautiful soułs.
You people will fight with someone you consider a friend and next thing you're sharing private conversations willy nilly.
Crass, ill mannered, undignified behavior. No tact, no honor.
I write this tweet with pain and regret in my heart, as currently I’m in complete deadlock.
A new Protocol dropped on @immunefi bug bounty, I quickly checked this protocol, rawdogg thousands of lines of code to find bugs in this, day and night I didn’t sleep.
Submitted a bug that lands to direct loss of funds permanently in the contract.
P.s noting on the programs page of old bounty, as this bug is even live on mainnet with lots of funds at stake.
It got escalated to the protocol, and protocol was so malicious to provide a json as a prove that this bug been submitted in their old bounty program??
What type of malicious behavior is this?
If this was an old bounty, why not include it for srs so as to avoid them?
> Now I’m in complete deadlock because I have <10% accuracy. Due to the fact of the other dups I submitted back to back on this same project that got closed.
@immunefi when the feature to pay $75 for escalation, I’m ready to put my money in
Protocols like this can’t be treating SRs this poorly, it’s bad.
It’s a thin line between becoming a blackhat from a whitehat but I promised myself that I won’t steal.
How the ecosystem went from “We need more security researchers” to “We have an AI for that” in less than 24 months.
In my recent article, I covered the current position of AI in the industry and how junior auditors can move past the noise while focusing on what really matters.
I wrote an article in form of a series called "Spotting Vulnerabilities in Smart Contracts"
In these series I will be writing about my personal experience during audits.
The first part is titled "The Ghost in The Constructor", I hope you enjoy it and learn from it as well.
Another week to fight for the life you deserve
> btw, it’s been 2 months since @immunefi hosted a contest. This mirrors the current state of the market.
Things you can do as a beginner in the mean time
Participate in the weekly audit challenge by @radcipher
Read past reports
🏆 ANNOUNCEMENT
From competing in
@code4rena@sherlockdefi@immunefi@cantinaxyz@CodeHawks to building Radcipher Security Services.
Starting this Monday:
Weekly Security Challenges.
Every week.
New vulnerable contract.
Real attack patterns.
Think you can find the bug before others do?
HOW IT WORKS:
Monday 9 AM UTC: New challenge drops
- Real vulnerability from actual audits
- Progressive difficulty (starts medium)
- Live leaderboard
First to find it: Glory + bragging rights
━━━━━━━━━━━━━━━━━━━━━
WHY WE'RE DOING THIS:
Web3 needs more security researchers.
Not in 2 years. Now.
Practice platforms exist. But they're static.
We're making it weekly. Consistent. Competitive.
52 challenges per year.
52 ways to level up.
52 opportunities to prove your skills.
━━━━━━━━━━━━━━━━━━━━━
Week 1 challenge goes live tomorrow morning.
Focus: Staking rewards logic
Difficulty: ⚡⚡⚡ Medium
Time to solve: 3 Days
Ready to hunt?
Link in bio to join the waitlist.
Let's build better researchers. Weekly.
I used to beat myself up and feel stupid whenever I missed a finding in a contest. Now I just see it as a fresh opportunity to learn and admire the creativity of the SRs who found it. I don’t fail—I either succeed or learn a lesson.
The $40,000 SukukFi Audit Competition results are officially in! 🏆
Huge congrats to everyone who submitted valid findings!
And a special shoutout to @Audittens for for earning a spot on the Top 10 leaderboard for the last 90 days
Shoutout to @sukukfi for their commitment to security, full list of winners in thread!👇