My second win and first top hunter/gatherer!😆
Actually it was my first Rust audit, I had a really hard time learning Rust and auditing it at the same time. I think logic is the key, despite the language.
Just keep exploring, challenging yourself and learning new things!
Big congrats to everyone who submitted valid findings, especially to klau5 for getting their largest payout yet, placing them in the top 100 all-time leaderboard!
Much respect to @axelar for their unwavering commitment to the highest security outcomes.
Full list of winners in thread 👇
Big news from Immunefi: we just shipped Proof of Duplicate, and it's *the* feature I've been wanting to see for a long time.
For years, one of the most frustrating experiences a whitehat could have was submitting a report, putting in the hours of research, the careful write-up, the working PoC… and getting back a one-line "duplicate, closing."
No justification and no transparency. No way to push back. That era is over.
Starting now, when a submission is closed as a duplicate, it points to the original report. The researcher can read the original. They can compare the reports for themselves... and if they believe the call was wrong, they get a formal dispute button.
Verdict upheld means the report stays closed. If the verdict is overturned, the report gets reopened and goes back through triage like nothing happened, including reward eligibility.
This matters beyond the feature itself. The whitehat community is the immune system of crypto. Every protocol secured, every exploit prevented, every billion in TVL that didn't get drained.
For this immune system to keep working, things have to keep improving for whitehats. Proof of Duplicate is just one piece. There will be more.
SR Summer 2026 is coming.
After careful consideration, we’ve made the decision to wind down @code4rena. This community has meant a great deal to everyone who has been part of building it, and sharing this news is not easy.
My audit portfolio just got updated! Take a look! 👀
If you want an audit or security consulting, feel free to contact me on X or Discord.
https://t.co/ldI0F62W8Q
✨Introducing evmresearch✨✨
A knowledge graph of nearly everything I've learned about the EVM in the past six years
The graph structure emulates the brain, exponentiating research speeds for both humans and agents
https://t.co/974InOGRmw
My audit portfolio just got updated! Take a look! 👀
If you want an audit or security consulting, feel free to contact me on X or Discord.
https://t.co/ldI0F62W8Q
Blackhat deployed a contract to exploit Makina Finance, but a MEV both front-ran the attempt and hacked the protocol first. Root cause - spot price oracle manipulation by a flashloan.
You can only see this in crypto, Ethereum mainnet is a dark forest⚫️🌳
Sharing my Burp Extension that earned me $200k in 2025 while API testing heavy JS-rich targets.
https://t.co/2ttRurgoPh
The tool helps find endpoints, files, internal emails, and some secrets from minified JS.
Its goal is to achieve maximum efficiency with reduced noise in results. Contributions and feedbacks are welcome.
As a life-long procrastinator, this has been life changing for me.
How I use it:
- Tap right if focus work
- Tap left if procrastinating
I guess it just hurts differently when I see myself literally loosing time I could spend with family/kids ticking in front of me haha
The Cantina Fellowship Program is evolving! We heard your feedback, and we’re making an important change: we’re removing the exclusivity clause from the Cantina Fellowship.
A breach exposing 16 billion credentials has been confirmed. The dataset includes sensitive access details from Apple, Google, Facebook, GitHub, and other major platforms.
This constitutes a direct threat to operational and personal security.
Recommended actions:
• Rotate all credentials
• Enforce multi-factor authentication
• Conduct a full access audit
Continuous security posture assessment remains essential.
Source: https://t.co/C2ksEwflUc
Code4rena will run audit contests for free, as public goods.
100% of funds from sponsors will go directly to auditors and judges. We won't take any cut.
Why?
1. Competitions are commodities.
They're CRUD apps. Why should builders pay premium for a website just to submit bugs? Especially smaller teams without VC funding.
2. Everyone deserves competitions.
We tell all our clients to get a competition after their audit. That's because competitions simulate real world conditions, where there's thousands of eyes on a protocol. We want to make competitions as affordable as possible so everyone can get one.
3. It benefits our wardens.
In 2021, we invented the competition format. We're still the platform with the largest auditor pool (10,000+ registered). Not only should builders have access to the best security talent, we believe auditors should have opportunities to work with great projects. Opening up our platform benefits our wardens.
How will you afford this?
Zellic is a profitable business. We make money doing traditional private audits through Zellic and Zenith. This benefits us because: (1) our clients are more secure after they run contests, and (2) Code4rena is a talent pipeline for Zenith.
Will you stop maintaining the platform?
Of course not. Since we acquired Code4rena, we've shipped several features and have several more already underway. C4 has a dedicated dev team that we're fully committed to.
Besides, many of our clients at Zellic use C4. We're incentivized to make sure the platform works well. It's just that now we're allowing everyone to benefit from our investments in Code4rena.
In conclusion:
Run a contest on Code4rena! We won't take a cut, your prizes will go directly to wardens and judges.
For full details, check out our blog post here: https://t.co/IaqxFLZ7rq
4/ smarter wallets
wallets used to just hold keys.
now, they get a brain.
pectra lets normal wallets act like smart contracts.
you can batch transactions, skip approval popups, pay gas in any token.
less friction. more freedom. more possibilities.
0/ the biggest ethereum upgrade since the merge is coming.
and this time, you’ll feel it.
it’s called pectra and here’s why it matters
a guest thread by @binji_x ↓