Findings from my 5x Top 3 placements in public audit contests and some of the findings from 40+ private audits I've done can be found at my GitHub. Updated irregularly.
https://t.co/dLrXWDmNkF
UBS and Nethermind have completed two joint proofs of concept showing that a public, permissionless network can support the compliance and operational needs of regulated financial institutions.
The PoCs show that banks and asset managers can apply strong compliance controls through the infrastructure they run on top of Ethereum, without changing how the protocol itself works.
We built and tested a node that applies customizable compliance rules to outgoing transactions, and a routing component that sends approved bundles directly to selected block builders. Both validated end-to-end on Sepolia, no live transactions.
This is what enterprise-grade blockchain infrastructure built on deep protocol expertise looks like in practice.
We plan to build on this work with @UBS.
Full release: https://t.co/oDW2cj9eTs
After careful consideration, we’ve made the decision to wind down @code4rena. This community has meant a great deal to everyone who has been part of building it, and sharing this news is not easy.
The @battlechain testnet is now LIVE.
Come enter the ultimate red-team platform.
Give us feedback so we can launch mainnet very soon, and fix web3 security.
@Ehsan1579 Your logic here is beyond flawed and can be broken apart at so many parts. House installs security cameras and security personel but gets broken into whats the point lmao. I won't waste time explaining unless you want an honest conversation, in that case you can DM me
@Ehsan1579 You are comparing live code to production code in this scenario, a lot of audits turn to QA rather than bug hunting. Trust me i would love to hunt bugs instead of checking why the code or desing doesn't work.
AuditAgent now supports Solana.
AI-augmented vulnerability detection trained on real audit findings.
Now across Solidity, Cairo, and @Solana.
Raising the security baseline early in development, before manual review begins.
https://t.co/EYDojLtS8G
Shocking news. Talented, smart people that take on insane amounts of responsibility are rating their services a fair price.
Everyone is free to get a cheap AI audit and experiment and launch their products.
One of the biggest reasons why it's hard to experiment in crypto is security audits and their costs.
I've spoken to more than 10 teams in the last month who are all currently ready to launch on mainnet, but are held back by audits and their insane cost.
A basic audit can cost up to 50k for a small codebase, which makes it hard for bootstrapped projects to launch and explore if they should even be spending their time on this.
The industry did a terrible job of overpricing security audits and it has strongly held the space back.
AI has collapsed the window between finding a Web3 vulnerability & exploiting it everywhere.
One pattern match ➡️ instant ecosystem-wide reconnaissance. Defense response time: nearly zero.
Smart Contract Auditor Ravi Kiran on how this changes security
https://t.co/AEHzMsQB68
@NethermindSec@Panoptic_xyz@_ulasanil@kamilchmielu One of the findings has been found by our AuditAgent. Interestingly this bug has been living stealthily in execution for years and survived many audits and contests. Take a guess on which one it might be.
(A short blogpost for it will be out later)
Our @NethermindSec audit for @Panoptic_xyz is finished, we found really cool bugs on a super challenging, well tested and well audited codebase together with legends @_ulasanil@kamilchmielu
Check the report here you'll definitely learn something new: https://t.co/oUzQrXPYGX
We’re in the final stretch of a security review of @Panoptic_xyz’s upcoming Next Core (V2) codebase.
Panoptic is building some of the most ambitious on-chain options infrastructure out there, and it’s been a pleasure working with their team as we wrap up the last pass.
@jack__sanford@muellerberndt@IAm0x52 > leveraging years of Sherlock's AI contest judging data to minimize false positives
Assuming all this data is public, wouldn't other AI Agents also have access to this data? Or is there something private only Sherlock team would have access to?