Independent Solana and EVM Security Researcher. Auditing with @0xMacroSecurity @spearbit @zenith256 @bailsecurity. DM for audit
My portfolio →
Joined September 2021
- Tweets 993
- Following 557
- Followers 1,605
- Likes 1,553
Pinned Tweet
Want to learn Solana security and don't know where to start?
Check out the Awesome-Solana-Security repository - it aggregates all the best, well-selected, up-to-date resources.
262 people have starred it, so they must know something.
Link in the comment 👇
The repo got 375 stars now!!!
I haven't updated the repo for 4 months now. I had a few new things in the backlog that I need to check before adding them to the repo. Thank you all for sending me all the alphas 🙏
0xhuy0512 retweeted
A common class of bugs in both Solana programs and in EVM smart contracts is not doing external calls properly.
From DOSing your system to reentrancy to assuming an external call succeeded when it didn’t…
There are a lot of mistakes to make when doing external calls.
Every AI auditor I've seen so far doesn't have good contest results, often only finding very high-dup issues. Meanwhile, this AI consistently finds solo issues, charts on the leaderboard, and hallucinates less.
If everything he said in this tweet is true, this is groundbreaking!
Moment of truth: every finding I submitted in @code4rena contests came from a method I built using AI. Over 7 contests my method earned 🥇🥈🥈🥈🥉 with a valid/invalid ratio >1 and multiple solo ands duo High/Medium findings.
At Eco, we're obsessed with creating seamless cross-chain experiences with stablecoins. There's still much more to build.
Today, we're open-sourcing Permit3, a contract that enables multichain token approvals with a single signature.
eco.com/blog/introducing-per…
0xhuy0512 retweeted
Building on the Solana virtual machine (SVM) is very different than building on the EVM.
Differences include:
- Data cannot be encapsulated
- External call depth capped at 4
- All account reads and writes must be known ahead of time
and much more (tighter transaction limits, built-in upgradability, program-derived accounts and their ability to be signers, and so on).
If you're looking to build on Solana and could use an expert opinion to accelerate your development, contact us via telegram, or via inquiry form on our website. Up to 50% of your pre-audit security reviews can be applied to a future audit (limited time only).
Stay secure out there 👊
- Macro Security team
Me in the contest in a nutshell:
> Me: Hey team, I noticed that .... Is this intended?
> Sponsor: Yes, it's intended
> Me: aight cool I will not submit it then
> Also sponsor: confirm issues with the same behaviour
> Me: 😰😓🥴🫨
I'll never be good at contests, I swear to god.
Ugh, I remember some auditor tweeting about this, but my dumbass forgot to bookmark it. Now I can't find it🤦♂️
What's the Chrome extension that can take notes for each highlighted phrase on each site?
4 Solana contests on the timeline. Now I'm a bit worried ngl...
Get ready Wardens, Meteora is launching a $104,500 competitive audit!
We're excited to collaborate with Meteora to help in their mission of building the most secure liquidity layer on Solana.
Let's go 🤝 @MeteoraAG
Finally getting 3 days off after auditing Solana & Solidity every day this month — wait… it’s August already?! 😭
Contribute to this one 🫡
Zenith Auditors recently completed an audit on the Solana contracts for Legion, the merit-based ICO platform.
All issues have been resolved.
It was a great experience working with the @legiondotcc team! Check out the full audit report below.
Yes! More Solana contests please!
Calling all Wardens for the first ever audit competition for the Solana Foundation!
Solana Foundation is launching a competitive audit with a $203,500 prize pool for its Token-2022 Confidential Transfer Extension!
The audit will run for 26 days, stay tuned for more info.
Let's go 🤝 @SolanaFndn
