ddimitrov22

One of the most overlooked principles when writing smart contracts - Keep it simple! Complex systems fail in complex ways. Use existing audited and battle-tested libraries, don't overcomplicate functions, and minimize the size of the contracts. This can save you millions.

We’re pleased to announce: @CDSecurity_ 🤝 @ArbitrageBera Arbera is a permissionless volatility farming and yield protocol on @berachain, enabling secondary markets, arbitrage and real yield without oracles or external feeds. Serious, organized team. Worth checking out.🔥

Most of the critical bugs in smart contracts aren't technical but logical. Even devs are not fully aware of all the logical risks related to each concept. So don't be biased and trust the natspec and docs. Look at the code. Code never lies.

You should always have an incident response plan. Even if you did multiple audits and have a running bug bounty program. It's not a guarantee that there are no bugs in your code. Hopefully, you never have to rely on it. But you should have a plan.

The @credidotfi audit report is live on our GitHub! Credifi enables unsecured loans using ERC1155s, pegged oracles and EVC vaults - designed for isolation, access control and security. Full report in the comments!👇

A great repo that every dev team MUST check. A Simple Security Toolkit that includes: - Dev process - Audit readiness checklist - Pre-launch safety checklist - Incident response template github.com/nascentxyz/sim…

Auditors often overlook simple attack vectors just because they are too obvious - reentrancy, missing access control, front-running, etc. There are still bugs out there because of every single attack vector. And many of them resulted in exploits recently.

In the age of information, the biggest challenge is to focus on a single thing. There is always a new article, video, or idea that looks interesting to explore. Booking time slots in your calendar to focus on a single thing is one of the most powerful skills nowadays.

The best audit results come from a close collaboration between devs and auditors. No fluffs, arguing about severity or whether or not a bug should be included in the report. Just genuine technical discussions without ego.

The number of bugs found in your code is a good indicator of the number of bugs left in your code. More auditors should say this when its true:

3 audits completed this month (+1 ongoing) ~1,500 SLOC reviewed in total Findings across the 3 projects: - Critical/High: 9 - Medium: 9 - Low: 19 Clients happy. Security quality: top-tier.

Crypto prices are back up but so are smart contract exploits. Hackers have been waiting patiently to strike and get as much $ as possible. Projects rushed to launch due to FOMO will be a big target. Always consider launching a week later but not cutting time from audits.

When everyone was saying that contests are dead and many people decided to give up: - 13 active contests in parallel - Almost $1M in rewards ($943 500 to be precise) - 1 active CTF with $100k in rewards If you didn't waste your time in the past months it's time to get rich 🤑

Yesterday, July 15th around 4AM UTC, the Arcadia DeFi protocol was exploited in a series of attacks for ~$3.6M. Arcadia users: revoke all Asset managers and asset approvals. Here are more details about the attack itself:

Have you ever installed a VS Code extension without checking the code and its dependencies? Yes - me too. But this can potentially inject malware and drain your funds. Here's how just 2 lines of code compromised a legit extension with 6000 users. reversinglabs.com/blog/malicious…

ArcadiaFi was hacked today for ~$3.5M due to what appears to be an arbitrary call. Such exploits are usually quite complex and often overlooked because of false claims by the devs. e.g. - "Not any address can be passed - we will have whitelisted addresses"

We are pleased to announce: @CDSecurity_ 🤝 @credidotfi Credifi enables unsecured loans using ERC1155s, pegged oracles and EVC vaults - designed for isolation, access control and security. All the best to this amazing team!

Math is involved everywhere in DeFi projects. Often it can look very complex but here is an article that is pure gold and makes it look easy. Understanding such concepts is crucial, especially when it's Uniswap. Study it and it will serve you well. rareskills.io/post/square-an…

One of the biggest mistakes security researchers make - not auditing something because it's too hard and complex. If it's difficult for you, it's difficult for everyone else. Double down on it. You are already ahead of 90% of security researchers by just trying.