Preetam | QuillAudits 🥷🏄
@raopreetam_
Co-founder @QuillAudits_AI | 7+ yrs, 1400+ clients secured | Core Contributor @Wach_AI | Building AI Adversaries @QuillAI_Network
Every major protocol that's been exploited had security measures in place. Compound, Cream, Poly Network, Ronin, all had audits, some had bounties. The exploits still happened. Your incident response plan should cover: 1⃣ Detection & Triage (First 10 minutes) • Automated…
You should always have an incident response plan. Even if you did multiple audits and have a running bug bounty program. It's not a guarantee that there are no bugs in your code. Hopefully, you never have to rely on it. But you should have a plan.
Web3 gaming is solving problems that don't exist - Players don't actually want to "own" their in-game assets or deal with wallet complexity. They want fun games that goes a long way without confirming each step in a game as a separate on-chain TX.
This is the reality check the industry needs to hear. Everyone wants to be the next samczsun or find the million-dollar bug bounty, but they're not willing to spend 3 years grinding through Solidity assembly and reading white papers at 2 AM. 1⃣ The brutal math of Web3 security:…
No shortcuts. No easy money. No overnight success. You want to win in Web3 security? Hustle. Grind. Stay in the game.
Hot take: Most re-entrancy guards are implemented incorrectly. The CEI pattern isn't magic.
The difference this makes: Before: "I know re-entrancy is bad, I should use nonReentrant modifier". After: "This function calls external contracts after state updates, and even though it looks safe, the callback could manipulate our invariant through this other function path".…
"I don’t know where to find good practice.” 🔥 Try CTFs (Capture The Flag) 🔥 Analyze real exploits 🔥 Join audit contests Still lost? The Smart Contract Hacking Course walks you through the fundamentals and actual vulnerabilities being exploited in the wild.
Most devs following this still write vulnerable code. Here's what to add: 1⃣ After CryptoZombies, before Cyfrin: • Read actual exploit post-mortems (Rekt.news, @immunefi write-ups). • Study the DAO hack line-by-line and understand how the attack worked. •…
resources to become a smart contract dev do cryptozombies cyfrin updraft read mastering ethereum read great protocols owen thurn's yt master foundry read audit reports deploy something real pay for a small audit uttams's yt build a dune dashboard set up tenderly alarms jorwdan…
Wallets aren't just tools - they’re the front doors to Web3! How can crypto wallets evolve to meet the needs of the next generation of users? Daniel Maddern and WanKyu Kim, guided by moderator @raopreetam_, will dig into the balance between UX, security, and scalability at GM…
⏳ Final push next week. Our lawyers and experts are working around the clock — we’ve forgotten what normal sleep feels like. Every hour counts, and so do the costs. If you believe in fairness, open-source, and freedom, please help us finish strong. 🙏 👉…
1/ 📢 @QuillAudits_AI breaks down how social engineering wiped out $340M+ from Bitcoin, Ethereum & Solana in H1 2025 – a must-read for anyone building or using protocols. x.com/QuillAudits_AI…
Social Engineering is the silent killer in Web3. In H1 2025 alone, $340M+ was lost in just 3 major incidents impacting Bitcoin, Ethereum & Solana. If you’re a dev, founder, or power user, this thread might save you 🧵👇
Join us today at 5 PM GST as @BigWProtocol hosts an exclusive AMA with @QuillAI_Network - the pioneers of AGI-grade security for Web3 & AI systems. We'll explore: Sustainability meets AI Building trust in the open agentic web Swarming adversarial AI & decentralized defense…
Nobody opens their phone and thinks "wow, I'm using TCP/IP protocols and cellular radio waves." They just text their friends. Same energy. The abstraction hierarchy that wins: • Layer 1: Crypto natives → "Check out this sick yield farming strategy on Arbitrum" • Layer 2:…
the best crypto apps won't say "crypto" they'll say: - send money instantly, anywhere - earn 5% on your savings - own your digital purchases forever - control your online identity and normies won’t even know it’s onchain
The hard truth about crypto's institutional adoption that no one talks about: BlackRock managing Bitcoin ETFs means Wall Street won. We wanted to bank the unbanked; instead, we made new products for people who were already over-banked. And now various L1s and DeFi protocols…
This is the golden rule that 90% of developers ignore because it doesn't feel "innovative" enough. "Why use OpenZeppelin's basic implementation when I can write a more 'optimized' version?" 1⃣ The psychology behind complexity addiction: • Junior devs think complex = smart. •…
One of the most overlooked principles when writing smart contracts - Keep it simple! Complex systems fail in complex ways. Use existing audited and battle-tested libraries, don't overcomplicate functions, and minimize the size of the contracts. This can save you millions.
Everyone’s talking agentic era… But only a few are building the rails it’ll run on. At @QuillAI_Network, we believe on-chain AI agents won’t just automate, They’ll negotiate, verify, and govern entire economies. Honored to speak today with the sharpest minds: @cyberboyIndia…
Agentic era and deAI are taking over your TL - WE KNOWW 👀 But do you know what all is possible for you in the era of AI agents? Time to find out with @okto_web3 @BasedIndia @HeyElsaAI @CredShields @QuillAI_Network Meet our powerhouse lineup: @cyberboyIndia @bigrkg @kunalvg…
Access Control is still the #1 cause of losses in Web3. In H1 2025 alone, it wiped out $1.6B+ that’s 70% of all funds lost. Protocols hit @Bybit_Official , @KiloEx_perp & more. If you're a dev or founder, this one’s for you 🧵👇
Crypto security after 2021 be like: LinkedIn post: "Excited to announce our comprehensive security framework..." Same person on CT: "lmao another protocol got rekt by basic re-entrancy."
NFTs solved the wrong problem. The art was never the point. NFTs proved we could have programmable, composable digital ownership. Instead of building the infrastructure for the metaverse, we sold overpriced JPEGs to greater fools. The technology is revolutionary; the use case…
The company with the most distribution will win simply because distribution means more users and more paid users, apparently. That's why @perplexity_ai partnered with Airtel, a leading telecom provider in India to giveaway free Perplexity Pro subscriptions worth $200/year, which…
LLMs are hitting ceilings and commoditizing each other. Smart companies stopped playing the specs game months ago. They focused on distribution, partnerships, and solving real problems instead of benchmarking. Business strategy wins again.
This is why manual code review is irreplaceable, even with all the static analysis tools available. The classic example is the DAO hack. The code did exactly what it was written to do. The re-entrancy wasn't a compiler bug or a language flaw, it was a logical oversight about…
Most of the critical bugs in smart contracts aren't technical but logical. Even devs are not fully aware of all the logical risks related to each concept. So don't be biased and trust the natspec and docs. Look at the code. Code never lies.
Courses can teach you Solidity syntax, common patterns, and well-known vulnerabilities like reentrancy attacks or integer overflows. But they often can't capture the nuanced thinking required to anticipate novel attack vectors, understand the complex interactions between…
Writing safe smart contracts is something you can't learn in a course