Filter
Exclude
Time range
-
Near
HallenjayArt
dAy 12 Of mY wEb3 sEcUrItY jOuRnEy Today's lesson challenged one of the biggest misconceptions I had about smart contract audits. What happens if a protocol gets hacked after it has already been audited? Does that automatically mean the auditor failed? The answer is more complicated than I expected. An audit is not a guarantee that a protocol is free from vulnerabilities. It's a security review based on the code, assumptions, and information available at a specific point in time. No audit can promise that every possible vulnerability has been found. One idea that really stood out to me came from security researcher Tincho: An auditor's value isn't measured only by the number of bugs they find. Their real value is helping make a protocol more secure. That includes identifying risks, recommending improvements, sharing best practices, and helping teams build stronger security processes. Another important lesson I learned is that security failures rarely happen because of one person or one mistake. Successful exploits are usually the result of multiple failures happening together. A vulnerability may have been missed during development. Testing may not have covered a specific edge case. Monitoring may have been insufficient. An audit may not have identified every issue. The exploit itself may have gone unnoticed for hours or even days. Security is a chain, and attackers only need one weak link. Something else I found inspiring is the role of an auditor after a breach. A great auditor doesn't disappear once the report has been delivered. If a protocol they've reviewed is attacked, they can still help investigate the incident, analyze the exploit, reduce further damage, and support the development team during recovery. That mindset really changed how I see auditing. It's not just about delivering a PDF report. It's about becoming a trusted security partner. Today's lesson also reminded me that security is never "finished." Even after development, testing, audits, and deployment, protocols must continue improving as new threats emerge. Every exploit teaches the community something new. Every incident pushes security practices forward. Today's takeaway: The goal of an auditor isn't to prove a protocol is unhackable. The goal is to make it significantly harder to attack and to help teams build stronger, more resilient systems. Security isn't about perfection. It's about continuous improvement. On to Day 13. #Web3Security #SmartContracts #BlockchainSecurity #Solidity #SecurityAudit #CyberSecurity #LearningInPublic
dAy 11 of mY wEb3 sEcUrItY jOuRnEy Today's lesson taught me something that every smart contract developer needs to hear: Passing an audit doesn't automatically mean your protocol is ready to launch. In fact, before requesting an audit, you should first ask yourself a more important question: "Is my protocol even audit-ready?" I learned about two valuable resources that help answer this question: • The Rekt Test by Trail of Bits • The Nascent Audit Readiness Checklist These aren't vulnerability scanners. They're frameworks that help teams evaluate whether they've done enough preparation before inviting auditors to review their code. One thing that stood out to me is that security isn't just about writing secure smart contracts. It's also about having the right processes in place. Some of the questions every project should be able to answer include: • Are all roles and permissions documented? • Have we documented how our protocol interacts with external services and oracles? • Do we have an incident response plan if something goes wrong? • Have we identified the best ways an attacker might exploit our system? • Are critical keys properly secured? • Do we test important protocol invariants continuously? • Do we plan to run bug bounty programs after deployment? These questions go beyond Solidity. They're about operational security. Another lesson I found valuable is that security should have ownership. Every serious protocol should have someone whose responsibility is security. When everyone owns security, sometimes no one truly owns it. Having a dedicated person or team helps ensure that security remains a priority throughout the project's lifecycle. I also realized that deployment isn't the end of a protocol's journey. After launch, projects still need: • Monitoring • Bug bounty programs • Disaster recovery plans • Ongoing maintenance • Continuous security reviews Security doesn't stop when the contract goes live. If anything, that's when the real work begins. Today's biggest takeaway: An audit is not a destination. It's one checkpoint in a much larger security journey. Building secure Web3 applications requires preparation before deployment and continuous vigilance after deployment. The strongest protocols don't just react to attacks. They prepare for them long before they happen. On to Day 12. #Web3Security #SmartContracts #BlockchainSecurity #Solidity #Audit #CyberSecurity #LearningInPublic
2
107
pardaphaas
# ग्रेटर नोएडा की हाई-प्रोफाइल सोसाइटी में सुरक्षा फेल: 24 घंटे में दो बड़ी वारदातों से दहशत, बंदूक की नोक पर चेन स्नैचिंग और डेढ़ लाख की चोरी ने खोली व्यवस्था की पोल pardaphaas.com/security-brea… #GreaterNoida #ParamountGolfForeste #BreakingNews #CrimeNews #SecurityBreach #ChainSnatching #Theft #ResidentialSociety #GatedCommunity #UPNews #NoidaNews #LawAndOrder #ResidentSafety #AOA #JLL #SecurityAudit #PoliceInvestigation #RaftaarToday #IndiaNews #CrimeAlert @noidapolice @CP_Noida Written by VikasTripathi
38
VishweshwarVr
🎯 Day 27 of My Web3 Security & Auditing Journey ⏳ Hours worked: 4 hours 🔍 Focus: Learning — Flash Loans Today I learned how Flash Loans actually work through @RareSkills_io — and it completely changed how I think about them. No collateral required — but there's a catch. The loan must be borrowed and repaid within the same transaction. If repayment fails, the entire transaction reverts as if it never happened. And they can only be used through smart contracts, not directly from an EOA wallet. Real world use cases I explored today: - Arbitrage between DEXs - Refinancing loans to lower interest rates -Swapping collateral without using your own funds The biggest takeaway: Flash loans themselves aren't dangerous — the real risk comes from bugs in the protocols that integrate them. That's what makes understanding them so important from an auditing perspective. #Web3 #SmartContractAudit #SecurityAudit #LearningInPublic
14
RealBjorkanism
Replying to @github
Custom agents in GitHub Copilot CLI look really promising! Being able to define roles, tools, and guardrails in Markdown should make AI workflows more consistent and reliable for things like security audits and incident response. #GitHubCopilot #CustomAgents #CopilotCLI #AIAgents #DevTools #SecurityAudit #IncidentResponse #Markdown #DeveloperTools #AIWorkflows
40
VishweshwarVr
🎯 Day 26 of My Web3 Security & Auditing Journey ⏳ Hours worked: 4 hours 🔍 Focus: Learning — ERC-4626 Tokenized Vault Standard 💡 Today I went deep into ERC-4626 — the tokenized vault standard that powers most yield-bearing protocols in DeFi. Studied this through @RareSkills_io it was one of the clearest breakdowns I've come across. The core idea is simple but elegant: you deposit assets, receive shares in return, and as the vault earns yield, your shares appreciate in value rather than more shares being minted. Redeem those shares later and you walk away with more assets than you put in. Key functions I explored today: - asset() and totalAssets() — the foundation of vault accounting - deposit() vs mint() — two ways in, different inputs - withdraw() vs redeem() — two ways out, different guarantees - convertToShares() and convertToAssets() — ideal mathematical conversions - previewDeposit() and previewMint() — simulate before you execute - The difference between ideal conversions and actual transaction previews — a subtle but critical distinction This is the kind of standard that shows up everywhere once you start looking. Glad I finally went deep on it. #Web3 #SmartContractAudit #SecurityAudit
1
18
petefinnigan
"PFCLScan - Security scanner for The Oracle Database" We are here to help you secure your data in your Oracle database. Contact us - petefinnigan.com/contact.htm #oracleace #oracle #data #security #plsql #securecode #securityaudit Please like, follow and share our pages and posts.
2
135
VishweshwarVr
🎯 Day 25 of My Web3 Security & Auditing Journey ⏳ Hours worked: 4 hours 🔍 Focus: Auditing & Learning Another finding triaged. That's two in the same audit contest. ✅ This one was different though. It wasn't straightforward — there were moments where the finding looked invalid, edge cases that needed to be ruled out one by one, and possibilities that had to be explored from every angle before the picture became clear. I used AI to speed up the process — and it made a real difference. From quickly mapping execution flows, stress testing assumptions, cross-referencing logic across multiple functions, to challenging every counterargument before submission. AI doesn't find the bug for you — but it sharpens your thinking and cuts down the time it takes to validate one. Two findings. One contest. Still going. #Web3 #SmartContractAudit #SecurityAudit #HackenProof
1
3
36
SanatanPrabhat
🚨 #SanatanPrabhatExclusive: Scrapped vehicles under scrutiny as Maharashtra Vidhan Bhavan undergoes a comprehensive 'Security Audit'! Action to be taken soon in coordination with Traffic Police. Annual security assessments by State Intelligence & Police to ensure VVIP locations remain secure. @Prof_RamShinde @rahulnarwekar @Devendra_Office @CPMumbaiPolice @pritamppn1985 #Maharashtra #SecurityAudit #MonsoonSession2026 #VidhanBhavan
Can Mumbai ever turn into Singapore? 🤔 Judging by these pictures, the answer is a resounding NEVER. There are at least 15 abandoned vehicles sitting right in the Vidhan Bhavan parking lot! Jai Maharashtra Read this report by our special correspondent @pritamppn1985 : sanatanprabhat.org/english/1…
10
13
562
browsertotal
📊 Permission Statistics That Matter: • 203 high-risk extensions identified • Average risk score: 33/100 • 748 classified as low-risk Most overreaching: Mino: Automatic Coupons & with 4 permissions Lea... #BrowserPermissions #DataPrivacy #SecurityAudit
8
VishweshwarVr
🎯 Day 24 of My Web3 Security & Auditing Journey ⏳ Hours worked: 3 hours 🔍 Focus: Auditing Still going deeper — learning new things with every path explored. The more you dig, the more the protocol reveals itself. #Web3 #SmartContractAudit #SecurityAudit
2
12
browsertotal
⚡ AppSource Security Spotlight • 15 apps analyzed • Microsoft review process applies • Review app permissions Most concerning: Apps may have broad organizational access See full AppSource report #AppSource #SecurityAudit #Developers
1
11
cynical_sec
Most companies test once a year. Threats don't wait that long. Cynical Technology delivers ongoing security monitoring so you're never caught off guard. #CynicalTechnology #CyberSecurity #ContinuousMonitoring #ThreatDetection #SecurityAudit #InfoSec #NepalTech #SecurityFirst
19
browsertotal
🔍 Permission Deep Dive: Browser Extensions Extensions 19% request these invasive permissions: • Broad data access: 220 extensions • Elevated privileges: 180 • Standard access: 777 Permission review is ... #BrowserPermissions #DataPrivacy #SecurityAudit
2
AganLLC
🔍 Internal audits improve security from within, while third-party audits provide independent validation. Learn why both matter. aganllc.com/blog/internal-se… 📞 971547593089 #SecurityAudit #CyberSecurity #Compliance
1
10
VishweshwarVr
🎯 Day 23 of My Web3 Security & Auditing Journey ⏳ Hours worked: 3 hours 🔍 Focus: Auditing Continued exploring new execution paths and going deeper into the protocol's logic. Every path traced is progress — whether it leads to a finding or not. #Web3 #SmartContractAudit #SecurityAudit
2
14
tv13gujarati
મુંબઈ લોકલ ટ્રેનમાં વધતી ગુનાખોરી પર રોક: 150 રેલવે સ્ટેશનોનું થશે હાઈટેક સુરક્ષા ઓડિટ tv13gujarati.com/news/to-cur… #TrainTravel #MumbaiPolice #PublicSafety #SecurityAudit #RailSafety #MumbaiLocal
1
270
VishweshwarVr
🎯 Day 22 of My Web3 Security & Auditing Journey A small but big milestone today — my first report in one of the audit competitions I'm participating in just got triaged. ✅ Getting here wasn't just about reading the code line by line. I cross-referenced previous audit reports, dug through git commit history, and pieced together the "why" behind the protocol's design before I could see what didn't fit. Shoutout to @kalyan__tr — the reason I got into auditing in the first place. 🙌 #Web3 #SmartContractAudit #SecurityAudit
1
2
49
7aSecurity
📢 New 7ASecurity public #securityaudit report 🔐 KEDA audited by 7ASecurity through a whitebox security assessment 7asecurity.com/blog/2026/06/… 💬 Feedback welcome as always, props to @OSTIF & @CloudNativeFdn #CyberSecurity #OpenSource #InfoSec
3
183