Smart Contract Developer | I Build Security-First DeFi Protocols & Open-Source Smart Contract Frameworks | Open Source @ github.com/BuildsWithKing π
Joined August 2024
- Tweets 1,051
- Following 104
- Followers 121
- Likes 2,192
82 Photos and videos
Pinned Tweet
π Want to learn Solidity step by step?
You can literally build along with me, Michealking.
Check out my 30 Days Solidity Challenge repo:
π github.com/BuildsWithKing/30β¦
Already learning on @CyfrinUpdraft?
This repo is the perfect place to practice next and sharpen your skills.
4
1
19
1,586
Argus thought like an attacker⦠and it changed how I see my own code.
While learning from @PatrickAlphaC @CyfrinUpdraft course, I built a raffle contract. Solid, tested, and working as expected β or so I thought.
Then I ran Argus on it.
7
1
3
72
Full report:
argusaudit.xyz/report/f08233β¦
Still building. Still refining. Still pushing Argus to think deeper.
1
35
Thatβs the kind of issue you donβt catch by just βtesting functionality.β
You catch it by thinking like an attacker.
β
This is exactly what Iβm building Argus to do:
Not just analyze code⦠but reason about how it can fail in the real world.
1
29
This attack only requires the malicious contract to win. With a small number of players, the odds are far from negligible. And hereβs the twist:
π This doesnβt even require a malicious actor.
π Any contract without a payable fallback can unintentionally brick the system.
1
24
4. The ETH transfer fails β the entire transaction reverts.
5. The raffle gets stuck in the CALCULATING state⦠permanently.
No winners.
No refunds.
All funds locked.
Even worse β this isnβt purely theoretical.
1
32
Attack Scenario
1. An attacker deploys a malicious contract with no "receive()" function (or one that reverts).
2. That contract enters the raffle like any normal user.
3. When a winner is picked via Chainlink VRF, the malicious contract gets selected.
1
25
Instead of just scanning for obvious bugs, Argus approached the contract like an adversary. It didnβt stop at βdoes this work?β β it asked, βhow can this break?β
And what it found was subtle⦠but dangerous.
1
30
1 today.
365 days ago, I chose a hard path β programming.
Tired? I showed up.
Sick? I showed up.
Broke? I cried⦠then showed up.
This year broke me and built me at the same time.
Iβm still going.
Iβm still building.
I am a King. I am limitless.
Happy Birthday to me.
2
4
102
Argus caught a Critical vulnerability pattern in Compound Finance's codebase
I'll start by apologizing for announcing Argus v1.0.0
last week before it was ready. That was premature.
Today I'm announcing Argus v0.6.0-beta β live at
argusaudit.xyz
1
1
64
I'm looking for auditors to stress-test it. Run Argus
alongside your security research, bug bounties, and
audits β then tell me what it misses.
Static analysis: free and unlimited
Deep Analysis: AI exploit construction
Still in beta. Still improving. But it's real.
1
1
54
argusaudit.xyz
#web3security #smartcontracts #buildinpublic #defiArgus caught a Critical vulnerability pattern in Compound Finance's codebase"
2
43
Argus v1.0.0 β The all-seeing smart contract auditor
After building KingUSD, I wanted an extra set of eyes on my code.
Not just for developers β for everyone.
So I built Argus. Paste a GitHub repo or contract address and get three simultaneous reports:
1
1
2
67
β Found a HIGH severity liquidation bug in my own stablecoin KingUSD β liquidators could receive no profit during rapid price drops, leaving the protocol with bad debt.
Screenshots attached.
Still under active development and building in public
3
1
23
By using Argus you agree that any misuse is entirely your own liability. Argus and its creator accept no responsibility for damages arising from use or misuse of this tool.
argus-audit.vercel.app/
21
Users are solely responsible for how they use information provided by Argus. The tool must not be used to exploit, attack, or harm any protocol, project, or individual.
19
Argus is a security research and education tool. Reports are generated by AI and may contain errors or omissions. Argus does not facilitate attacks on any protocol β it analyzes publicly available source code only.
1
39
Shipped KingUSD: Overcollateralized stablecoin with 99% test coverage.
Built a dollar-pegged stablecoin protocol maintaining 200% minimum collateralization through algorithmic health factor monitoring.
3
1
41
Contracts (Sepolia):
KUSDEngine: sepolia.etherscan.io/addressβ¦
KingUSD Token: sepolia.etherscan.io/addressβ¦
Open source: github.com/BuildsWithKing/kiβ¦
Looking for protocol reviews or audit opportunities. DM open.
#Solidity #DeFi #SmartContracts #BuildInPublic
4
58