Wrapped it in a valve 🫡

Been wanting this to exist for a while, so I built it. ProofOfRep, a reputation board for bug bounty programs and contests. Report your unfair or dishonest experiences, with proof, and I'll manually review everything. Hope it helps SRs focus on projects that actually take security seriously. Still early. Let me know if this sucks or if it's useful. All feedback welcome. proofofrep.xyz/

Update to my roadmap -> We built the practice layer it was missing. training.valvessecurity.com 380 challenges derived from 50,000 real Solodit findings, clustered into 19 vulnerability patterns. Active pattern-recognition training on real code. The gap between reading findings and discovering them is huge. This is built specifically to close it. Still free. Still no fluff.

5/5 Read our @ValvesSec v1.5 audit report here: docs.ezmanager.finance/audit… For more details on the changes: docs.ezmanager.finance More v1.5 changes rolling out in the UI over the next few weeks! Check out the docs and contracts for a sneak peek 👀

We’ve got some exciting things coming to EZManger in the next few weeks with this audit! @ValvesSec has been incredible throughout the process, and we’re happy to trust them to make EZManager as secure as possible.

Someone just made the first donation to our Valves Security Training Hub on Giveth. $18 from an anonymous contributor. It may look small, but honestly this means a lot. We spent countless hours building this because we wanted aspiring auditors to have a free place to train on real vulnerability patterns, not just random CTF puzzles. Just a resource we wish we had when we started. To whoever donated: thank you. And to everyone supporting, sharing, testing, or learning from the hub - you are the reason we keep building this. giveth.io/project/valves-sec…

The goal was never to look like the biggest audit firm. The goal is to be the team founders trust when they want honest, deep, no-BS security work before launch. That’s what we’re building with Valves Security.

We're on a mission to save millions (potentially billions) in exploits over the next 365 days. Big names in the space already trust us with their protocol security. Your codebase deserves the same level of protection🛡️ Book an audit now: valvessecurity.com/audit

Code4rena winding down does not make contest results worthless. But it does change the lesson. For years, contest placement was one of the cleanest public signals that someone could find bugs under pressure. That still matters. But in private audits, the harder skill is different: - Can you explain the issue clearly enough that the team fixes it correctly the first time? A leaderboard proves speed. Client trust proves judgment. You need both.

Not great for just one year... 😤 We should all do much better! At @ValvesSec we’re stepping up. We are going to save millions in exploits over the next 365 days. You should do the same. Let’s secure this whole space together. 🔥

Valves 🤝 EZManager (@EZManagerCL ) EZManager tracks every position lifecycle. From opening and rebalancing to capital changes, compounding, and collections. We are going to ensure their contracts meet the highest security standards 🫡

Can’t focus? Then force it. Talk to yourself like a psycho: “DO IT. NOW! RIGHT FUCKING NOW!” 😤 That’s what helps me snap back when I get distracted. Who else does this? 🔥

Hands-off farming is here! Agent Max automatically opens positions on MaxFi, making it even easier than before. Get ready for the MaxFi seed round next week! #DeFi #AutomatedTrading

The first thing I check in any audit is not the complex math. It is every place the code converts between two units. Shares to assets. Tokens to wei. Seconds to blocks. That boundary between “what the user thinks” and “what the contract stores” is where a lot of serious bugs hide.

"You're saying auditors are better than Opus 4.7 and GPT 5.5?" 🤡 Bro… YES!!! Auditors lead the AI, catch any misses, and actually stand behind the code that holds millions🔥 AI might be better in some casses, but if a non-auditor used it don't call it security...

For the longest time node clients were gatekept and untouched by free AI auditing tools, but that is NO MORE! 🚀💫 Not only is your AI subscription auditing for you, but you can even choose which one! 🤯 More deterministic, more precise. BETTER 🏆 "Plamen" V2 is live 😈🤖

Contests are dead, cantina killed them

The end of an era. Thank you for everything 🙏

The Valves Security Training Hub is now listed on @Giveth A free pattern recognition platform for smart contract auditors. 380 challenges. 19 bug categories. 50K real audit findings. Train pattern recognition on real exploits, not textbook examples. Free forever. 100% goes to the project. giveth.io/project/valves-sec…

Used @pashov's x-ray skill on day 1 of an audit (~8K nSLOC) and it saved me a solid half-day. The kickoff work I usually do by hand on day one: - Threat model - Architecture diagram - Subsystem breakdown - Invariant catalog x-ray produced all of it in one run, with derivations for each inferred invariant. That last part is what I'll keep coming back to. It surfaces invariants the protocol assumes but doesn't actually enforce in code, with citations to where each one breaks. Hit a couple of tooling glitches on macOS (BSD vs GNU grep flag in enumerate.[sh], forge coverage didn't finish in time) but nothing breaking. Will be running it on every audit going forward. Nice work @0xfirefist.

BETA STARTING NOW! Reply to be among the first to get access