Joined December 2023
- Tweets 276
- Following 563
- Followers 626
- Likes 2,407
27 Photos and videos
Pinned Tweet
26 Sep 2024
After 488 days of highs & lows on @code4rena, I've finally secured my first win on a C4 contest 🏆
11 out of 15 H/M (including a solo finding) helped me secure the Top Hunter & Gatherer Top QA report.
Now in the all-time Top #100!
Thank you @code4rena and @phi_xyz for this opportunity!
17
6
184
12,539
MrPotatoMagic retweeted
May 21
Happy to share, Cyfrin has wrapped our audit of @0xspiralstake v2, a non-custodial protocol that amplifies yield using flash-loans on @Morpho.
Read the full report 👇
5
28
96
11,977
May 18
Tough to see this happen. The impact C4 had on so many wardens will far outlast the platform itself.
Thank you for building this platform and community. It's been an honor to be part of this journey🐺
May 13
After careful consideration, we’ve made the decision to wind down @code4rena. This community has meant a great deal to everyone who has been part of building it, and sharing this news is not easy.
17
851
MrPotatoMagic retweeted
22 Dec 2025
In 2025, Code4rena Wardens prevented 286 high- and medium-severity vulnerabilities from entering production.
Here’s a look back at what the C4 community accomplished this year!
3
10
60
5,726
MrPotatoMagic retweeted
25 Oct 2025
Creativity is one of the most important traits if you want to become a great auditor.
I did a small training session with two of our auditors on a very small, trivial scope.
It was clear from the beginning that the attack vectors are limited and the task was to find all issues in itself and incorporate creativity to find very hidden issues.
If you do something like that regularly, I believe you will level up quickly.
4
3
47
3,856
MrPotatoMagic retweeted
20 Oct 2025
Shout out @MrPotatoMagic & myself great result on this challenging cross-chain TradFi auditing finding:
* 4 Med
* 4 Low
* 15 Info & 9 Gas
This audit was quite challenging because we were auditing a TradFi protocol's Solidity integration between Wormhole & Circle CCTPv2, at a time when:
* Wormhole's official documentation and Solidity code examples were all related to CCTPv1 integration
* Wormhole's publicly available off-chain code only integrated with CCTPv1
So based on the publicly available information at the time, it was extremely difficult to verify the correctness of the proposed implementation - we couldn't see how the Solidity Wormhole <-> CCTPv2 integration should look nor the off-chain code that would process the emitted events then call the CCTPv2 API.
We overcame these limitations by:
* reaching out to our contacts to get some draft unpublished integration specs
* simplified the client's protocol while keeping the same core integration logic, wrote some Foundry scripts to deploy & test our simplified contracts then successfully performed live end-to-end integration testing
In the end we were able to find some nice edge-case bugs delivering good value to the client under challenging circumstances!
4
1
43
2,327
MrPotatoMagic retweeted
10 Sep 2025
Our quotes are always 100% exact and fair.
We never try to overcharge our clients. But 6 months ago, we had 2 cases where our teams completed audits earlier than estimated. We informed the partners ourselves and sent partial refunds back, several thousand dollars each. They were stunned by the honesty.
BailSec stands for: 100% transparency, quality, and trust in Web3.
@CryptoAlgebra
@lista_dao
21
8
83
35,354
MrPotatoMagic retweeted
17 Jun 2025
Code4rena will run audit contests for free, as public goods.
100% of funds from sponsors will go directly to auditors and judges. We won't take any cut.
Why?
1. Competitions are commodities.
They're CRUD apps. Why should builders pay premium for a website just to submit bugs? Especially smaller teams without VC funding.
2. Everyone deserves competitions.
We tell all our clients to get a competition after their audit. That's because competitions simulate real world conditions, where there's thousands of eyes on a protocol. We want to make competitions as affordable as possible so everyone can get one.
3. It benefits our wardens.
In 2021, we invented the competition format. We're still the platform with the largest auditor pool (10,000 registered). Not only should builders have access to the best security talent, we believe auditors should have opportunities to work with great projects. Opening up our platform benefits our wardens.
How will you afford this?
Zellic is a profitable business. We make money doing traditional private audits through Zellic and Zenith. This benefits us because: (1) our clients are more secure after they run contests, and (2) Code4rena is a talent pipeline for Zenith.
Will you stop maintaining the platform?
Of course not. Since we acquired Code4rena, we've shipped several features and have several more already underway. C4 has a dedicated dev team that we're fully committed to.
Besides, many of our clients at Zellic use C4. We're incentivized to make sure the platform works well. It's just that now we're allowing everyone to benefit from our investments in Code4rena.
In conclusion:
Run a contest on Code4rena! We won't take a cut, your prizes will go directly to wardens and judges.
For full details, check out our blog post here: zellic.io/blog/code4rena-fre…
96
126
766
205,871
MrPotatoMagic retweeted
21 Mar 2025
To demonstrate @burraSec's expertise, we’re offering a free full-day security review/consultation for projects integrating with LayerZero or Arbitrum—whether you’re already deployed or still in development.
We’ll thoroughly review:
LayerZero: Configuration (DVNs, Executor, and overall integration), functionality (LzRead, OFTs, vanilla OApps, and more).
Arbitrum: Native bridge or token bridge integrations, use of retryable tickets, or custom Orbit chains (e.g., custom gas tokens, USDC bridge standard).
DM me to schedule your review!
20 Mar 2025
💡I’ve been asked numerous times to provide a checklist for auditing a LayerZero integration.
⚡️You asked, so here it is: github.com/windhustler/Inter…
🧠 I’ve dumped everything I could think of that can go wrong and more.
@g_vladika spent years building and breaking the core Arbitrum protocol and he’s contributed to the Arbitrum checklist.
CCIP checklist is still WIP.
I want this to become the go-to place while auditing protocols with cross-chain components.
We’re going to be adding Axelar, Wormhole, Stargate, LiFi, Across, and more.
If you’ve been auditing cross-chain protocols and found quirks or integration bugs, reach out or contribute via PR.
⭐️ If you find the checklist useful, I’d appreciate a retweet and star on GitHub to raise awareness.
4
130
198
61,383
MrPotatoMagic retweeted
4 Mar 2025
The results of the $35,000 IQ AI competitive audit are in!
Big congrats to everyone who submitted valid findings, especially to potatoad-sec (@MrPotatoMagic & @TrainTestToad) for their first audit and win as a team!
Much respect to @IQAICOM for their unwavering commitment to the highest security outcomes.
Full list of winners in thread 👇
3
3
27
3,093
2 Mar 2025
Just two @certora SRs dominating a C4 contest🔥
Glad to be sharing the podium with my fellow SR @0xGreed_
Right after joining @certora I wanted to prove myself I was able to reach top 5 in a contest on @code4rena
Goal has been reached on @IQAICOM competition where I ranked 3rd🥉
I got even more stoked about it after seeing my colleague @MrPotatoMagic on 1st place!
Feels amazing!
1
27
1,884
2 Mar 2025
Ranked #1 on my first contest of 2025🏆
Teamed up with my long ol' rival @TrainTestToad to uncover some interesting findings & attack vectors.
This was also my first time competing in a contest as a team, so extremely glad with what we could learn and achieve.
Thank you @code4rena @IQAICOM for the opportunity!
8
4
64
3,495
24 Jan 2025
23 Jan 2025
Introducing Zenith: an auditing firm that delivers good, affordable audits ASAP.
Teams want to ship this week, not next month. And without critical bugs.
We pick a team of top auditors and manage the audit. It's hassle-free.
No more waiting: we can start at a moment's notice.
2
12
949
23 Jan 2025
Took part in this engagement a few weeks ago. Small codebase but some interesting findings in there.
Make sure to check out [M-02] - Sometimes going the extra mile to check the scripts can uncover some critical deployment oversights.
23 Jan 2025
New security audit report published for a fundraising service codebase.
Tiny code size, not too many attack vectors, we did find a few small things. All important issues resolved🫡
Read the report below👇
github.com/pashov/audits/blo…
6
467
23 Jan 2025
I have been working with the team at @zenith256 and can confirm that this cannot be more accurate.
All of the top auditors in one place, providing high coverage and quality audits. Cannot wait to see their growth in 2025🚀
23 Jan 2025
Introducing Zenith: an auditing firm that delivers good, affordable audits ASAP.
Teams want to ship this week, not next month. And without critical bugs.
We pick a team of top auditors and manage the audit. It's hassle-free.
No more waiting: we can start at a moment's notice.
1
10
1,044
16 Jan 2025
Happy to announce that I'll be joining @certora as a Security Researcher🎉
Over the past two years, I have focused primarily on competing in contests and conducting private reviews with some of the best people/teams in this space.
Having the opportunity to work alongside the dedicated and talented security research team at Certora is a no-brainer. Excited to start this new journey as I continue levelling up my security research game🚀
23
1
137
5,231
18 Dec 2024
Huge props to @xb0g0 for curating this masterpiece🔥
Just actively reading and implementing the alpha shared by one top auditor is enough to lead you in the right direction🎯
Grateful to have been a part of this!
💣 The MOTHER of ALL ALPHA is here. I officially present to you:
THE ART OF AUDITING
web3-sec.gitbook.io/art-of-a…
The first community-driven resource that consolidates thousands of hours of expertise from the sharpest minds in the industry.
I have spent the past 3 months scraping the leaderboards, collecting wisdom from some of the best in the game.
After nearly 80 DMs and countless inspiring conversations, the final product is here for everyone to explore and benefit from.
🔥 What’s inside?
Lessons from 52 top-performing, highly-respected auditors, including:
- Multi-million-dollar bounty hunters
- Multiple competition winners
- Leaders at the top of all-time rankings
📗 KNOWLEDGE THAT IS EVERLASTING
Over 2,500 years ago, Sun Tzu wrote The Art of War, and its lessons remain timeless.
Inspired by that legacy, we created The Art of Auditing - a resource designed to capture knowledge that stands the test of time.
Platforms will evolve, judging criteria will shift, and bugs will come and go—but the core principles outlined here will always hold true.
🧠 REAL VALUE FOR EVERYONE
The Art Of Auditing has the specific goal to deliver ALPHA and INSPIRATION to EVERYONE, even the TOP-tier auditors.That’s why every contributor is a proven expert with a stellar track record.
🛠️ NEVER ENDING PROJECT
I thought I could reach all the great auditors out there in one go, but it turned out there are too MANY of them and I am just ONE guy.
I'm not sure if I even covered 50%🤯
There’s still an immense wealth of knowledge waiting to be added to this project.
Every experienced auditor with achievements is INVITED to contribute to this collective knowledge base at ANY TIME.
💪 CREDITS
All credit and recognition go to the 52 incredible auditors who made this resource a reality.
Each of them committed to contributing and each of them DID. Despite this being one of the busiest periods in the industry, they gave their most precious resource - their time.
Having experienced it firsthand, I can confidently say that each one of them has extreme integrity and a deep sense of responsibility. If you plan to work with any of them, rest assured:
🫡 These auditors DELIVER
I'm tagging all the great names below👇
1
13
727
14 Dec 2024
As the year comes to an end, here are my C4 stats compared to last year📈
2023 🆚 2024 @code4rena
9
3
66
4,516