I witnessed firsthand how a protocol could live with a live bug (and possibly never catch it) because there's no way to responsibly disclose these issues. In a review with @QuillAudits_AI , an RWA project <redacted> had forked a portion of @DinariGlobal's code but requested we treat it as a black box. (Un)fortunately, I tend to digress when not working with code I'm familiar with -- and stumbled on a sizeable vulnerability in their codebase Thankfully it wasn't exploited before it was patched, but they had ~$3m at risk (which grew to $60m in less than 4 months), big liquidity injection in RWA's this year (and likely for the next few years)💰 While this isn't Yearn-scale, many small drops fill a barrel. Josselin has been talk about the need to beef up internal security -- this awareness is something I expect to grow as well, and this exploit is another example why (ty for your talk with Rajeev and Alex at DSS).

This is coming from a guy that have earned $3.6m in bug bounties: "I don't rest until I understand every part of the system. Even if I end up not finding a bug, I want to understand it." Be CURIOUS guys, don't be a slacker. If you want real success, you have to be obsessed.

🥷🏾

Three years ago, Solana had little to no presence in Africa’s largest crypto economy 🌍 Today, dozens of global ecosystem teams have expanded into Nigeria with our support, hundreds of leading regional products have integrated Solana with our help, and thousands of Nigerians have earned, built products, landed jobs, won hackathons, raised early-stage capital, and found their place in the global Solana ecosystem through this community 💪🏿 And it still feels like we’re just getting started 🥳 Happy 3rd anniversary to everyone building with us 🫡

Had a great time with @SuperteamNG in Edo State today. Happy 3rd anniversary, chads!

You can't miss reading these blogs, if you're a SR/Auditor : - blog.trailofbits.com/ - rareskills.io/blog - openzeppelin.com/research - blog.asymmetric.re/ - trustsec.xyz/blog - blog.sigmaprime.io/ - zellic.io/blog/ - cyfrin.io/blog - osec.io/blog/ - helius.dev/blog?category=res… - mixbytes.io/blog Save it anon, if you're an avid reader

There's blood on the streets...

Found some issues in a client's integration with Morpho this week. Grateful there's a significantly reduced attack surface. We're going to run through another review. Most definitely. 🏆

Devcon 8 tickets are live! The first global ticket wave is open for Ethereum’s next major gathering, rooted in open source, privacy, security, censorship resistance, and capture resistance. Early Bird: $349. ETH only. Limited quantity! Get yours: devcon.org/tickets

Tekedia Capital congratulates Pulse, our portfolio company, on its major partnership with Amazon AWS, where Pulse technologies are now integrated into AWS Bedrock. We consider Pulse one of the most advanced document intelligence platforms in the world, and its exceptional capabilities have enabled it to serve some of the largest banks, insurance companies, and investment funds globally. This partnership with Amazon AWS further validates the strength of the team, the technology, and the growing importance of intelligent document systems in the evolving AI economy. From Amazon press announcement on this partnership: “Unlike traditional monolithic OCR pipelines,Pulse integrates vision language models with classical ML components specifically engineered for document understanding, creating an intelligent solution that extracts structured data with semantic awareness, generates improved supervised fine-tuning datasets for financial domain models, and enables deployment of custom large language models (LLMs) trained on your specific financial data. Pulse is deployed across global enterprises including Samsung, Cloudera, Howard Hughes, and Fortune 500 financial institutions and leading private equity firms processing high volumes of financial and operational documents.” Congratulations Team Pulse for the amazing execution. Win more markets.

Even though DeFi United got to pool nearly 50% of this amount, it doesn't take away the fact that it was lost. We definitely can't continue this way.

We've shot beyond the $290M mark...

Sealed bid auctions Dutch auctions English auctions ...

Most security failures don’t start with unauthorized access anymore. They start with authorized access being abused. → Weak approval flow. → 1/1 DVN → Overpowered admin. Authorized /= safe.