Auditor and bug hunter on Smart contracts. Slow is good.
Joined September 2014
- Tweets 933
- Following 222
- Followers 468
- Likes 4,164
44 Photos and videos
Pinned Tweet
3 Dec 2023
Apparently, the @spillways10 staking contract was hacked, and funds have been draining for the last 200 days. I was approached by a stakeholder to investigate the hack and I happily agreed. A thread:
11
23
89
28,190
Apr 9
One year ago "how-to" was a valuable skill.
Now with Claude code, "how-to" is cheap and has barely any value.
Now, "what-to" is the important skill.
2
137
Jacopod retweeted
13 Dec 2025
Crypto Drainers using React CVE-2025-55182
We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.
All websites should review front-end code for any suspicious assets NOW.
16
69
269
30,915
24 Aug 2025
So well deserved
23 Aug 2025
Crossed $150M TVL today🎉
Honestly so proud of what our team has built at @origami_fi over the past year
>$108M TVL in hOHM (attracting almost 1/3rd of the gOHM supply!)
>$15M in oriBGT (50% of all staked iBGT!)
>$13M in incredibly well-loved @InfraredFinance LP auto-compounders and auto-stakers
>The #1 place for $SKY staking and the best risk-adjusted $USDS yields
>Most hyped Boyco vault attracting $69M USDC
Crazy to think the next 12mos may just be even bigger and better
The paper has been creased
Still early🌱
1
3
337
4 Aug 2025
Here is one of the latest audits I've done, for @iMacroMillions.
The most interesting issue is [C1]. Not because it is critical, but because it is a small edge case magnified to the point of breaking the entire protocol. The team response was great, and they fixed all essential issues.
github.com/JacoboLansac/audi…
See my complete audit portfolio: github.com/JacoboLansac/audi…
1
185
2 Aug 2025
Legendary stats of a legendary engineer. Looking forward to seeing what you do next
31 Jul 2025
After 4.7 years as a security focused smart contract engineer, tomorrow will be my last day at Origin Protocol.
7 products spread out on 5 chains, mid 9-figure TVL, 540 deploys and upgrades, with 0 user funds lost since I started that role. 1/8
3
220
Audits are really expensive, but you already knew that?
Yet you still do nothing to minimize the cost of your audits...
You're throwing money at the problem and hoping it'll magically solve everything...
A lot of elite teams do a simple trick that saves them thousands and it's called "internal reviews".
This is when the developers audit their code. This is not them casually looking around for anything interesting during development - this is a dedicated, structured process they schedule.
Here is how they do it:
Before the actual audit set a reasonable time frame (50% of what the auditors quote you for as the devs already know the code).
During that time only review the code, don't add new logic, don't add new mechanics, only focus on security and reducing complexity/unnecessary code.
This might seem trivial, but will actually save you a ton, especially if your code is littered with bugs.
Here are the benefits:
1. Your reports will look better, as they will have fewer bugs
2. You will catch most simple bugs allowing auditors to focus on the more complex parts
3. Audits will be faster as there will be fewer fixes, allowing you to launch sooner
4. You may only need 1 audit, whereas without this prep you might need multiple
4
8
66
5,587
29 Jul 2025
I wish I had known this audit hack earlier:
Type `ctrl shift <` in VScode to jump between function declarations. It also tells you if it is a view/internal/public/pure function with a small icon.
Note: it requires the Solidity Visual Developer extension by @ConsensysAudits, which is a must anyway.
2
3
39
1,913
22 Jul 2025
Every single article I've read from @RareSkills_io was a good investment of my time. Truly impressive and inspiring. Very rarely we see such high quality/quantity ratio. Very Rare.
22 Jul 2025
The next Uniswap V3 article that comes out is going to blow peoples’ minds.
This isn’t just because the animations are cool, but because what would normally be scary math feels extremely digestible.
This is one thing that makes RareSkills incredible as a publishing company.
We don’t just re-hash existing documentation or tutorials and make them slightly more oriented towards a certain audience.
We re-work the underlying concepts from first principles and discover the best concept-map representation of the subject, then turn it into an article.
When existing derivations aren’t good enough, we don’t make them better. We scrap them and re-derive them ourselves.
1
1
127
19 Jul 2025
This is one of the most frightening attacks I've seen.
To see if your proxy is currently hijacked, paste a tx hash to your contract into @TenderlyApp TX simulator, and see if delegates twice to reach your impl contract (more details in the article).
Legendary work by @deeberiroz for discovering it, and @dedaub & @pcaversaccio for coordinating such a multi protocol mitigation.
dedaub.com/blog/the-cpimp-at…
10
825
18 Jul 2025
This is so true for any aspect of life that compounds. Sports, knowledge, learning a new skill, programming, auditing...
Perhaps we should measure our progress in a log scale
17 Jul 2025
2
196
17 Jul 2025
Business logic errors will be the last category to be automated because of being project-specific.
2
118
15 Jul 2025
Even if you don't implement invariant tests as part of your audits, you MUST think in invariant terms.
Force yourself to think about system properties to be beyond line by line auditing.
2
79
14 Jul 2025
I'm trying @envio_indexer and it is just lightyears better than TheGraph. Blazing fast, super easy to get started, great docs, great local testing framework and great deployment process. RIP TheGraph.
Thanks @PaulRBerg for the recommendation.
6
8
24
1,508
13 Jul 2025
AI won't replace you.
A version of you who knows how to use AI will replace the version who doesn't.
2
150