Proud to contribute to @ReliqFi security 🛡️ Thanks @HackenProof for organizing! 🚀

How to be a good auditor: 1. Stare at boring code for 8 hours and not find anything (because there are no bugs) 2. Do it tomorrow too (because there might be 1)

If you are in your 20s now is the time to take risk. No kids, no obligations, nothing to loose

Another audit done for @robinmarketsxyz! Sharp team, fast to ship fixes, and they take security seriously.

Results are in for @monetrix_xyz on @code4rena. 🥉 3rd place QA 5th place overall The manual max AI experiment paid off. Huge thanks to the people behind the tools: Plamen by @p_tsanev solidity-auditor by @PashovAuditGrp x-ray by @PashovAuditGrp @0xFireFist Also looks like this is my last win on @code4rena. Still hard to believe the platform is going away. Mentorship with @bichistriver @PashovAuditGrp

I built an extension for smart contract audits to visualize function call flows. open-vsx.org/extension/ancha… I encourage you to check it out because I believe this extension can significantly help with smart contract auditing and save a huge amount of time. If you have any comments, find any errors, or have ideas for improvements, feel free to reach out to me. Check the video below to understand what this extension does. I hope it helps you find vulnerabilities in smart contracts and makes DeFi and Web3 more secure. I’d really appreciate your feedback and a retweet!

If you can stare at boring code for 8 hours and not find anything (because there are no bugs), and you do it tomorrow too (because there might be 1), then you are just for this role.

Valves 🤝 EZManager (@EZManagerCL ) EZManager tracks every position lifecycle. From opening and rebalancing to capital changes, compounding, and collections. We are going to ensure their contracts meet the highest security standards 🫡

Very sad news. The closure of @code4rena reflects the current state of the Web3 security industry: almost no public contests, an ongoing crisis, a bear market, widespread use of LLMs by blackhats and daily hacks. Any industry needs new talent in order to grow and expand. Without public contests, it will become nearly impossible for newcomers to grow professionally and participate in protecting DeFi. This would lead to the degradation of the entire Web3 security industry - and DeFi as a whole - ultimately affecting the speed of adoption and trust in blockchain technology. Everyone knows how much C4 meant to Web3 security and how many professional auditors grew through public contests. It’s hard to overestimate C4’s contribution to Web3 security. Thank you for everything, @code4rena

The Valves Security Training Hub is now listed on @Giveth A free pattern recognition platform for smart contract auditors. 380 challenges. 19 bug categories. 50K real audit findings. Train pattern recognition on real exploits, not textbook examples. Free forever. 100% goes to the project. giveth.io/project/valves-sec…

Protocols, pay attention. 👀 If you need a private audit, these guys are one of the best teams in the space. ⚔️ They just took 1st place for a reason. 🏆

First contest on @cantinaxyz, and I finished 4th in the @revertfinance competition. Ended up with 1 Medium 2 Info. On to the next one. We keep hunting. Mentorship with @bichistriver @PashovAuditGrp

Final update: (over 20 findings (but all in QA)) I’m still researching this seriously and trying to push as many useful AI tools as possible through one real audit of @MonetrixFinance on @code4rena. 🤔 1. Token usage I spent more than 170 million tokens on Plamen, using Opus and GPT-5.5. 2. Manual analysis I also completed the full manual analysis of the protocol. 3. Findings and QA Because I could only submit 2 vulnerabilities, I decided to move most of the additional issues I found during the audit into a QA report. The good news is that the QA report received Grade A, so there is still a real chance it can place in the top 3. code4rena.com/audits/2026-04… 4. Posting delay I wasn’t able to post earlier because I was also handling 2 parallel audits on Cantina. I’ll share those results in a separate post. 5. Final takeaway AI-assisted auditing is already a reality. If you want to move faster in bug hunting, these tools matter. During this experiment I managed to use three of the most popular tools: Plamen, solidity-auditor, and x-ray. I’m sure there are still many useful tools I haven’t tested yet. But the most important result for me is that I clarified a few key ideas for the AI auditing tool I’ve been building for a long time. Thanks. I hope there will be more contests soon so I can test it again. Mentorship with @bichistriver @PashovAuditGrp

Day 3 update: I’m still researching this seriously and trying to push as many useful AI tools as possible through one real audit of @MonetrixFinance on @code4rena. 🤔 1. Token usage I’ve already spent around 3 million tokens just on Plamen. For now, I stopped at phase 4 of Plamen by @p_tsanev. I’m also using Opus 4.7, and I’m really curious to see how the final results compare. 2. Manual analysis Today’s focus was still manual analysis. I also spent time drawing diagrams to better understand the protocol structure and key flows. 3. Main goal Right now, I’m still more interested in building a real understanding of the project than in comparing tool outputs too early. The comparison can come later. Mentorship with @bichistriver @PashovAuditGrp

Day 2 update: I’m still researching this seriously and trying to push as many useful AI tools as possible through one real audit of @MonetrixFinance on @code4rena. 🤔 1. Manual Today I manually reviewed another 400 lines of code. 2. Tooling plan I also put together a clearer plan for which tools and workflows I want to use during this audit. 3. Research I spent time researching newer tools and newer approaches for AI-assisted auditing, and that research is still ongoing. 4. AI runs Today I also finished running solidity-auditor on GPT-5.5 and Opus 4.7. I haven’t compared the findings yet, and I probably won’t do that until the end. For now, I want to stay manually focused on understanding the core of the project first. 5. Main observation There are a lot of tools on the market now. I’d like to test as many of them as possible and see which ones are actually useful in practice, not just interesting on paper. At the end, I also want to total up how many tokens this entire experiment consumed. 🚀 Mentorship with @bichistriver @PashovAuditGrp

Security researchers: which AI tools impressed you the most lately? What should I test next? I’m researching this seriously and planning to use as many AI tools as possible during this audit of @MonetrixFinance on @code4rena. 🤔 Day 1 update: 1. Manual I downloaded and read the docs and README to build a clean high-level model of the project first. Then I started the manual audit. So far I’ve manually reviewed 310 lines out of 1,726 total lines of Solidity source. 2. Progress estimate If I keep this pace and there are 7 days left, the manual analysis should take around 5 days total, but let’s see how it actually goes. ⚔️ 3. AI I ran the well-known x-ray skill by @PashovAuditGrp @0xFireFist on GPT-5.4 and then found out there is already a V2 version, so tomorrow I want to test what actually changed. 4. Model comparison I also ran solidity-auditor by @PashovAuditGrp on the contracts I already reviewed manually, using two different models: Sonnet 4.6 GPT-5.4 5. Main goal The goal is still to fully break down the project. Even with strong skills, there are still false positives, so everything important still needs validation. That’s what I want to test in public: how far manual analysis a full AI stack can actually go on one real audit target. 🚀 Mentorship with @bichistriver @PashovAuditGrp

Imagine you had unlimited AI tokens. What actually happens when you combine deep manual Solidity analysis with every AI tool you can possibly use on one real audit target? 🤔 I want to find out on @MonetrixFinance on @code4rena. For the next 8 days, I’m going all-in on this one project: 20 Solidity files 2,566 lines of source code No shallow pass. No half-measures. ⚔️ I’m going to manually break down the entire protocol, trace assumptions, challenge accounting, and then stack that with every AI workflow and every audit tool I can use. I want to test whether manual analysis maximum AI actually finds bugs a normal review misses. 🤖 This is also my first time posting in this format, so I hope I can clearly communicate what I’m trying to do and make this experiment interesting to follow. Let’s see what this experiment uncovers. 🚀 Do you think this combination finds something real? Mentorship with @bichistriver @PashovAuditGrp

Another 🏆 - Top 10 out of 1009 auditors. There were days I didn’t feel like doing this at all. Still showed up. That’s the difference. Go get your W. Thanks @sherlockdefi 🫡

🚨Free for anyone who wants to get better at Web3 security!!! Most researchers struggle with: • Too much passive reading • Not enough real-world attacker pattern recognition That’s exactly what we’re fixing with the Valves Security Training Hub. 📚 Instead of just theory, you will train on how attackers actually think, so you can spot vulnerabilities faster and with confidence. If you’re serious about improving, this is for you. Start training 👇 training.valvessecurity.com

What a week of private audit actually looks like: Day 1: read every line, understand nothing Day 2: re-read docs, draw the architecture on paper Day 3: find the first H, feel like a genius Day 4: realize it's a dupe of a known issue, feel stupid Day 5-7: find the real ones Day 8: write the reports Worth it.