@saloonfinance profile picture
The Saloon @saloonfinance

The next-gen bug bounty platform for web3. Join our Discord: discord.gg/CXzWww4PbS

Joined August 2022
  • Tweets 193
  • Following 202
  • Followers 879
9 Photos and videos
Pinned Tweet
The Saloon@saloonfinance
22 Dec 2022
We've put together a @NotionHQ dashboard for web3 security researchers! It contains heaps of resources and a neat template to help you organise your findings and navigate codebases. Let us know what you like or whats missing below! protective-stranger-59a.noti…

Security Researcher Dashboard | Notion

Brought to you by Saloon

protective-stranger-59a.notion.site
2
18
65
7,209
We are honoured to be among such names! Exciting things coming soon! 🤠
CryptoJobsList
@CryptoJobsList
10 May 2023
Replying to @CryptoJobsList
Here are 3 more resources where you can test your auditing skills through competitive audits and get your name out while possibly earning some well deserved bounties🤩 ♦️ @sherlockdefi ♦️ @saloonfinance ♦️ @code4rena
10
949
Are you familiar with the challenges borrowing and lending protocols face? Dive into: - Illiquid liquidations - Collateral Safeness - The dangers of governance - Oracle risk and cost of manipulation And much more... article by: @0xnikceth tokeninsight.com/en/research…

The 7 Deadly Sins of Lending Protocols

Lending protocols have been a major target for hacks and attacks over the last few years, as many platforms often fail to ensure the security of their code, while others overestimate the safety of...

tokeninsight.com
1
5
36
4,873
Having a dashboard with details about all DeFi exploits to help you become an exploit master mind sounds almost too good to be true. But @DefiLlama has got you covered! defillama.com/hacks

1
8
26
4,137
Incredibly valuable resource with foundry tests to help you understand and replicate vulnerabilities worth more than $1B (B for billions)! You can find many more resources like this within our security researcher dashboard (pinned). github.com/coinspect/learn-e…

2
31
146
12,487
In the span of a few days: 1. USDC depeg making us re-evaluate our dependency on fiat. 2. Vulnerability in SHA3(keccak) eprint.iacr.org/2023/331.pdf 3. Euler $197m exploit. x.com/peckshield/status/1635… 4. What's next? Don't let your guard down. @realgmhacker credit for SHA3 news.

PeckShield Inc.
@peckshield
13 Mar 2023
1/ @eulerfinance was exploited in a flurry of txs on Ethereum (one hack tx: etherscan.io/tx/0xc310a0affe…), leading to the lost of ~$197m from the project.
1
1
4
831
Euler under attack. There is no rest in crypto.
BlockSec
@BlockSecTeam
13 Mar 2023
Replying to @BlockSecTeam
3/ updated two more attack transactions. The total loss is around 197 Million USD docs.google.com/spreadsheets…
1
426
The Saloon retweeted
Beosin Alert@BeosinAlert
2 Mar 2023
There are still some ongoing attacks on the SwapX contract over the past few days. More than 20,000 addresses have approved to 0x6D8981847Eb3cc2234179d0F0e72F6b6b2421a01 ⚠️Pls revoke your approval ASAP.
1
2
5
1,413
It should be illegal for devs/auditors to not know this: How to prevent MEV frontrunners from stealing your funds with bytecode obfuscation.
DeGatchi
@DeGatchi
1 Mar 2023
Learn how to protect your smart contract's alpha with a deep dive into bytecode obfuscation techniques! degatchi.com/articles/smart-…
1
2
25
4,022
Many protocols allow users to create contracts for others to interact with. In this C4 audit for @escherxyz , auditor @hansfriese et al. highlights how things can go wrong if contract creation is not carefully implemented. 🧵4
1
11
1,797
more replies
Bug: For all sales, creators create new sales contracts with arbitrary data. Malicious creators can create fake contracts that implemented IEscher721 and fake buyers to get free earnings because there is no check to verify if the contract was deployed through the Escher Factory.
1
2
329
For more details: code4rena.com/reports/2022-1…
2
285
Operational Security practices is like brushing your teeth. Takes a little discipline. Sometimes you just don't want to, sometimes you forget about it. But you always need to, unless you want to end up looking like you haven't brushed your teeth in a long time.
4
369
The Saloon retweeted
zak.eth
@0xzak
22 Feb 2023
LOC in a functional codebase are like the opposite of an account balance; the lower the number, the higher your status.
3
8
1,258
Bug Or Not? 2⃣
3
1
10
1,301
Just a reminder that keeping your code concise helps with: 1. Readability 2. Gas Cost 3. Deployment cost 4. Decreasing audit costs!
6
366
Regardless what model you fall under, staking a % of the audit payment in a post-audit bounty would differentiate you from the competition and mitigate the issue below. The classic: "Put your 💸 where your 👄 is"
hake
@hake_stake
20 Feb 2023
Different audit models and their issues: Pay-per-finding: - No guarantees of any findings. You pay what you get Traditional auditing firms: - No guarantee that any real effort has been put in C4, Sherlock: - No guarantee talented auditors will show up
1
3
518
Bug or No Bug?
13
4
31
3,372
$800M were lost in 2022 due to stolen private keys. It seems there is a gap in the market needing to be fulfilled. Operational security is out-of-scope for smart contracts audits, but shouldn't be ignored. Tag an operational security consultant/auditor below (if you can)👇
2
3
14
1,399
1/4 One important distinction to make when building or auditing a protocol is between economic and code security. Simple way to differentiate them: Code security: expected code functionality matches implementation. Economic security: soundness of economic mechanism design.
1
4
21
2,617
more replies
Flaws in economic mechanisms are usually a much bigger deal than issues with code. They usually imply refactoring large spans of codebases and sometimes even having to go back to the drawing board.
1
1
315
@SmolQuants gives a great talk in this @SpearbitDAO workshop about economic security! youtube.com/watch?v=_E5juBbF…

Economic Security with fmrmf

We want to welcome fmrmf, a former quant and physicist currently wo...

youtube.com
3
266
Load more