4 AI-proof tech jobs 👇

In this thread, I'll break down what they are and, more importantly, why they are AI-proof.

A lot of people think AI is going to take over, and guess what, it is! But there are some areas where AI is still quite bad, and will likely continue to be. 1. Security researcher ($80k - $250k)

AI is fantastic for helping spot beginner mistakes, but anything it hasn't been trained on (which, is many attacks) it'll perform poorly on.

These days, we have massive amounts of data on hacks, and yet, loading them into AI hasn't helped.

🔒Top 9 Cryptocurrency Hardware Wallets of 2025 🔒

After seeing the Bybit team hacked for $1.4B, Radiant Capital hacked for $50M, and many other teams hacked due to not verifying signed data, I wanted to find out:

Which wallet does it best? 👇

We review all 9 in this thread! So I spent over $1,000 to buy fresh new hardware wallets to figure out which wallet is the best for BOTH:

- Technical users
- Non-technical

Specifically, I asked, "Would I recommend this wallet to @benbybit?"

You can view this on YouTube:

I could have lost the company billions.

That's right, billions.

When I was first breaking into my technical career, I accidentally deleted a file critical to my company's infrastructure. Here's what happened. 👇 I'm a couple years out of college after bouncing around jobs. I wasn't doing so hot in my career.

I'd been fired.
I'd quit because I wasn't hitting quotas.
I was struggling.

Before getting the job, I said, "I'm going to do everything in my power to smash this job"

I'm 31.

Here are 10 tips I wish I told me at 21.

1. You have zero talent. You will think you are "good at things," but you are not. Anyone can GET good at anything, but you have to work hard to get there. Others will be better than you at the start. That's ok. 2. Consistency is a hell of a drug.

In order to get good at something, you must fall in love with the process and work at it every day. Something that seems impossible will become possible if you work at it every day.

Tokenized RWAs / Tokenized Real World Assets

What are they?
How do you make one?
How easy or hard are they?

Let's go 👇 If you want to read the article or watch the video, you can see them here:

SMART CONTRACT SECURITY AND AUDITING FULL COURSE IS NOW OPEN TO EVERYONE ON CYFRIN UPDRAFT

🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊

In just 22 hours, the top web3 experts walk you through 5 increasingly difficult audits to drill security power into you.

Here's what you need to know👇 You can find the entire course on @cyfrinupdraft HERE:


Part 1 is broken down into 9 insane sections. I'm finishing part 2, which will focus on assembly, opcodes, huff, and formal verification.

Part 2 will come out within 2 months.updraft.cyfrin.io/courses/securi…

Imagine being able to send ETH to your friend cross chains without anyone knowing:
- what token
- to whom the tx goes
- from whom

And also encrypt a message telling them “I’m old enough to get into the bar”

I just had a crazy interview with Mind Network, highlights here 👇 1. Mind Lake

Using Zero Knowledge Proofs and Fully Homomorphic Encryption (will explain soon) you can store data in a zero knowledge fashion into their Mind Lake network.

- medical information
- financial info
- personal info
- if you’re old enough to slam a pint of beer

How to get into competitive audits:

1. Learn basic solidity/vyper
2. Start doing competitive audits

The more audits you do, the better you'll get.

Here is your gameplan going into an audit, and exactly how to get the most out of your first one 👇 1. Block off hours of time

Auditing takes hours of deep work. Deep is long uninterrupted periods of time.

If you want to be successful, you need to focus. Some auditors use pomodoro techniques where they:

- push for 55 minutes, take a 10 minute break

And repeat this

🥧 FREI-PI

‼️ Why smart contract devs NEED to know this!

Function:
- Requirements
- Effects
- Interactions

Protocol
- Invariants

This is the pattern you should all be thinking about when building smart contracts.

Here is why 👇 Previously, we followed something called CEI, checks, effects, interactions.

The idea was that in our solidity/vyper functions we first:

1. Did require statements
2. Did effects with our contracts
3. Did interactions with external contracts

ITS FINALLY HERE

🎊🎉🎊🎉🎊🎉🎊🎉🎊🎉🎊🎉
The Ultimate, Learn Blockchain Development, Solidity, AI-Powered Smart Contract Course | Foundry Edition!
🎊🎉🎊🎉🎊🎉🎊🎉🎊🎉🎊🎉
Here is everything you'll learn from this course, and more 👇 You can find parts 1 - 3 (A new YouTube cap of 12 hours means I had to split it up!)

🔗 Here's a link to part 1 of the course, with parts 2 and 3 on my YouTube.

After 2+ months of work, we arrived at 27+ hours of pure KNOWLEDGE.

There have been many conversations around the value of audits recently with the Merlin exploit.

We need to move away from the binary of "the protocol has an audit. Therefore, they are safe" ASAP.

An audit is not a guarantee your code is bug-free.

So then, why get an audit? Or even more importantly, how can a community know a project is safe?

1. An audit is a small piece of a security journey

"They have an audit" isn't good enough.

- Do they have fuzz tests?
- How many audits did they get?
- Did they do a competitive audit?

There are days I get frustrated, down in a funk, hate everything and think life sucks.

Here is what I do to get out of it 👇

1. Accept it

Recognize that you’re upset, and don’t pretend you’re all good. Toxic positivity will erode you.

Being upset sometimes is ok. 2. Take a day off

Maybe 2. Sometimes the weekend is all you need. Sometimes a light day of work.

3. Remember why

Remember why you do what you do. I typically write down a list of reasons I do an activity and I reflect on those.

Am I reading this right?

A bank in the US is allowed to lend money out without having ANY collateralization.

No wonder bank runs happen. THEY DON'T NEED TO HAVE ANY FUCKING MONEY.

They call us DeFi degenerates???

CAN SOMEONE EXPLAIN TO ME HOW THIS MAKES ANY SENSE. Even Aave has like 150% collateralization ratio.

You deposit your money into a bank and they lend out all of it. So you go to withdraw, and whopsie-daisy, they don't have it.

How is this the default.

Source: federalreserve.gov/monetarypolicy…

🧰 All your smart contract security tools are shit

...Or at least, according to a recent research study

After analyzing 516 bugs across 2021-2022, they discovered:
- How good our tools are
- How to categorize web3 bugs
- How to use this knowledge to win $102k in audit contests Let's unpack this paper.

🏋️‍♂️ 1. Humans still beat machines at finding web3 vulnerabilities

~80% of all smart contract bugs across @code4rena and real-world exploits were undetected by automated tooling

~20% were caught by automated tooling like Slither, Echidna, etc

For those of you looking to level up with tools like Certora and anything trailofbits, here is your symbolic execution EILI5:

Symbolic execution attempts to "make your code math."

Or longer: Convert your code to a set of mathematical expressions that can be solved. Because your code is now math, you can have higher assurance it "does what you want it to do."

Math can be solved. There are right and wrong answers in math.

Functions in code can't be solved; this is why symbolic execution can be so powerful.

🪨 Invariant tests can be the difference between rock-solid solidity, and $1B down the drain.

🍹Fuzz testing vs Invariant testing in web3🧵

What are they, why are they so important, and what do they look like.

(not trying out Twitter's new big-ass tweets cuz I have images)👇 Fuzz testing, also known as fuzzing, involves providing random data as inputs during testing.

Invariant tests are tests that focus on verifying the conditions that must always hold true in a system.

Oftentimes, a fuzz test is also an invariant test.

🔐Multi-sig wallets are straight goated.

Especially for devs.

I think we might have to update our “I WILL BE SAFE” page.

Here are 4 reasons why 👇 1. A one-of-one multi-sig is better than a hot wallet

Oh no.

Your encrypted private key has been compromised.

Maybe your hardware wallet stolen, or computer hacked.

They can now try to brute force your password.

⏰ The countdown for them stealing your funds has started.

💸 aTokens & cTokens are two of the biggest interest-bearing tokens out there.

But they can be tricky to understand.

What are they, what makes them different, & how they make you money (for anyone)👇

1st, In order to understand the tokens, we need to understand the protocols. 👻 ATokens are from @AaveAave

📈 CTokens are from @compoundfinance

Both Aave and Compound are borrowing and lending protocols.

People borrow money for a few reasons, one of the most popular ones is to "gain exposure" to an asset.

But what's "gaining exposure"?

💩 A lot of stuff in web3 is BS.

And last year we weeded out a lot of it. Which was good for web3 longevity, but it hurt a lot of innocent people in the short term.

A lot of people stay away from web3 because of all the scams.

How can we fix this? 1. Focus on actual use cases

@VitalikButerin recently wrote an article that summarizes his current favorite use cases for web3 which includes Money, DeFi, Identification, DAOs, and other niche projects like voting.

vitalik.ca/general/2022/1…

🎆 New Year's Resolutions are shit.

1. The action items are what matter
2. Goal setting in public is bad
3. 1 year is too long a reflection period

Here's why 👇 🏋️ 1. Actions

It's good to have goals, of course it is, but too many people focus on the goal instead of how to achieve that goal, which is more important.

"I'm going to lose 5 pounds" as a goal is fine, but 95% of what you SHOULD be focusing on is how to get there.

🎁 AND. THATS. A. WRAP.

2022... Honestly, I won't miss you lol.

But it's essential to reflect and give some gratitude for all the good that happened in the blockchain/crypto/web3 developer world.

🧵 Here is a non-exhaustive list of what I'm thankful for from 2022 👇 🎥 1. @freeCodeCamp hosting my 32-hour course.

I can't tell you how many devs we've helped onboard to web3 with it. It's been amazing to see the response. With that, a HUGE thank you to anyone who took it, gave feedback, participated in the discussions, or promoted it!