Sec3 Profile picture
Full Stack Security: Protection at every step of the development cycle. Auditors of @Metaplex, @Helium, @StarAtlas, and more!
Feb 9, 2023 7 tweets 3 min read
1/ Let's look at what was discussed during the Solana Changelog - January 31, 2023 video!

2/ A new proposal have been put up to have a fee market for storage on the cluster, where the cost of storage would change based on demand. This would change the cost of things like NFTs, token accounts, and programs
Feb 8, 2023 6 tweets 2 min read
1/ How does @sec3dev's WatchTower `SmartThreatMonitor` learn which transactions are normal and which one's aren't to provide on demand real time alerts of abnormalities? 2/ First, it loads all historical transactions of a particular smart contract and analyzes them using a machine learning algorithm to construct an initial set of invariants (pattern of behaviour)
Feb 7, 2023 4 tweets 1 min read
1/ This is a great Validator Security workshop by @TimGarcia0 !

2/ Key takeaways for best practices for hardening Ubuntu servers:
• Use SSH keys for login, avoid password login
• Disable password and challenge response authentication
• Consider setting up two-factor authentication
Feb 1, 2023 4 tweets 1 min read
1/ What are some more common vulnerabilities that an attacker can exploit in Solana? 🧵 2/
- Arithmetic overflow/underflows: If an arithmetic operation results in a higher or lower value, the value will wrap around with two’s complement
- Numerical precision errors: floating point can cause precision errors and those errors can accumulate
Jan 31, 2023 6 tweets 1 min read
1/ What are 5 common vulnerabilities attackers can exploit in Solana?🧵Let’s dive in: 2/ Missing signer checks: if an instruction should only be available to a restricted set of entities, but the program does not verify that the call has been signed by the appropriate entity (e.g., by checking AccountInfo::is_signer ).
Jan 31, 2023 12 tweets 4 min read
1/ We’re extremely excited to announce that @sec3dev has raised a $10M seed round led by @multicoincap, joined by @SanctorCapital and @EssenceVenture - this is in addition to our angel investor @aeyakovenko and @santiagoroel! 2/ Our vision from the beginning has always been to provide a suite of end-to-end solutions to help secure DApps and user experience for as many people as possible.
Jan 30, 2023 4 tweets 2 min read
1/ In #DEFI, borrow/lending is one of the most exciting innovations. Our WatchTower system offers LiquidationMonitor that tracks real time Loan-to-Value-Ratio(LTV) for positions in platforms such as @solendprotocol @HedgeLabs and @HubbleProtocol 2/ It does this by looking directly at on-chain states of each borrowed position and comparing it with their corresponding obligation account, at the oracle refresh level
May 24, 2022 6 tweets 2 min read
1/ We are excited to make Sec3 (formerly Soteria) Pro Auto Auditor software publicly available to #Solana builders:

pro.sec3.dev 2/ @Sec3dev team has been iterating and developing the engine behind this software in the last few months. It is the most powerful engine we have built to date, and its capability keeps expanding.