Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Adrian ⛩️ Hetman 🐺⚔️ Profile picture
Adrian ⛩️ Hetman 🐺⚔️
@adrianhetman
Head of Triaging @immunefi 🛡️⚔️ Crypto bug swatter 🐛🔨 Web3 enthusiast 💻 Hobbies: spreading security awareness & brewing coffee ☕️ F1🏎️ | Lunarpunk 🌒 | 📸
Jan 28, 2023 12 tweets 3 min read
Recently I asked for an advice about how to overcome afternoon sleepiness 😴 and I got lots of replies.

Here is the breakdown of the most popular and most common recommendations I got.

The last one was the most recommended one. 1/ Be mindful about your coffee intake.

It’s best not to take it right after you wake up, and few hours before you go to sleep.

It’s better to get sunlight ☀️ in the morning before your first cup of that delicious coffee ☕️
Jan 3, 2023 26 tweets 14 min read
Now that a new year has begun, it's time to pick one resolution that will completely change your life.

I've got a suggestion for you.

Join the club of top hackers and become a Web3 Bug Bounty Hunter in 2023 🐞⚔️

To find out how, read this thread 🧵 Strong foundations 🏛️ are the key in every aspect of life and career. For Web3 it doesn't matter if you want to become a dev, a hacker or a journalist.

You need to understand the Blockchain in depth. With that knowledge you will be able to understand more complex topics.
Jul 23, 2022 27 tweets 7 min read
What are the most common smart contracts vulnerabilities?🧐

Many of the examples will be well known to people familiar with the web3 security.

What makes this interesting, is how common these vulnerabilities are even after many hacks involving them!🫥

Let's dive in!🧵👇 I divide vulnerabilities into three main types:
• Unsafe External Calls
• Usage of spot-price
• Authentication issues

These three definitions are an umbrella☂️types that contains variations of these types of bugs🐛

Let's understand the first one and show some examples 🥷🔓
Jul 17, 2022 25 tweets 6 min read
Let's talk Cross-Chain Bridges.

The demand for moving gained/earned assets on one network to another increases every day.

The amount flowing through bridges is enormous.

There is currently over $80.4B in TVL in various DeFi protocols.

So...how secure are blockchain bridges? Before we talk security, we need to understand how in general cross-chain bridges works.

One thing you need to remember about bridging: assets cannot be transferred across chains.

The primary chain maintains ownership, and the user is given a debt token on the secondary chain.
Apr 27, 2022 4 tweets 6 min read
🧶Here's the list of Web3 resources for security that you recommended few days ago.

Positions on the list are random 🎲

Don't treat this list as final🚨

It's just resources you shared with me. If you think there should be something else on the list, comment 👇 Blogs
secureum.substack.com

quillaudits.substack.com

raindrop.io/rudra-singh/bl…

YouTube
youtube.com/playlist?list=…

CTFs
damnvulnerabledefi.xyz

ethernaut.openzeppelin.com
Dec 27, 2021 16 tweets 10 min read
How to make a jump from Web2 hacking to Web3 hacking?

This is the question I started getting over DMs and I decided to answer all of them in a form of a Twitter thread so other can learn to.

knowledge will be compressed so keep that in mind🙃

Here we go!

🧵👇 As with everything, you need solid foundations before leaping into anything advanced.

That's why I recommend reading upon how Ethereum works first.

github.com/ethereumbook/e…

This should give you a great overview of inner workings of Ethereum.

Next, Solidity!🐍
Nov 25, 2021 11 tweets 2 min read
(1/n) Ethereum, while being an extremely versatile blockchain, still has significant usability constraints.

Ethereum has trouble with scaling, that is, handling an increasing number of transactions.

And there have been some remarkable scaling solutions to alleviate this.

👇🧵 (2/n) The current Ethereum version has low transaction throughput and high latency in processing.

This means that transactions are both slow and prohibitively expensive. 🐢 💸

There are two general types of scaling solutions proposed for the above issues

On-chain and Off-chain
Jun 24, 2021 15 tweets 4 min read
1/ Do you think ERC20 approve() is safe? Well… 🧵

Function in itself is safe but there are two scenario where ERC20 approve() shows its rough edges.

First is a front-running attack on approve().

Imagine following scenario 👇 2/
 * Alice approves Bob for 20 Tokens
* After some time, Alice changes approve to 10
* Bob front-runs the Alice TX for approve(10)
* Bob spends 20 Tokens
* Alice TX passes
* Bob spends additional 10 Tokens from Alice.

Why is that?
Jun 23, 2021 4 tweets 3 min read
1/How @ElevenFinance got hacked? 🧵

The exploit was possible due to a bug in emergencyBurn() function of ElevenNeverSellVault.

There is a transfer of previously deposited funds during the function call, but there is a lack of burning of Nerve shares to account for the transfer Image 2/ In other words, an attacker could double-spend Nerve shares he acquired during initial deposit to the vault.

emergencyBurn() didn’t burn 11NRV Tokens so an attacker used them in “withdrawAll()” to get additional LP Tokens in return.
Jun 21, 2021 13 tweets 5 min read
1/ Why China is cracking down on #Bitcoin? 🧵

Currently many of the Chinese provinces where Bitcoin miners resided, rolled out new policies restricting or banning the #BTC miners.

Inner Mongolia, Xinjiang, Yunnan and Sichuan banned Bitcoin. 2/ Energy companies were told to stop providing energy to crypto miners due to them using too much electricity.

It became an illegal activity to mine cryptocurrencies. If someone would be found to do so regardless, they would be added to the blacklist of social credit system.