#  @jack__sanford Jack Sanford π‘οΈ Jack Sanford π‘οΈ posts on X about web3, ai, sherlock, ethereum the most. They currently have [-----] followers and [---] posts still getting attention that total [-------] engagements in the last [--] hours. ### Engagements: [-------] [#](/creator/twitter::2521877316/interactions)  - [--] Week [---------] +166% - [--] Month [---------] +127% - [--] Months [---------] +2,353% - [--] Year [---------] +2,201% ### Mentions: [--] [#](/creator/twitter::2521877316/posts_active)  - [--] Week [--] no change - [--] Month [--] -9.70% - [--] Months [--] +107% - [--] Year [---] +48% ### Followers: [-----] [#](/creator/twitter::2521877316/followers)  - [--] Week [-----] +0.07% - [--] Month [-----] +0.02% - [--] Months [-----] +12% - [--] Year [-----] +45% ### CreatorRank: undefined [#](/creator/twitter::2521877316/influencer_rank)  ### Social Influence **Social category influence** [cryptocurrencies](/list/cryptocurrencies) [finance](/list/finance) [events](/list/events) [exchanges](/list/exchanges) [technology brands](/list/technology-brands) [stocks](/list/stocks) [travel destinations](/list/travel-destinations) [social networks](/list/social-networks) [countries](/list/countries) [celebrities](/list/celebrities) **Social topic influence** [web3](/topic/web3), [ai](/topic/ai), [sherlock](/topic/sherlock), [ethereum](/topic/ethereum), [in the](/topic/in-the), [defi](/topic/defi), [protocol](/topic/protocol), [if you](/topic/if-you), [audit](/topic/audit), [devcon](/topic/devcon) **Top assets mentioned** [Ethereum (ETH)](/topic/ethereum) [AUDIT (AUDIT)](/topic/audit) [Bitcoin (BTC)](/topic/bitcoin) [Solana (SOL)](/topic/solana) [Optimism (OP)](/topic/optimism) [USDC (USDC)](/topic/usdc) [Coinbase Global Inc. (COIN)](/topic/coinbase) [Aave (AAVE)](/topic/aave) ### Top Social Posts Top posts by engagements in the last [--] hours "If you read one thread on the sanctioning of Tornado Cash let it be this one 1/ This week the US Treasury Dept did something its never done before: it sanctioned a piece of code. Weird right Actually it makes perfect sense. Lets peel that onionπ§ π§΅π 1/ This week the US Treasury Dept did something its never done before: it sanctioned a piece of code. Weird right Actually it makes perfect sense. Lets peel that onionπ§ π§΅π" [X Link](https://x.com/jack__sanford/status/1557546550892662786) 2022-08-11T01:56Z [----] followers, [--] engagements "24 hours later FTX sells to a competitor due to a "liquidity crunch." Why would you trust human beings when you could trust open-source code instead" [X Link](https://x.com/jack__sanford/status/1590034364909223936) 2022-11-08T17:31Z [----] followers, [--] engagements "@0xZetta @sherlockdefi @sentimentxyz 97.5% of the lost funds are back in Sentiment's possession. The remaining 2.5% is waiting on a Nexus Mutual claim and payout which should happen in under a week" [X Link](https://x.com/jack__sanford/status/1644377470861295616) 2023-04-07T16:31Z [----] followers, [--] engagements "@maurelian_ @sherlockdefi Audit contests require a judge to decide which vulns are real dupes etc. Judging contests help figure out who the best judges in the community are and then those community judges are paid to be the "Lead Judge" for future contests" [X Link](https://x.com/jack__sanford/status/1674580739298562048) 2023-06-30T00:48Z [----] followers, [--] engagements ""If you can't tell me the four ways you fucked something up.before you got it right you probably weren't the person who worked on it." - @elonmusk" [X Link](https://x.com/jack__sanford/status/1700510870827098422) 2023-09-09T14:06Z [----] followers, [---] engagements "Hit me up if you'll be at @Permissionless this week @sherlockdefi will be hanging in the shadows (aka the shade)" [X Link](https://x.com/jack__sanford/status/1701082645273165948) 2023-09-11T03:58Z [----] followers, [----] engagements ""For all of @PayPal's advancements.tech companies still needed flesh-and-blood humans to deliver last-mile protection People will always be a component of fraud detection" Do you think this is true Will it always be true for smart contracts too" [X Link](https://x.com/jack__sanford/status/1703047837695533535) 2023-09-16T14:07Z [----] followers, [--] engagements "Had never heard of the Third Party Doctrine until the @twobitidiot @VivekGRamaswamy Mainnet chat. Basically says if a 3rd party (bank cell service) can access your data the govt can too. Super strong argument for interacting with trustless smart contracts instead" [X Link](https://x.com/jack__sanford/status/1705421883968004376) 2023-09-23T03:20Z [----] followers, [--] engagements "Uniswap adds a frontend fee. Who loses Average Americans who bought UNI tokens thinking they were getting exposure to the value created by Uniswap. Thanks to bad regulation UNI tokenholders have officially been "duped" into buying exposure to the smart contract fee only" [X Link](https://x.com/jack__sanford/status/1714100643072229668) 2023-10-17T02:06Z [----] followers, [----] engagements "@0xOwenThurm @0xnirlin @GuardianAudits @sherlockdefi What a claim π You do pay-per-vulnerability right So did you charge GMX for not understanding how their protocol works in this "High severity" issue Or did you just include it in the report to pad your stats" [X Link](https://x.com/jack__sanford/status/1728472376659083656) 2023-11-25T17:55Z [----] followers, [---] engagements "@0xScourgedev @0xOwenThurm @0xnirlin @GuardianAudits @sherlockdefi I see you are an auditor for Guardian. Did you participate in this audit I see no impact no loss of funds demonstrated no POC and GMX says its intended functionality. Slim chance this would even be a Medium severity issue in Sherlock. Crazy its a High here" [X Link](https://x.com/jack__sanford/status/1728514273696207084) 2023-11-25T20:41Z [----] followers, [---] engagements "@HollaWaldfee100 Yeah @sherlockdefi gets tested sometimes:" [X Link](https://x.com/jack__sanford/status/1733276744826704347) 2023-12-09T00:05Z [----] followers, [---] engagements "@ajnafi turns out permissionless includes memecoins Ajna stays undefeated on narrative π«‘" [X Link](https://x.com/jack__sanford/status/1766511836067770697) 2024-03-09T17:10Z [----] followers, [----] engagements "@high_byte Belief implies you can't prove it. And in this case I think it's very difficult to prove (and there is some evidence pointing in the other direction) Gas optimizations are not just confined to assembly btw" [X Link](https://x.com/jack__sanford/status/1770766742454731016) 2024-03-21T10:57Z [----] followers, [--] engagements "It seems we're in a bull market. Choose wisely anon" [X Link](https://x.com/jack__sanford/status/1773431389121020030) 2024-03-28T19:26Z [----] followers, [----] engagements "If you'll actually lose 20-30% by not participating this is bad. I see two ways this could be true: 1) Not enough info is required in initial submission (but there are downsides to requiring more info at that stage) 2) Judges aren't skilled enough Which one do you think it is And what other problems do you think cause this" [X Link](https://x.com/jack__sanford/status/1775092808283541564) 2024-04-02T09:27Z [----] followers, [---] engagements "How many auditors would actually audit Tornado Cash today All of them None of them I really have no idea" [X Link](https://x.com/jack__sanford/status/1790387992487461105) 2024-05-14T14:25Z [----] followers, [---] engagements "@eth_call Mutable is at war with immutable" [X Link](https://x.com/jack__sanford/status/1790390731309281681) 2024-05-14T14:36Z [----] followers, [---] engagements "6 new contests on @sherlockdefi this week You can try to break: - Liquid staking - Liquid restaking - Uni V3 strategies - Real world assets - No-loss prize games - Advanced yield farming looks like a new wave of contests is coming in time to double down on @sherlockdefi looks like a new wave of contests is coming in time to double down on @sherlockdefi" [X Link](https://x.com/jack__sanford/status/1791036885747249383) 2024-05-16T09:24Z [----] followers, [----] engagements "@jesserroos @CryptoCanal @sherlockdefi @cvhessert @0xPolygon @kadmil_eth @LidoFinance @jpknegtel Hmm thanks cc @CryptoCanal" [X Link](https://x.com/jack__sanford/status/1791180198789988857) 2024-05-16T18:53Z [----] followers, [--] engagements "7 auditors reviewed @m0labs at the same time: @k1rill_fedoseev @chain_security @Prototech_Labs @threesigmaxyz @Quantstamp @OpenZeppelin @CertoraInc Has anyone analyzed which was most/least effective Source: https://github.com/MZero-Labs/documentation/tree/main/audit-reports https://github.com/MZero-Labs/documentation/tree/main/audit-reports" [X Link](https://x.com/jack__sanford/status/1794000648784277609) 2024-05-24T13:41Z [----] followers, [----] engagements "@0xt0n1 @m0labs @OpenZeppelin @threesigmaxyz @Prototech_Labs @CertoraInc @chain_security @Quantstamp @k1rill_fedoseev Looking forward to it" [X Link](https://x.com/jack__sanford/status/1796221647566836038) 2024-05-30T16:46Z [----] followers, [---] engagements "So you want to throw a party π You rent out a venue π You hire a DJ πͺ© You offer free drinks πΈ You even spend $50k to upgrade the sound system πΆ Unless you get confirmation from Cristiano Ronaldo that he'll show up he probably won't @sherlockdefi is the only platform that confirms the world's top auditors will show up to your audit contest And then incentivizes them to try their hardest @lucyoas @jack__sanford This is the observation we made that resulted in us not adopting the same model. Platforms and their constituents aren't 1:1 fungible. Tweak incentives and you get different" [X Link](https://x.com/jack__sanford/status/1798647474724417734) 2024-06-06T09:25Z [----] followers, [----] engagements "Question for security researchers: Do you think it's fine for an audit contest platform to share your submissions with the client team while the contest is still running" [X Link](https://x.com/jack__sanford/status/1799008979382853636) 2024-06-07T09:22Z [----] followers, 14.4K engagements "The UwU Lend $20M exploit seems unbelievable Am I getting this right 1) @UwU_Lend forks Aave V2 2) UwU makes changes and gets a @peckshield audit (1) (maybe @peckshield can clarify if this attack vector was in scope or not) 3) @makemake_kbo finds a critical vulnerability [--] YEAR AGO 4) The team does not listen to whitehats and does not fix the vulnerability () despite $200M+ TVL 5) Users get hacked for $20M due to an exploit vector that was known [--] year earlier Can nothing be done to save user funds if the team won't listen I think @_SEAL_Org is designed for this but it can only save user" [X Link](https://x.com/jack__sanford/status/1800481788164243562) 2024-06-11T10:54Z [----] followers, [----] engagements "I get the argument: You lost your money as a DeFi user That's a skill issue. But 99.9% of newcomers to DeFi will have this skill issue regarding smart contract security. I sympathize less with ppl who lost their money in Luna/Terra setups. At least a high APY is a warning. But how should the average person know that a team is not using the best security practices Must we keep sacrificing users at the altar of blackhat exploits until the whole world learns @jack__sanford The toddler has once again crashed the car. How can we make it safer for toddlers to drive cars @jack__sanford The toddler" [X Link](https://x.com/jack__sanford/status/1800822895746138177) 2024-06-12T09:30Z [----] followers, [----] engagements "Some tips for whitehats 1) Disclose findings to the vulnerable team immediately 2) Use official bug bounty channels if possible 3) Be extremely transparent about all test transactions 4) Don't insult the team publicly @tayvano_ @krakenfx The real question should be why Krakens in-depth defense system failed to detect so many test transactions. This is indeed what we were testing. You often heard from a weak exchanges response to a security bug finding with a brag of their strong risk control and in-depth @tayvano_ @krakenfx The real question should be why Krakens in-depth defense system" [X Link](https://x.com/jack__sanford/status/1803724383434711277) 2024-06-20T09:39Z [----] followers, [----] engagements "@sherlockdefi @MakerDAO Worth the $1.35M just to get @nanexcool back from the golf course β³ https://x.com/nanexcool/status/1805587298827764064 Will be participating in this one for old times' sake https://x.com/nanexcool/status/1805587298827764064 Will be participating in this one for old times' sake" [X Link](https://x.com/jack__sanford/status/1805624523175137673) 2024-06-25T15:30Z [----] followers, [---] engagements "@GLordskotostras @sherlockdefi @MakerDAO Yes π«‘" [X Link](https://x.com/jack__sanford/status/1805638420078743832) 2024-06-25T16:25Z [----] followers, [--] engagements "@IAm0x52 @MakerDAO Looking forward to it" [X Link](https://x.com/jack__sanford/status/1805735710940610979) 2024-06-25T22:51Z [----] followers, [---] engagements "$450 per line of code π€― ($1.35M total rewards / 3k nSLOC) The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2 The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2" [X Link](https://x.com/jack__sanford/status/1805915030401032221) 2024-06-26T10:44Z [----] followers, [----] engagements "Ok ima check the reserved auditors for @MakerDAO @IAm0x52 [--] 1st place finishes on Sherlock @lonelysloth_sec $2.9M in bug bounty payouts @panprog #1 all-time on Sherlock leaderboard @xiaoming9090 Previously #1 on Sherlock and C4 @kankodu $900k in bug bounty payouts @bin2chen #1 on C4 last [--] days @tapired [--] 1st place finishes on Sherlock Damn reserved auditors got hands The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2 The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July" [X Link](https://x.com/jack__sanford/status/1806275406904840632) 2024-06-27T10:36Z [----] followers, [----] engagements "@satanic_angels_ @agfviggiano @MakerDAO @IAm0x52 @lonelysloth_sec @panprog @xiaoming9090 @kankodu @bin2chen No upper hand these are just the auditors who have committed to reviewing the codebase Sherlock paid some of them to make this commitment (the higher an auditor is ranked on Sherlock's leaderboard the more reserved opportunities they tend to get)" [X Link](https://x.com/jack__sanford/status/1806425071570870542) 2024-06-27T20:31Z [----] followers, [---] engagements "Interesting attack vector in @MakerDAO from way back in [----] How seriously does @MakerDAO take security π§΅1/7 In light of the upcoming @MakerDAO audit on @SherlockDefi I want to reveal a critical vulnerability I discovered back in [----]. This issue had severe implications for the MakerDAO system. Lets dive into what happened. π How seriously does @MakerDAO take security π§΅1/7 In light of the upcoming @MakerDAO audit on @SherlockDefi I want to reveal a critical vulnerability I discovered back in [----]. This issue had severe implications for the MakerDAO system. Lets dive into what happened. π" [X Link](https://x.com/jack__sanford/status/1808088975011086507) 2024-07-02T10:42Z [----] followers, [----] engagements "Where are you sitting on the way to EthCC" [X Link](https://x.com/jack__sanford/status/1808800640916726074) 2024-07-04T09:50Z [----] followers, 10.9K engagements "Sherlock went through a lot of trouble to make sure the last Optimism contest was USDC-based It's better for security experts because they know how much they'll earn It's better for projects because they'll attract even the risk-averse security experts (there are many) Dedicating weeks to an audit contest is risky enough - why expose researchers to token price risk at the same time Note: Sherlock will likely cave to pressure to denominate contests in non-stablecoins at some point but we'll put it off as long as possible and keep the stablecoin % of rewards as high as possible when it happens" [X Link](https://x.com/jack__sanford/status/1809310404918890595) 2024-07-05T19:36Z [----] followers, [----] engagements "@ljmanini @sherlockdefi @MakerDAO It doesn't have anything to do with accepting lows/info/gas. You can submit these findings on Sherlock but they are not rewarded. The no H/Ms pot is paid out regardless of any findings" [X Link](https://x.com/jack__sanford/status/1809941901862457650) 2024-07-07T13:25Z [----] followers, [---] engagements "@santipu_ @sherlockdefi Huge congrats and great win in that dHEDGE contest" [X Link](https://x.com/jack__sanford/status/1813995903856041992) 2024-07-18T17:55Z [----] followers, [---] engagements "Who is the standing army preventing civilizational collapse due to currency debasement Security experts If anything from history is certain it's that humans cannot be trusted with the mint() function for any currency. The US Dollar is on a fast track to FAFO. An American baby born today is $519000 in debt thanks to decisions made before it was born. Reversing this trend is like turning an oil tanker. Deficit spending is one of the few things both US political parties have agreed on in the last [--] years. Austerity is extremely unpopular. Currencies like Bitcoin finally take minting privileges" [X Link](https://x.com/jack__sanford/status/1815707659326144924) 2024-07-23T11:16Z [----] followers, [----] engagements "Reminder that de-banking is not always done explicitly More regulations = more compliance costs = more de-banking Let's keep building and securing permissionless financial infrastructure that anyone can access π«‘ SCOOP: Mercury cofounder & CEO calls it a sad day as the firm abruptly offboards companies that account for sub 1% of deposits but probably 50% + of compliance work https://t.co/x2NCgucro7 SCOOP: Mercury cofounder & CEO calls it a sad day as the firm abruptly offboards companies that account for sub 1% of deposits but probably 50% + of compliance work https://t.co/x2NCgucro7" [X Link](https://x.com/jack__sanford/status/1816089801981858190) 2024-07-24T12:35Z [----] followers, [----] engagements "@clesaege Hey Clment Big fan of Kleros and the mission. I'm a co-founder of Sherlock and we've audited Optimism MakerDAO GMX etc. We do great work: One example: Sentiment V1 (med/large DeFi protocol) Pricing: $120000 https://github.com/sherlock-protocol/sherlock-reports/blob/main/audits/2022.10.18%20-%20Final%20-%20Sentiment%20Audit%20Report.pdf https://drive.google.com/drive/folders/18I2ubUJftjgHJ-gY-OrWxX2n4DRDkKS-usp=drive_link https://github.com/sherlock-protocol/sherlock-reports/blob/main/audits/2022.10.18%20-%20Final%20-%20Sentiment%20Audit%20Report.pdf" [X Link](https://x.com/jack__sanford/status/1816591619971309641) 2024-07-25T21:49Z [----] followers, [---] engagements "A few people asked for the story behind this so here goes. If someone were to ask What radicalized you when it comes to auditing this event would be a starting point. Sherlock has built [--] full-scale DeFi protocols. Theyre smart contract coverage protocols and the V2 is still in use today. In late [----] Sherlock was finishing audits on the main protocol and looking to get an audit for a small update. Back then there were a handful of top audit firms and wed been lucky to work with one on the main protocol. Easily set the record for Sherlocks biggest expense ever. They already had a 5-month" [X Link](https://x.com/jack__sanford/status/1818274497100742689) 2024-07-30T13:16Z [----] followers, 12.9K engagements "@oot2k1 Yeah let's say it excludes frontend hacks or small hacks. Material loss of Aave's TVL only" [X Link](https://x.com/jack__sanford/status/1818617756649922643) 2024-07-31T12:00Z [----] followers, [--] engagements "I'm only aware of [--] cases where @sherlockdefi audited the same codebase simultaneously with another auditor. Here's how each turned out: Tokemak V2 Sherlock: [--] Critical/High [--] Medium @HalbornSecurity: [--] Critical/High [--] Medium Perennial V2 Sherlock: [--] Critical/High [--] Medium @zellic_io: [--] Critical/High [--] Medium Index Coop Sherlock: [--] Critical/High [--] Medium @ABDKconsulting: [--] Critical/High [--] Medium The [--] Highs for ABDK were an irrelevant comment line and an unresolved TODO comment. I think this is the best data out there showing the effectiveness of audit contests compared to traditional" [X Link](https://x.com/jack__sanford/status/1821207230890299605) 2024-08-07T15:30Z [----] followers, [----] engagements "@yashar0x @sherlockdefi @HalbornSecurity Did another auditor audit MakerDAO Endgame at the same time on the same commit hash" [X Link](https://x.com/jack__sanford/status/1821217259383062533) 2024-08-07T16:10Z [----] followers, [---] engagements "@Kwenta_io @sherlockdefi Excited for it" [X Link](https://x.com/jack__sanford/status/1821590164503982137) 2024-08-08T16:51Z [----] followers, [--] engagements "I recently learned that some whitehats don't submit Mediums to bug bounty programs when they find them The time required to write it up isn't worth it to them Imagine what their hourly rate must be π€―" [X Link](https://x.com/jack__sanford/status/1821874292490903973) 2024-08-09T11:40Z [----] followers, [----] engagements "@0xdeniz @MakerDAO @sherlockdefi Great stuff" [X Link](https://x.com/jack__sanford/status/1823711917070021017) 2024-08-14T13:22Z [----] followers, [--] engagements "The system may not be 100% perfect but it will probably reduce spam by 90%-99% by taking a controversial approach: A [---] USDC deposit is required for every submission. Sherlock only focuses on Critical-severity bounties (maybe Highs in special circumstances) so it's a [---] USDC refundable deposit to earn $50k or $500k or $2M etc. Reduces spam because losing [---] USDC on an invalid finding is painful -- but top whitehats won't blink to deposit [---] USDC for the potential to earn $500k on a valid submission" [X Link](https://x.com/jack__sanford/status/1825931068542943315) 2024-08-20T16:21Z [----] followers, [---] engagements "@danielvf Nice yeah the Mediums/Lows bring in a ton of submissions and even the valid ones are often not worth fixing on-chain" [X Link](https://x.com/jack__sanford/status/1825939093949395282) 2024-08-20T16:52Z [----] followers, [---] engagements "@gjaldon @sherlockdefi @Kwenta_io @aslanbekaibimov @marcin_ugarenko Congrats Always scary as Lead Senior Watson when there are so few issues" [X Link](https://x.com/jack__sanford/status/1826193706598256951) 2024-08-21T09:44Z [----] followers, [---] engagements "Really interesting transaction. I work at @sherlockdefi which has historically been a competitor to @code4rena so take this with a grain of salt but here's my guess as to what happened: March [----] Paradigm takes a 15% stake in Code4rena. It's their first security bet ever. Spirits are high and Code4rena gets its first cash infusion of $6M. Rest of [----] Pretty quiet. The bear market is in full force and audit contests are good but not great. January [----] The bull market comes back and so do audit contests. Spirits are high and everyone (Sherlock Code4rena etc.) is feeling good and doing lots" [X Link](https://x.com/jack__sanford/status/1826622377842622741) 2024-08-22T14:08Z [----] followers, 29.7K engagements "Step 1: Become a DeFi blue chip Step 2: Pay 100s of auditors to harden the codebase with @sherlockdefi Step 3: Become a consumer-facing household name This is the way π«‘ Sky is here. The best and easiest place to get rewarded for saving without giving up control. Discover the upgraded tokens new features and boosted Sky Token Rewards for early sign-ups. Follow this thread for the latest news and updates about SkyLaunch. https://t.co/Qc25KRPzR8 Sky is here. The best and easiest place to get rewarded for saving without giving up control. Discover the upgraded tokens new features and boosted Sky" [X Link](https://x.com/jack__sanford/status/1829203218359783541) 2024-08-29T17:03Z [----] followers, [----] engagements "A story in [--] parts π @andyfeili @lonelysloth_sec" [X Link](https://x.com/jack__sanford/status/1830585279146795262) 2024-09-02T12:35Z [----] followers, [----] engagements "The biggest announcement in audit contest judging EVER just dropped The best of Polymarket and Community Notes built exclusively for judging contest issues π₯ Introducing Real-Time Judging The final evolution of audit contest judging is here. "Polymarket meets Community Notes for Web3 Security" Get to mainnet 3x faster on average only at Sherlock https://t.co/pgcAyjNoek Introducing Real-Time Judging The final evolution of audit contest judging is here. "Polymarket meets Community Notes for Web3 Security" Get to mainnet 3x faster on average only at Sherlock https://t.co/pgcAyjNoek" [X Link](https://x.com/jack__sanford/status/1833877330462376295) 2024-09-11T14:36Z [----] followers, [----] engagements "Looking forward to speaking at @EFdevcon See you in Bangkok π" [X Link](https://x.com/jack__sanford/status/1841109183594447144) 2024-10-01T13:33Z [----] followers, [----] engagements "Hugely positive development to see major chains like @Optimism and @arbitrum subsidizing audit costs for protocol teams I hope many more ecosystems take this step Sherlock is honored to be a whitelisted auditor for the @arbitrum Security Subsidy Fund If you're a protocol team planning to deploy on Arbitrum apply below to have your audits paid for: https://t.co/wpYBGhWate Sherlock is honored to be a whitelisted auditor for the @arbitrum Security Subsidy Fund If you're a protocol team planning to deploy on Arbitrum apply below to have your audits paid for: https://t.co/wpYBGhWate" [X Link](https://x.com/jack__sanford/status/1841508404604657772) 2024-10-02T15:59Z [----] followers, [---] engagements "I feel guilty when I see messages like this. I want to help solve Web3 security for end users but the reality is that smart contract security is only part of the story. Grateful to those who are working in this area and I hope we see more entrepreneurs and companies jump in. We're fucking drowning in SEAL [---] tickets every damn day with people getting drained left and right. It's brutal and the reality is we're nowhere near fixing this. The harsh truth Most of these tickets are coming from basic web2 issuesphishing malware the usual bullshit. We're fucking drowning in SEAL [---] tickets every" [X Link](https://x.com/jack__sanford/status/1843224869875658761) 2024-10-07T09:40Z [----] followers, [----] engagements "Looking to hire an auditor. Must have: - [--] Medium findings in audit contests - 1st place 3x in $100k+ audit contests - LSW on Sherlock - LSR on Spearbit - 2+ years of audit firm experience - [--] Critical bug bounties on blue chip protocols - 6'5" - blue eyes" [X Link](https://x.com/jack__sanford/status/1845798458130682179) 2024-10-14T12:07Z [----] followers, 13.4K engagements "Smart contract hacks are becoming less frequent. North Korea probably has [---] cracked hackers all working in the same building. But guess what There are 1000s and 1000s of skilled auditors in Sherlock's Discord alone. The Persians won the battle of Thermopylae after all" [X Link](https://x.com/jack__sanford/status/1846885621677146256) 2024-10-17T12:07Z [----] followers, [----] engagements "A relevant metric for identifying a strong auditor (emphasis on audit): Coverage How many bugs did they find out of the total number of bugs found in the contest For example finding [--] out of [--] bugs (pictured below) is 85% coverage and that's extremely strong in an audit contest with [---] participants. A relevant metric for identifying a strong audit contest: Redundancy How many bugs were found by just one auditor If only one auditor finds the bug that's dangerous. You miss the bug if that auditor doesn't show up next time. This same @zerolendxyz contest had only [--] bug (a Medium) out of 26" [X Link](https://x.com/jack__sanford/status/1851968615219704285) 2024-10-31T12:45Z [----] followers, [----] engagements "Forget Satoshi Nakamoto. Who is PapaPitufo" [X Link](https://x.com/jack__sanford/status/1851998090611343693) 2024-10-31T14:42Z [----] followers, [--] engagements "This one is for protocol builders at Devcon Mark your calendar for 5:40pm today to learn about the [--] most common vulnerabilities found during audit contests so you can avoid these pitfalls https://app.devcon.org/schedule/LYFXZN https://app.devcon.org/schedule/LYFXZN" [X Link](https://x.com/jack__sanford/status/1856187881066508495) 2024-11-12T04:10Z [----] followers, [---] engagements "@krikoeth @OrderlyNetwork @sherlockdefi Well done π«‘" [X Link](https://x.com/jack__sanford/status/1857107881935639035) 2024-11-14T17:06Z [----] followers, [--] engagements "Spent an incredible two weeks discovering Thailand with the @sherlockdefi team in Chiang Mai and meeting many of the heroes of Web3 security and Ethereum in Bangkok. Thank you to Devcon @summit_defi and others for allowing me to speak. Looking forward to the next β" [X Link](https://x.com/jack__sanford/status/1858188996704096622) 2024-11-17T16:42Z [----] followers, [----] engagements "@StErMi @EFDevcon @Uniswap @unichain If this comes true projects will either have to deploy on Unichain do some kind of bridging with Unichain or use a non-Uniswap DEX on their home chain" [X Link](https://x.com/jack__sanford/status/1858195901459702073) 2024-11-17T17:10Z [----] followers, [---] engagements "Biggest theme from DeFi Security Summit is that Stolen Private Keys is now by far the biggest security risk in crypto. This means [--] things: 1) Smart contract auditing has been very effective π₯ 2) Smart contract security will lose priority π 3) More effort is needed on the opsec side Credit to @_iphelix for the image and a great talking making the security industry aware of this" [X Link](https://x.com/jack__sanford/status/1858483543518920855) 2024-11-18T12:13Z [----] followers, [----] engagements "Ok guys Vitalik is running his own audit contests now" [X Link](https://x.com/jack__sanford/status/1859918781243634129) 2024-11-22T11:16Z [----] followers, [----] engagements "Congratulations to @code4rena on joining the triple-digit club with @sherlockdefi 100+ audit contests in [----] This is not an easy accomplishment - no one else is even close π«‘" [X Link](https://x.com/jack__sanford/status/1861027808195322095) 2024-11-25T12:43Z [----] followers, [----] engagements "I'm incredibly bullish on Web3 security. The good guys have massive advantages over the bad guys. Black hat: learn alone hunt alone validate alone trust no one. Auditors: learn with peers hunt on teams use sounding boards see missed bugs quickly" [X Link](https://x.com/jack__sanford/status/1861395984573440457) 2024-11-26T13:06Z [----] followers, [----] engagements "Born: August [--] [----] Died: November [--] [----] RIP Tornado Cash sanctions. Privacy is legal again π«‘ Privacy wins. Today the Fifth Circuit held that @USTreasurys sanctions against Tornado Cash smart contracts are unlawful. This is a historic win for crypto and all who cares about defending liberty. @coinbase is proud to have helped lead this important challenge. 1/6 Privacy wins. Today the Fifth Circuit held that @USTreasurys sanctions against Tornado Cash smart contracts are unlawful. This is a historic win for crypto and all who cares about defending liberty. @coinbase is proud to have helped" [X Link](https://x.com/jack__sanford/status/1861569422302855485) 2024-11-27T00:35Z [----] followers, [----] engagements "@qedk_ @sherlockdefi Much appreciated π" [X Link](https://x.com/jack__sanford/status/1864001163210682605) 2024-12-03T17:38Z [----] followers, [--] engagements "@gjaldon @solana π" [X Link](https://x.com/jack__sanford/status/1864256581509984485) 2024-12-04T10:32Z [----] followers, [---] engagements "If you're building a math-heavy DeFi protocol you should do whatever it takes to have @panprog review your codebase. The distance between panprog and most auditors when it comes to derivatives protocols is astounding. Introducing @panprog a world-class blockchain auditor specializing in derivatives protocols and now the third founding researcher at @blackthornxyz. Panprog currently holds the #1 spot on Sherlocks leaderboard and is one of only [--] people to ever reach the top. Panprog's https://t.co/14a2FiRMgL Introducing @panprog a world-class blockchain auditor specializing in derivatives" [X Link](https://x.com/jack__sanford/status/1865022701854756925) 2024-12-06T13:17Z [----] followers, [----] engagements "Super fortunate to have @deadrosesxyz as a founding member of @blackthornxyz. If time is of the essence no one can thoroughly review a codebase faster than deadrosesxyz. There is scoping a codebase for most humans then there is scoping a codebase for deadrosesxyz. Introducing @deadrosesxyz the next founding security researcher at @blackthornxyz. Deadrosesxyz started as a bug bounty hunter garnering attention for high-profile finds in projects like @VelodromeFi Chronos @arkham LEVEL @muxprotocol and @ExtraFi_io. Since then https://t.co/ZlAE5u5DQx Introducing @deadrosesxyz the next founding" [X Link](https://x.com/jack__sanford/status/1865023682147471791) 2024-12-06T13:21Z [----] followers, [----] engagements "@bitc0x_eth @NethermindEth @AcrossProtocol @Uniswap @UMAprotocol @Polymarket Congrats on the move" [X Link](https://x.com/jack__sanford/status/1868749070753579451) 2024-12-16T20:04Z [----] followers, [---] engagements "@KupiaSecurity @sherlockdefi Strong year" [X Link](https://x.com/jack__sanford/status/1870928886785266009) 2024-12-22T20:26Z [----] followers, [--] engagements "Submitting bug bounties can help auditors prove this too. But theres more noise. Lets say you evaluate based on # of Criticals found or total $ awarded. How does the Wormhole $10M UUPS initialization bug fit in Before audit contests how could a Solidity auditor prove they are good at Rust If you wanted to learn a new language/stack become elite in it and get paid huge $$$ to audit it how would you do it Testing your skills in audit contests is so effective that I can't imagine Before audit contests how could a Solidity auditor prove they are good at Rust If you wanted to learn a new" [X Link](https://x.com/jack__sanford/status/1871519172758491179) 2024-12-24T11:31Z [----] followers, [----] engagements "Holy Rust π¦ I get to see a lot of unannounced codebases and it feels like every major protocol is moving to Rust this year. Might be a signal to keep an eye on @solana" [X Link](https://x.com/jack__sanford/status/1875143125309755797) 2025-01-03T11:32Z [----] followers, [----] engagements "@solana @aeyakovenko" [X Link](https://x.com/jack__sanford/status/1875143359368704232) 2025-01-03T11:33Z [----] followers, [---] engagements "Something crypto teaches you early on: There is no such thing as a price only an exchange rate. Gold outperformed the S&P [---] in [----]. The real return of the stock market is not what you think it is. Gold outperformed the S&P [---] in [----]. The real return of the stock market is not what you think it is" [X Link](https://x.com/jack__sanford/status/1875183378263326782) 2025-01-03T14:12Z [----] followers, [---] engagements "AI audit agents are going to be huge. @blocksek's experiment makes this extremely clear. I did V4 Damn Vulnerable DeFi V4 recently so I evaluated how approached it. Key takeaways: 1) Even though it's a general developer AI not a specialized auditing AI it solves the challenges quickly and doesn't cheat. 2) The overall structure of solutions isn't crazy novel (hard for it to be) but the implementation is custom and not a copy-paste job from an online solution. Also there aren't many online solutions for V4 because it's fairly new. 3) Its solution to a challenge revealed a second exploit that I" [X Link](https://x.com/jack__sanford/status/1875884200894808144) 2025-01-05T12:37Z [----] followers, [----] engagements "AI has turned each person into an editor instead of a writer. Instead of writing emails you edit emails. Instead of writing code you audit code. Keep an eye on auditors π" [X Link](https://x.com/jack__sanford/status/1876270035305685083) 2025-01-06T14:10Z [----] followers, [----] engagements "Let's GHO π¨ New contest: Aave v3.3 @aave DAO π¨ π· Sign up here: https://t.co/rZD3A5isVh Total Rewards: [------] USDC nSLOC: [----] Lead Senior Watson: @0xhyh Starts Monday January 13th at 15:00 UTC Check it out https://t.co/tKK8OoJzyU π¨ New contest: Aave v3.3 @aave DAO π¨ π· Sign up here: https://t.co/rZD3A5isVh Total Rewards: [------] USDC nSLOC: [----] Lead Senior Watson: @0xhyh Starts Monday January 13th at 15:00 UTC Check it out https://t.co/tKK8OoJzyU" [X Link](https://x.com/jack__sanford/status/1877431825351483894) 2025-01-09T19:06Z [----] followers, [----] engagements "Very important Even with AGI it will still be important to triangulate info from multiple sources Apply this to auditing as you see fit ive developed a new habit of asking questions to multiple llms (gpt grok gemini claude perplexity) as opposed to blindly trusting any single one. what ive found is while individually they all sound pretty intelligent more often than not their answers differ pretty dramatically. ive developed a new habit of asking questions to multiple llms (gpt grok gemini claude perplexity) as opposed to blindly trusting any single one. what ive found is while individually" [X Link](https://x.com/jack__sanford/status/1877715746110820489) 2025-01-10T13:54Z [----] followers, [---] engagements "I've heard some hype about @CertaiK_Agent @CertaiK_Agent are you a real AI audit agent Seeing a few security-related AI agents out there. Whos building an agent that could be competitive on @sherlockdefi Seeing a few security-related AI agents out there. Whos building an agent that could be competitive on @sherlockdefi" [X Link](https://x.com/jack__sanford/status/1878857825201570092) 2025-01-13T17:33Z [----] followers, [----] engagements "@CertaiK_Agent Do you know about audit contests Wed like to invite you to be the first AI Agent to compete on @sherlockdefi" [X Link](https://x.com/jack__sanford/status/1878863221446398135) 2025-01-13T17:54Z [----] followers, [---] engagements "Top [--] AI Security Agents (January 14th 2025) Based on some early research these security agents seem to have the most mindshare and at least a small track record of finding vulnerabilities. 1) Audit Agent by @NethermindSec I've only heard good things about this agent and I know a lot of people who have tried it. Interface is very easy to use. Its business model (showing you the top vulnerability but you pay for the rest) also exudes confidence. 2) Certaik @CertaiK_Agent Listed on @virtuals_io with a $5M market cap. I've met the founders and they seem technically strong. It has discovered some" [X Link](https://x.com/jack__sanford/status/1879145189282918800) 2025-01-14T12:35Z [----] followers, 12K engagements "@brozzeur @NethermindSec @h4ck_terminal @sherlockdefi Would love to see @h4ck_terminal in action" [X Link](https://x.com/jack__sanford/status/1879483929054556336) 2025-01-15T11:01Z [----] followers, [--] engagements "Great to see AI security agents and @sherlockdefi getting some attention from the biggest AI agent accounts π₯ Auditor Agents are now participating in competitions @CertaiK_Agent is competing in the AAVE V3.3 contest Is this more of what's to come I firmly believe agents battle testing ecosystem protocols will become BAU in the near future /7 https://t.co/6cCs607oHU Auditor Agents are now participating in competitions @CertaiK_Agent is competing in the AAVE V3.3 contest Is this more of what's to come I firmly believe agents battle testing ecosystem protocols will become BAU in the near future" [X Link](https://x.com/jack__sanford/status/1879488887212659181) 2025-01-15T11:20Z [----] followers, [----] engagements "I was skeptical for a long time but I've seen enough. AI agents are going to fundamentally change crypto security. Instead of fighting it @sherlockdefi's new goal is to bring security researchers along for the ride π" [X Link](https://x.com/jack__sanford/status/1879512403836387617) 2025-01-15T12:54Z [----] followers, [----] engagements "Let me be clear: I don't think AI security agents will take the jobs of top auditors anytime soon. But I do see the "lower end" of the security market shifting towards AI agents over time. For example I would be surprised if CertiK's business of ERC-20 token audits wasn't already fully automated by AI or otherwise. Bugs that are both common and low-context will be found by AIs more and more. Static analyzers can already find a lot of them without using any AI. Because AIs need lots of training data and can only accept a small amount of source code as input common bugs (appearing often in" [X Link](https://x.com/jack__sanford/status/1879512406767927469) 2025-01-15T12:54Z [----] followers, [----] engagements "The Ultimate Security x AI Agent Guide Do we need AI agents in crypto security Are AI agents just another VC meme It all starts with the existing fragmentation in security: There are over [---] active audit firms1 and [----] active independent auditors in crypto security. Why is this the case It exists because there's no right way to secure a codebase. Any method that results in finding vulnerabilities is legitimate. And no single method can provably find every vulnerability. These are facts. To complicate things further many vulnerabilities are kept private. So even if you built a machine that" [X Link](https://x.com/jack__sanford/status/1880230887503147070) 2025-01-17T12:29Z [----] followers, [----] engagements "No audit reports no Rust devs no test suite. Who knew $10Bn could be created with these lines of code:" [X Link](https://x.com/jack__sanford/status/1881348463272788470) 2025-01-20T14:30Z [----] followers, [----] engagements "Back when forking Aave was the craziest thing the president had done in this space π‘ Bitcoin is a memecoin and DeFi is dead as we know it. @jack__sanford CEO of @sherlockdefi drops a spicy take on $BTC AAVE forks and the future of DeFi. Catch the clip from our Bangkok event π https://t.co/gyMiTYSRuz π‘ Bitcoin is a memecoin and DeFi is dead as we know it. @jack__sanford CEO of @sherlockdefi drops a spicy take on $BTC AAVE forks and the future of DeFi. Catch the clip from our Bangkok event π https://t.co/gyMiTYSRuz" [X Link](https://x.com/jack__sanford/status/1881372361905393986) 2025-01-20T16:04Z [----] followers, [---] engagements "I learned about the "first deposit" bug in January [----] for the first time. Multiple projects paid out six-figure bounties for it. Exactly [--] years later it's worth $600. Not sure if that's a lot or a little for a pretty simple bug. Very cool from Sherlock to share how much each finding was paid (per auditor but in total can be calculated) so that you can adjust your strategy for contests. From a pot of $71k $21k was paid for Highs and $50k for Mediums in this case. Max theoretical for one user: $5.5k https://t.co/oALxdmjn8U Very cool from Sherlock to share how much each finding was paid (per" [X Link](https://x.com/jack__sanford/status/1881461732025229606) 2025-01-20T22:00Z [----] followers, [----] engagements "Super cool page that I don't think anybody knows about. Sherlock will pay you for vulnerabilities found after an audit but before the official bug bounty goes live" [X Link](https://x.com/jack__sanford/status/1881720590639518081) 2025-01-21T15:08Z [----] followers, [----] engagements "Question for security researchers If Tornado Cash asked you for a solo audit (at a fair price) would you do it Yes No Yes No" [X Link](https://x.com/jack__sanford/status/1882046868924104763) 2025-01-22T12:45Z [----] followers, [---] engagements "Hearing multiple stories about audit agents finding bugs missed by audit firms. Is this the flippening" [X Link](https://x.com/jack__sanford/status/1882404414238904534) 2025-01-23T12:26Z [----] followers, 10.2K engagements "Bybit $1.5Bn Hack Explained Like many crypto companies Bybit keeps important funds in a "cold wallet". A cold wallet is controlled by devices disconnected from the internet for extra security. And multiple people need to approve every transaction that happens in this wallet (it's a multi-signature wallet or multi-sig for short). If you remember the $600M Ronin hack that was a simple leak of private keys. The "people" in charge of approving transactions accidentally allowed their private keys to be found by hackers. This attack is more sophisticated. It seems that the honest people in charge" [X Link](https://x.com/jack__sanford/status/1892995011513356668) 2025-02-21T17:49Z [----] followers, [----] engagements "Good adjustment Just a few minutes ago President Trump signed an Executive Order to establish a Strategic Bitcoin Reserve. The Reserve will be capitalized with Bitcoin owned by the federal government that was forfeited as part of criminal or civil asset forfeiture proceedings. This means it Just a few minutes ago President Trump signed an Executive Order to establish a Strategic Bitcoin Reserve. The Reserve will be capitalized with Bitcoin owned by the federal government that was forfeited as part of criminal or civil asset forfeiture proceedings. This means it" [X Link](https://x.com/jack__sanford/status/1897819682402713964) 2025-03-07T01:20Z [----] followers, [---] engagements "Looking forward to @EthCC Say hello to more EthCC8 speakers Victoria Calmon from Mento Labs (@v_calmon) Track: π’ Product & Marketers Jack Sanford from Sherlock (@jack__sanford) Track: π Security Yang Wao from Spacecoin (@yangwao) Track: πΆ Cypherpunk & Privacy Xtina from Squid (@0xtna) Track: π¦ https://t.co/chQMzZSOvu Say hello to more EthCC8 speakers Victoria Calmon from Mento Labs (@v_calmon) Track: π’ Product & Marketers Jack Sanford from Sherlock (@jack__sanford) Track: π Security Yang Wao from Spacecoin (@yangwao) Track: πΆ Cypherpunk & Privacy Xtina from Squid (@0xtna) Track: π¦" [X Link](https://x.com/jack__sanford/status/1902033282948092198) 2025-03-18T16:24Z [----] followers, [---] engagements "@lakejynch @spearbit @cantinaxyz @sherlockdefi This you π€‘ https://x.com/lakejynch/status/1837877973917356064 @CupOJoseph @pashovkrum @code4rena Wrt 3: Ive looked at this space for a very long time. Its my opinion that you cant insure these things. Wrt 1&2: Pashov is good cantina is better π (my opinion) https://x.com/lakejynch/status/1837877973917356064 @CupOJoseph @pashovkrum @code4rena Wrt 3: Ive looked at this space for a very long time. Its my opinion that you cant insure these things. Wrt 1&2: Pashov is good cantina is better π (my opinion)" [X Link](https://x.com/jack__sanford/status/1905370583438590318) 2025-03-27T21:25Z [----] followers, [----] engagements "Something historic may be dropping next week π" [X Link](https://x.com/jack__sanford/status/1905572827161391392) 2025-03-28T10:49Z [----] followers, [----] engagements "@realpeterjm Lol yes" [X Link](https://x.com/jack__sanford/status/1905608419479875804) 2025-03-28T13:10Z [----] followers, [---] engagements "@lakejynch @spearbit @cantinaxyz @sherlockdefi Let me tweet Sherlock's balance sheet right away. Sherlock has paid 100% of claims in full over its [---] year history. Speaking of balance sheets I hear Spearbit/Cantina has been trying to raise for the last [--] months without success. Care to share your balance sheet" [X Link](https://x.com/jack__sanford/status/1906807753332707598) 2025-03-31T20:36Z [----] followers, [---] engagements "@usualmoney @sherlockdefi @NexusMutual Amazing commitment to security π₯" [X Link](https://x.com/jack__sanford/status/1907428795549704415) 2025-04-02T13:43Z [----] followers, [---] engagements "@0xflamebit @sherlockdefi @usualmoney @NexusMutual Exactly we had to wait an extra day" [X Link](https://x.com/jack__sanford/status/1907442912742293989) 2025-04-02T14:40Z [----] followers, [--] engagements "@scottgralnick @sherlockdefi @usualmoney @NexusMutual π" [X Link](https://x.com/jack__sanford/status/1907480061793411140) 2025-04-02T17:07Z [----] followers, [--] engagements "@TheWeb3Mechanic @banditx0x @bountyhunt3rz Successfully performing an exploit on-chain is not free" [X Link](https://x.com/jack__sanford/status/1908925587629957522) 2025-04-06T16:51Z [----] followers, [---] engagements "Product innovators: @code4rena @immunefi Fast followers: @spearbit / @cantinaxyz By switching to Sherlock's LSW model now Cantina is admitting they've been doing low-quality audits for a year. Projects should consider asking for a refund. https://docs.cantina.xyz/cantina-docs/cantina-competitions/fellowship-steward-model Hilarious lack of product leadership from @spearbit / @cantinaxyz Sept 2021: @sherlockdefi pioneers audits with independent auditors Dec 2021: @spearbit copies the approach Aug 2022: @sherlockdefi offers audit contests Dec 2023: @cantinaxyz copies the approach Sept 2024:" [X Link](https://x.com/jack__sanford/status/1909190917057327548) 2025-04-07T10:26Z [----] followers, 10.7K engagements "@high_byte @code4rena @immunefi @spearbit @cantinaxyz You should talk to some of those teams about their experience" [X Link](https://x.com/jack__sanford/status/1909242013054034056) 2025-04-07T13:49Z [----] followers, [---] engagements "@0xKose @sherlockdefi Congrats Huge achievement" [X Link](https://x.com/jack__sanford/status/1914785107006705884) 2025-04-22T20:55Z [----] followers, [---] engagements "@EFDevcon @OpenZeppelin @coinfabrik @theredguild @opsek_io @sherlockdefi for sure" [X Link](https://x.com/jack__sanford/status/1922728685842428193) 2025-05-14T19:00Z [----] followers, [---] engagements "Some other use cases: - Self-custody (government can't take your money) - Private payments (such as Vitalik donating to Ukraine) - Hedge against currency debasement (stablecoins are not stable - although holding bitcoin may fall under 'exposure to cryptocurrencies') imo the big unlock of crypto is economic freedom which is a fairly narrow set of use cases but worth at least many many trillions and fundamentally changes the world by taking power from the government and giving it back to the people" [X Link](https://x.com/jack__sanford/status/1934017580995391940) 2025-06-14T22:38Z [----] followers, [---] engagements "@ObsidianAudits @sherlockdefi @yearnfi Great performance would expect nothing less" [X Link](https://x.com/jack__sanford/status/1934969230027538799) 2025-06-17T13:39Z [----] followers, [---] engagements "@code4rena Cool now do it for traditional audits" [X Link](https://x.com/jack__sanford/status/1934995234175537549) 2025-06-17T15:23Z [----] followers, [----] engagements "http://x.com/i/article/1934287831989460992 http://x.com/i/article/1934287831989460992" [X Link](https://x.com/jack__sanford/status/1935306618998038680) 2025-06-18T12:00Z [----] followers, 139.2K engagements "@ZhenglongFi @sherlockdefi @MakerDAO @aave @Optimism @GMX_IO @OlympusDAO Looking forward to it" [X Link](https://x.com/jack__sanford/status/1937634550043095542) 2025-06-24T22:10Z [----] followers, [---] engagements "Looking forward to speaking about blockchain security at EthCC. See you there" [X Link](https://x.com/jack__sanford/status/1937942391081566368) 2025-06-25T18:34Z [----] followers, [----] engagements "Yeah disappointing to see @spearbit @cantinaxyz ignore the security community that made them successful. Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless deficiencies of the Cork contest and no hint of a response soon. With the amount of https://t.co/Z1bejAqiC2 Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless" [X Link](https://x.com/jack__sanford/status/1937943193418363287) 2025-06-25T18:37Z [----] followers, [----] engagements "@chrispinnock Cooking" [X Link](https://x.com/jack__sanford/status/1940379652968820898) 2025-07-02T11:58Z [----] followers, [---] engagements "Are they any good crypto debit/credit cards available to US residents Ideally with EVM DeFi as the backend (even more ideally audited by @sherlockdefi)" [X Link](https://x.com/jack__sanford/status/1941552984317714535) 2025-07-05T17:41Z [----] followers, [----] engagements "@0xfrsmln @sherlockdefi @BreederDodo Nicely done" [X Link](https://x.com/jack__sanford/status/1942257502571069868) 2025-07-07T16:20Z [----] followers, [---] engagements "@adrianromero @1inch @cove_fi Nice writeup" [X Link](https://x.com/jack__sanford/status/1943402834835190200) 2025-07-10T20:11Z [----] followers, [---] engagements "@GMX_IO Thanks for sharing. Wishing the best" [X Link](https://x.com/jack__sanford/status/1943405430631272750) 2025-07-10T20:22Z [----] followers, [---] engagements "@GMX_IO Well handled" [X Link](https://x.com/jack__sanford/status/1943668422056755670) 2025-07-11T13:47Z [----] followers, [----] engagements "Very honored to be chosen as the last line of defense for Ethereum π‘ We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade We love collaborating with the @ethereumfndn which always puts security first. Stay tuned for more details to come https://t.co/qBjiW7Tq0v We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade We love collaborating with the @ethereumfndn which always puts security first. Stay tuned for more details to come https://t.co/qBjiW7Tq0v" [X Link](https://x.com/jack__sanford/status/1946188827627786668) 2025-07-18T12:42Z [----] followers, [----] engagements "Every contest platform and bug bounty platform is essentially becoming unusable for protocol teams due to LLM spam. This rule is one of the main reasons why Sherlock contests don't suffer the same fate. I understand it's harsh (temporarily holding back payments) but it's not difficult to pass (1 valid issue for every [--] invalids). If you're submitting more than [--] invalid issues for every [--] valid issue it becomes less clear that your contribution in the contest is providing real value. Do you have an idea for how to combat LLM spam in a more Watson-friendly way" [X Link](https://x.com/jack__sanford/status/1947655206994362676) 2025-07-22T13:49Z [----] followers, [----] engagements "It sounds like you're submitting too many invalid issues. Each of those issues has a big cost that I think most SRs don't understand. The community reviews them the Lead Judge reviews them the Sherlock Judge reviews them and many protocol teams still review every issue. And it does stop spam. You can't create a new account and earn money right away. Look at the docs and you'll see why. So that argument is incorrect" [X Link](https://x.com/jack__sanford/status/1947659257551171792) 2025-07-22T14:05Z [----] followers, [----] engagements "@TheWeb3Mechanic @0x15_eth @sherlockdefi It's true that sometimes it's hard to know ahead of time if an issue will be judged as valid or not. That's why the ratio 4:1 is so generous. It allows for lots of breathing room" [X Link](https://x.com/jack__sanford/status/1947670571665564106) 2025-07-22T14:50Z [----] followers, [---] engagements "@0xSlowbug @0x15_eth @sherlockdefi Introducing Lows will likely increase the amount of LLM spam by 2-5x and judging time by even more" [X Link](https://x.com/jack__sanford/status/1947670870467526998) 2025-07-22T14:51Z [----] followers, [---] engagements "@boserba77 @0x15_eth @sherlockdefi Can you explain more about how this works" [X Link](https://x.com/jack__sanford/status/1947675622672679182) 2025-07-22T15:10Z [----] followers, [---] engagements "@carlitox477 @0x15_eth @sherlockdefi Not a bad idea. So like last [--] issues count towards the ratio and nothing else" [X Link](https://x.com/jack__sanford/status/1947830128609751381) 2025-07-23T01:24Z [----] followers, [---] engagements ".@sherlockdefi and @blackthornxyz have helped secure recent Aave V3 versions. Good smart contract security has literally become systemically important to the traditional financial system" [X Link](https://x.com/jack__sanford/status/1947997846931652622) 2025-07-23T12:30Z [----] followers, [---] engagements "Franklin Templeton is top [--] on Arbitrum. Time to wake up. The institutions are here" [X Link](https://x.com/jack__sanford/status/1949805034092581144) 2025-07-28T12:12Z [----] followers, 21.5K engagements "57 views. The core devs of the first $70Bn protocol talk about how they did it. Aave is bigger than a Top [--] US bank. [--] views. We are still so early" [X Link](https://x.com/jack__sanford/status/1955609030044627054) 2025-08-13T12:35Z [----] followers, [----] engagements "Yield Basis is built by Curve founder @newmichwill and is likely to become a major primitive in the space Definitely worth taking a look π The @yieldbasis Bug Bounty Contest starts today with rewards up to $150000 Happy hunting researchers. https://t.co/mw7L6G3LO5 The @yieldbasis Bug Bounty Contest starts today with rewards up to $150000 Happy hunting researchers. https://t.co/mw7L6G3LO5" [X Link](https://x.com/jack__sanford/status/1957448805156073582) 2025-08-18T14:25Z [----] followers, [----] engagements "@oxbehindthecode @sherlockdefi @fredrik0x @ethereumfndn Yes should be up soon" [X Link](https://x.com/jack__sanford/status/1957843645303836972) 2025-08-19T16:34Z [----] followers, [--] engagements "The time has come for this conversation. What should be the fee to submit a finding in an audit contest Free (I love LLM spam) $1 $25 or higher $5 Free (I love LLM spam) $1 $25 or higher $5" [X Link](https://x.com/jack__sanford/status/1961413617196159367) 2025-08-29T13:00Z [----] followers, 23.7K engagements "My current view of the "endgame" for audit contest and bug bounty submission costs. Please point out any flaws or counterpoints in this argument. @0xFlint_ I don't think $0.10 stops 99% of slop. AI audit companies produce tons of hallucinated issues and these companies now use contests as a cheap feedback loop to train their AI. So contest judges are literally training these companies' AI models for free (or very cheap). And the @0xFlint_ I don't think $0.10 stops 99% of slop. AI audit companies produce tons of hallucinated issues and these companies now use contests as a cheap feedback loop" [X Link](https://x.com/jack__sanford/status/1961488466006479241) 2025-08-29T17:57Z [----] followers, [----] engagements "Can you explain more I believe Sherlock has by far the most protection for white hats than any platform. For example disputed issues go to a council vote and then to the UMA optimistic oracle at Sherlock. On Cantina a project can rug white hats 5x before they are removed from the platform (my understanding). Can you go into detail about why you have this preference If you find a bug worth $100000 it seems like paying $250 to submit and get first-class priority support from real security researchers (instead of random triagers) would be welcome" [X Link](https://x.com/jack__sanford/status/1961858549111509207) 2025-08-30T18:28Z [----] followers, [----] engagements "VP of Security at @0xPolygon confirming that top security teams are being DDOS'd by AI spam submissions π And it will only get worse "AI is creating an unexpected crisis for security teams: not through sophisticated attacks but by overwhelming human reviewers with exponential spam generation." Check out the full episode with @jack__sanford and @cvhessert the VP of Security at @0xPolygon Labs below https://t.co/k1xwWcs7u5 "AI is creating an unexpected crisis for security teams: not through sophisticated attacks but by overwhelming human reviewers with exponential spam generation." Check out" [X Link](https://x.com/jack__sanford/status/1962864925476610449) 2025-09-02T13:07Z [----] followers, [----] engagements "Very fun episode chatting with the man behind the $70Bn protocol @eboadom Episode [--] of The Web3 Security Podcast is now live This week @eboadom Co-founder of @bgdlabs and former CTO of @aave joins @jack__sanford to discuss managing $70Billion in assets major protocol upgrade challenges and more Full episode below π https://t.co/lzXs3JKUmO Episode [--] of The Web3 Security Podcast is now live This week @eboadom Co-founder of @bgdlabs and former CTO of @aave joins @jack__sanford to discuss managing $70Billion in assets major protocol upgrade challenges and more Full episode below π" [X Link](https://x.com/jack__sanford/status/1963252631901499585) 2025-09-03T14:47Z [----] followers, [---] engagements "Interviewed my first North Korean yesterday Took [--] mins to figure it out Guy did undergrad at UC Berkeley but couldn't name a single street or restaurant in Berkeley π Worked in-person at Meta [--] years but didn't know where his office was Seems if you go into detail about their resume they can't answer much Keep an eye out for this one: @zachxbt https://www.linkedin.com/in/cturney/ https://www.linkedin.com/in/cturney/" [X Link](https://x.com/jack__sanford/status/1965390984100913481) 2025-09-09T12:25Z [----] followers, 10K engagements "Excited to announce Sherlock's AI auditor. @IAm0x52 is the full-time AI research lead with @muellerberndt joining recently. And it works like magic. "I've tried many different AI audit tools and none come even close to Sherlock AI." - @offerijns CTO of @centrifuge Moreπ Today were introducing Sherlock AI an auditing assistant modeled on the expertise of the worlds top smart contract researchers. Catch vulnerabilities as you build arrive at audits prepared and ship your code with confidence. https://t.co/oyLeDBOKwQ Today were introducing Sherlock AI an auditing assistant modeled on the" [X Link](https://x.com/anyuser/status/1970509065160929709) 2025-09-23T15:22Z [----] followers, 15.8K engagements "We haven't released Sherlock AI's track record in full but we've found Highs and Criticals in: 1) Unaudited codebases of top [--] TVL projects 2) Audited codebases of top [--] TVL projects 3) Bug bounty programs 4) Audit contests" [X Link](https://x.com/jack__sanford/status/1970509070038901045) 2025-09-23T15:22Z [----] followers, [---] engagements "And beyond that I believe our team has built the best software (UI UX GitHub integration etc.) for any dev team. Sherlock AI has abilities that totally redefine developer workflows. Join the beta now before it ends (and prices go up) π https://audits.sherlock.xyz/request-audit https://audits.sherlock.xyz/request-audit" [X Link](https://x.com/jack__sanford/status/1970509071406026989) 2025-09-23T15:22Z [----] followers, [---] engagements "After spending some time reviewing this vulnerability and talking to researchers I think Sherlock should have announced this vulnerability as High instead of Critical. The bug bounty platform on which it was submitted classified it as High. Sherlock AI discovered a Critical vulnerability affecting $2400000 in a live lending protocol. This is the first known instance of an AI uncovering a multi-million-dollar bug on mainnet. Here's how Sherlock AI surfaced the vulnerability: https://t.co/qHKzLAJOJr Sherlock AI discovered a Critical vulnerability affecting $2400000 in a live lending protocol." [X Link](https://x.com/jack__sanford/status/1973823790053503205) 2025-10-02T18:53Z [----] followers, [----] engagements "Awesome validation of Sherlock AI by an early beta tester (@centrifuge) Lots of improvements coming soon π Top teams are already starting to feel the impact Sherlock AI can have. Don't believe us Ask @offerijns CTO of @centrifuge https://t.co/auYcUMaSkm Top teams are already starting to feel the impact Sherlock AI can have. Don't believe us Ask @offerijns CTO of @centrifuge https://t.co/auYcUMaSkm" [X Link](https://x.com/jack__sanford/status/1975366711810593045) 2025-10-07T01:04Z [----] followers, [---] engagements "@offerijns @centrifuge Great chatting" [X Link](https://x.com/jack__sanford/status/1978466793908793608) 2025-10-15T14:23Z [----] followers, [---] engagements "I've been asked to turn this thread into a lightning talk for @EthereumDenver's People's Choice [----]. I'll break down the $1.5Bn Bybit hack and share simple steps you can take so it doesn't happen to you π β Vote for it if you're a member of @SporkDao https://jokerace.io/contest/base/0x8c5d1b5a61d5347e626759500e2fe47037be8ea8/submission/76859480493869597113716665257736352966266862061935663928840378171516690382077 Bybit $1.5Bn Hack Explained Like many crypto companies Bybit keeps important funds in a "cold wallet". A cold wallet is controlled by devices disconnected from the internet for extra" [X Link](https://x.com/jack__sanford/status/1893071593422618834) 2025-02-21T22:53Z [----] followers, [----] engagements "Aave crossing $50Bn is very significant. In [----] Dodd-Frank declared any bank over $50Bn in assets a "Systemically Important Financial Institution" and added extra regulations. Many banks kept assets at $49Bn to avoid tripping it. Aave blew right past the $50Bn mark" [X Link](https://x.com/jack__sanford/status/1947997844926873728) 2025-07-23T12:30Z [----] followers, [----] engagements "@0xFlint_ Yeah I think this is the right question. And it only needs to drive away the AIs that have a false positive ratio that is too high. But that may be all of them currently" [X Link](https://x.com/jack__sanford/status/1961494297531822379) 2025-08-29T18:20Z [----] followers, [----] engagements "Two steps to become a go-to independent auditor for a top protocol team: 1) Learn their codebase better than anyone 2) Be a high-trust individual Researchers if you want to work with top protocols like @aave there is no shortcut for putting in the hours. Check out the full episode with @jack__sanford and @eboadom Co-founder of @bgdlabs and former CTO of @aave below https://t.co/s6oGz1bre6 Researchers if you want to work with top protocols like @aave there is no shortcut for putting in the hours. Check out the full episode with @jack__sanford and @eboadom Co-founder of @bgdlabs and former CTO" [X Link](https://x.com/jack__sanford/status/1965379659064803518) 2025-09-09T11:40Z [----] followers, [----] engagements "Special thanks to all the researchers who participated in the Fusaka contest on Sherlock Some really great findings and Fusaka is on track for mainnet π The Ethereum testnet Sepolia has been successfully upgraded to Fusaka Next up is the Hoodi testnet which is the final testnet being upgraded. If all goes well with Hoodi Fusaka should land on mainnet in early December. The Ethereum testnet Sepolia has been successfully upgraded to Fusaka Next up is the Hoodi testnet which is the final testnet being upgraded. If all goes well with Hoodi Fusaka should land on mainnet in early December" [X Link](https://x.com/jack__sanford/status/1978096972423668209) 2025-10-14T13:54Z [----] followers, [----] engagements "Check out the $250000 @centrifuge contest that kicks off today If you like clean codebases this one is for you "We took every single low and even informational issue seriously. Every single issue we're thinking about how can we design the system to be more defensive" Watch the full episode with @offerijns the CTO at @centrifuge and @jack__sanford below https://t.co/ZzWT3iMaJG "We took every single low and even informational issue seriously. Every single issue we're thinking about how can we design the system to be more defensive" Watch the full episode with @offerijns the CTO at @centrifuge" [X Link](https://x.com/jack__sanford/status/1980311476402548920) 2025-10-20T16:33Z [----] followers, [----] engagements "Very fun episode Coordinating security upgrades across disparate chains in the Cosmos ecosystem is π€― Episode [--] of The Web3 Security Podcast is now live This week @BPIV400 co-CEO of @cosmoslabs_io joins our CEO @jack__sanford to discuss prioritizing security in development @Cosmos Hub deployment and more Watch the full episode below https://t.co/D1tNyADAxA Episode [--] of The Web3 Security Podcast is now live This week @BPIV400 co-CEO of @cosmoslabs_io joins our CEO @jack__sanford to discuss prioritizing security in development @Cosmos Hub deployment and more Watch the full episode below" [X Link](https://x.com/jack__sanford/status/1980987173362143726) 2025-10-22T13:18Z [----] followers, [---] engagements "Sherlock was busy in Q3 Trusted by the best at every step of the journey. https://t.co/zjCqVxKE2i Trusted by the best at every step of the journey. https://t.co/zjCqVxKE2i" [X Link](https://x.com/jack__sanford/status/1980987341310500889) 2025-10-22T13:19Z [----] followers, [----] engagements "The incorrect fix is related to the $7.33M live vulnerability that was caught by Cyfrin while the contracts were live on mainnet. Second image is the post-mortem of the $7.33M live vulnerability: It seems the fix you suggested allowed this vulnerability to be possible on mainnet for weeks. Bunni was at risk of being hacked for $7.33M because of a bad fix suggestion from a Pashov audit but you say that Bunni's security outcome was due to their incorrect approach. It seems misleading. From the Cyfrin audit report: https://blog.bunni.xyz/posts/bug-disclosure-reentrancy-lock-bypass/" [X Link](https://x.com/jack__sanford/status/1981379214906384397) 2025-10-23T15:16Z [----] followers, [----] engagements "AI Auditing and the Future of Web3 Security with some of the top AI audit firms This panel is going to be very cool π AI auditing is the hottest topics in Web3 security. How close are we to reliable automation At DSS @blocksek leads @ChanniGreenwall @balakhonoff @nicowaisman and @jack__sanford in a discussion on what AI can do in audits today where it fails and how it fits along humans. https://t.co/4bWyMi82Gt AI auditing is the hottest topics in Web3 security. How close are we to reliable automation At DSS @blocksek leads @ChanniGreenwall @balakhonoff @nicowaisman and @jack__sanford in a" [X Link](https://x.com/jack__sanford/status/1983975936019329264) 2025-10-30T19:14Z [----] followers, [---] engagements "Already reading the 2nd edition of Mastering Ethereum First edition + Ethereum whitepaper + How to DeFi got me into Ethereum back in the day Cool that it's made by an all-Italian team Mastering Ethereum 2nd edition is officially out. How can you read it - Online for free: in the next few days/weeks we will publish it on github/x and probably other venues - Kindle: you can buy it on amazon - Paperback: you can buy it on amazon - Online not for free (doesn't Mastering Ethereum 2nd edition is officially out. How can you read it - Online for free: in the next few days/weeks we will publish it on" [X Link](https://x.com/jack__sanford/status/1984218290995241125) 2025-10-31T11:18Z [----] followers, [----] engagements "Highly recommend this podcast with @drakefjustin if you want to: 1) Learn the what and why of @ethereum's ZK and quantum roadmap 2) Understand what it takes to be a top contributor at a $400Bn+ protocol "Having a blockchain that is so secure that nothing can break it not a nation state not a quantum computer that is the dream that we have" Episode [--] of The Web3 Security Podcast with @jack__sanford and @drakefjustin senior researcher at the @ethereumfndn is now live https://t.co/ICVObY9j5S "Having a blockchain that is so secure that nothing can break it not a nation state not a quantum" [X Link](https://x.com/jack__sanford/status/1986097032474304645) 2025-11-05T15:43Z [----] followers, [---] engagements "@Balancer Great writeup and transparency" [X Link](https://x.com/jack__sanford/status/1986242565717582238) 2025-11-06T01:21Z [----] followers, [---] engagements "Come hang with @sherlockdefi @ethereumfndn and @gnosisdotio at an awesome venue in Buenos Aires next week. Message me or someone at Sherlock to make sure you get in π Will you be in Buenos Aires for @summit_defi and @EFDevcon Join us for Proof of Security co-hosted by the @ethereumfndn and @gnosisdotio Expect a keynote panel and open networking amongst leaders shaping security infrastructure DeFi and more. Sign up below π Will you be in Buenos Aires for @summit_defi and @EFDevcon Join us for Proof of Security co-hosted by the @ethereumfndn and @gnosisdotio Expect a keynote panel and open" [X Link](https://x.com/jack__sanford/status/1988281486248952245) 2025-11-11T16:23Z [----] followers, [----] engagements "Giving a state of the union talk in a few hours about AI in Web3 Security with Coinbase Dozens of hours and dozens of interviews with devs and SRs went into this π¨π» Our CEO @jack__sanford will be live with @buildonbase for the Coinbase Security Series today at 6pm UTC Topic: How Web3 Security is Changing with AI Set your reminders now Our CEO @jack__sanford will be live with @buildonbase for the Coinbase Security Series today at 6pm UTC Topic: How Web3 Security is Changing with AI Set your reminders now" [X Link](https://x.com/jack__sanford/status/1989311791109718362) 2025-11-14T12:37Z [----] followers, [---] engagements "@QwQiao When I worked at Morgan Stanley and Citadel the biggest joke position in both companies was the Chief Economist" [X Link](https://x.com/jack__sanford/status/1990224737738330557) 2025-11-17T01:05Z [----] followers, [---] engagements "Really cool conversation with @sha2nk_ of @coinbase Web3 security is getting so good that Web2 attack vectors are becoming bigger targets "Anything we want to launch on-chain we have to be absolutely sure of. Absolutely zero room for error." This week @sha2nk_ Head of Security @base joins our CEO @jack__sanford for Episode [--] of The Web3 Security Podcast Full episode below π https://t.co/PBTCZ0ygQA "Anything we want to launch on-chain we have to be absolutely sure of. Absolutely zero room for error." This week @sha2nk_ Head of Security @base joins our CEO @jack__sanford for Episode [--] of The" [X Link](https://x.com/jack__sanford/status/1991205113004687591) 2025-11-19T18:01Z [----] followers, [---] engagements "It's clear that Aave V4 wants to be a vacuum for the highest-quality collateral in the crypto space I've never seen a concept where a borrower pays less interest if their collateral quality is higher very cool A more detailed (and technical) overview of the protocol: https://t.co/EzNha7tEmA A more detailed (and technical) overview of the protocol: https://t.co/EzNha7tEmA" [X Link](https://x.com/jack__sanford/status/1993296862959525990) 2025-11-25T12:33Z [----] followers, [----] engagements "If you can crack Aave V4 your life will change. @aave V4 has already been reviewed by legends like @deadrosesxyz @Montyly @IAm0x52 @xiaoming9090 Now @0xSimao is putting his #2 ranking and [---] leaderboard points at risk to lead the Aave V4 contest. Starts today π I personally audited this as part of the @blackthornxyz engagement. Tightest codebase I've ever seen. If I had to bet on anybody in the world to break it though I'd bet on @0xSimao I personally audited this as part of the @blackthornxyz engagement. Tightest codebase I've ever seen. If I had to bet on anybody in the world to break it" [X Link](https://x.com/jack__sanford/status/1995465149461954813) 2025-12-01T12:09Z [----] followers, 10.2K engagements "@AnthropicAI @MATSprogram Very cool. Why only look at Binance Smart Chain for post-March [----] contracts Either way earning $3694 post-March is cool but @sherlockdefi AI already uncovered a $350000 exploit in a live contract: https://x.com/sherlockdefi/status/1971528912992878981 Sherlock AI just flagged a Critical vulnerability in a leading lending protocol that put $350k+ of user collateral at risk. This is the 1st known instance of an AI catching a Critical vulnerability in a live protocol with TVL at risk. Heres what the bug did - and why it could" [X Link](https://x.com/jack__sanford/status/1995710119703650697) 2025-12-02T04:22Z [----] followers, 14.6K engagements "Really interesting approach to benchmarking. There's really no better place than on-chain to prove AI's merit. Sherlock AI has already "discovered" 100x more exploitable TVL in Anthropic's post-March [----] timeframe ($350000 vs. $3476) Sherlock AI Opus [---] GPT-5 New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark: https://t.co/QpGPMqlDRG New on our Frontier Red Team blog: We tested whether AIs can" [X Link](https://x.com/jack__sanford/status/1995711458873635263) 2025-12-02T04:27Z [----] followers, [----] engagements "Getting mentioned by @ethereum always hits different π Congrats to the Ethereum devs and community on officially upgrading to Fusaka" [X Link](https://x.com/jack__sanford/status/1996380112103858405) 2025-12-04T00:44Z [----] followers, [----] engagements "Minimum days to become LSW: [--] Days in @aave V4 contest: [--] If you get 1st place in Aave V4 you are almost guaranteed to become LSW on @sherlockdefi even with a brand-new account π«‘ hi @jack__sanford @TheWavexyz Im planning to join the AAVE v4 contest on @sherlockdefi if I get 1st place can you give me the LSW title π hi @jack__sanford @TheWavexyz Im planning to join the AAVE v4 contest on @sherlockdefi if I get 1st place can you give me the LSW title π" [X Link](https://x.com/jack__sanford/status/1996920489735008653) 2025-12-05T12:32Z [----] followers, [----] engagements "I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty payouts this year" [X Link](https://x.com/jack__sanford/status/1998359974674645000) 2025-12-09T11:52Z [----] followers, 19.8K engagements "@immunefi These announcements: https://x.com/immunefi/status/1753432276120060100 #ImmunefiStats Excellent start to the year $1.8m paid to whitehats in January. Let's go. https://t.co/zCvDYxF8Zc https://x.com/immunefi/status/1753432276120060100 #ImmunefiStats Excellent start to the year $1.8m paid to whitehats in January. Let's go. https://t.co/zCvDYxF8Zc" [X Link](https://x.com/jack__sanford/status/1998360076638433354) 2025-12-09T11:52Z [----] followers, [----] engagements "@r0bre @immunefi You think it's mainly due to higher quality auditing than [----] or higher quality development" [X Link](https://x.com/jack__sanford/status/1998378996317540381) 2025-12-09T13:07Z [----] followers, [---] engagements "@mikeleffer @immunefi True hard to have a decrease if you don't pay out [----] in the first place https://x.com/drdr_zz/status/1966127716417319300 Hey @cantinaxyz wanted to reach out about the pending payment from July [----] but you don't answer to DMs here neither can I verify on Discord. https://x.com/drdr_zz/status/1966127716417319300 Hey @cantinaxyz wanted to reach out about the pending payment from July [----] but you don't answer to DMs here neither can I verify on Discord" [X Link](https://x.com/jack__sanford/status/1998391228711231717) 2025-12-09T13:56Z [----] followers, [----] engagements "Average Critical bug bounty payout on @immunefi: 2024: $46228 2025: $25617 -45% π What's causing bug bounty payouts to be nearly cut in half in [----] I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty payouts this year I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty" [X Link](https://x.com/jack__sanford/status/1998729408857735202) 2025-12-10T12:20Z [----] followers, [----] engagements "@josepchetrit @immunefi Interesting why would Cantina (and Sherlock) taking some of the market cause the Critical payouts to go down though" [X Link](https://x.com/jack__sanford/status/1998751904613208506) 2025-12-10T13:49Z [----] followers, [---] engagements "@josepchetrit @immunefi Yeah I agree with that if Immunefi is losing the highest-paying customers at a higher rate then it could cause their payout sizes to drop" [X Link](https://x.com/jack__sanford/status/1998878935984316859) 2025-12-10T22:14Z [----] followers, [---] engagements "@josepchetrit @immunefi Yeah fair unfortunately I don't think the data is there for the other platforms to do a proper global analysis. Even for Immunefi the data is missing 7/24 months" [X Link](https://x.com/jack__sanford/status/1998879217635963292) 2025-12-10T22:15Z [----] followers, [--] engagements "@josepchetrit @immunefi Interesting this seems relevant: https://x.com/samczsun/status/1998816590901756081 i wrote some thoughts on bug bounties payouts and how we should think about crypto security going forward https://t.co/kV1C6OCS8A https://x.com/samczsun/status/1998816590901756081 i wrote some thoughts on bug bounties payouts and how we should think about crypto security going forward https://t.co/kV1C6OCS8A" [X Link](https://x.com/jack__sanford/status/1998881316029476870) 2025-12-10T22:23Z [----] followers, [---] engagements "@huvoliveira @immunefi Correct it's only based on 17/24 publicly available months" [X Link](https://x.com/jack__sanford/status/1999201017607401680) 2025-12-11T19:34Z [----] followers, [--] engagements "@WhiteHatMage Maybe. At least: P(Critical bounty paid) P(Critical exists) So there's a 72% chance that an average project has an exploitable Critical in it during a year. Not sure if this is true: P(blackhat exploit) = P(Critical bounty paid)" [X Link](https://x.com/jack__sanford/status/2000587826572795956) 2025-12-15T15:24Z [----] followers, [---] engagements "@centrifuge @itsbhaji AI auditing will go mainstream π€" [X Link](https://x.com/jack__sanford/status/2001784259808207050) 2025-12-18T22:38Z [----] followers, [---] engagements "So many top teams are reaching out about AI auditing this month even compared to November. What changed" [X Link](https://x.com/jack__sanford/status/2003494354271502800) 2025-12-23T15:54Z [----] followers, [----] engagements "Attack and Defend: Sherlock AI has two distinct phases: 1) Attack: searches for Criticals using first-principles logical analysis of code paths 2) Defend: methodically checks every known vulnerability and compares it with the current code path Think of Attack as a bug bounty hunter Think of Defend as an auditor Sherlock AI V2.1 We've shipped another upgrade to Sherlock AI bringing our model even closer to how experienced human auditors think and work. This release introduces a new scope-aware research architecture deeper security methodologies and improved prompt design that" [X Link](https://x.com/jack__sanford/status/2003525894334197910) 2025-12-23T17:59Z [----] followers, [----] engagements "@jayendra_jog @OpenAI Cool setup. Would love to compare it against Sherlock AI to see how it does" [X Link](https://x.com/jack__sanford/status/2009641030933471527) 2026-01-09T14:58Z [----] followers, [---] engagements "@Taridoku Well done" [X Link](https://x.com/jack__sanford/status/2009827531055128718) 2026-01-10T03:19Z [----] followers, [---] engagements "The performance by @IAm0x52 in the @centrifuge contest might go down as one of the all-time great performances Following the results of the @centrifuge contest @IAm0x52 has retaken the top spot on the Sherlock leaderboard Congratulations to @panprog on an incredible run spending [---] days at #1. How long can @IAm0x52 stay on top https://t.co/6tSYi7hBwe Following the results of the @centrifuge contest @IAm0x52 has retaken the top spot on the Sherlock leaderboard Congratulations to @panprog on an incredible run spending [---] days at #1. How long can @IAm0x52 stay on top https://t.co/6tSYi7hBwe" [X Link](https://x.com/anyuser/status/2011854834865983648) 2026-01-15T17:35Z [----] followers, [----] engagements "Weve tried many different AI audit tools and none come even close to Sherlock AI." π₯ Been great working with the @centrifuge team and watching the RWA space blow up at the same time. https://t.co/OsQbVpDbQ6 https://t.co/OsQbVpDbQ6" [X Link](https://x.com/anyuser/status/2011900169600844009) 2026-01-15T20:35Z [----] followers, [----] engagements ""I didn't want to have security as a separate function from engineering." - @BPIV400 It seems that AI will bring development and security much closer together and teams like @cosmos that already function that way will be ahead of the curve. If you can put up a dollar early on security it can save you $3 on audits $5 on bug bounties and $10 on like an exploit. Here's my notes on the Web3 Security podcast episode featuring @BPIV400 co-CEO of @Cosmos hosted by @jack__sanford from @sherlockdefi. From Politics to If you can put up a dollar early on security it can save you $3 on audits $5 on bug" [X Link](https://x.com/anyuser/status/2015092843862245408) 2026-01-24T16:02Z [----] followers, [----] engagements "@vinicaboy @idlefinance @sherlockdefi Congrats" [X Link](https://x.com/jack__sanford/status/1877056236643885530) 2025-01-08T18:14Z [----] followers, [---] engagements "The ERC-4626 standard has a built-in safeTransferFrom() for deposits However some deposit functions like Aave V4's add() make you do the safeTransferFrom() separately Why is this What determines when to include safeTransferFrom() in the function or not" [X Link](https://x.com/jack__sanford/status/1994435758262796605) 2025-11-28T15:58Z [----] followers, [----] engagements "ERC-4626 deposit(): Aave V4 add(): https://github.com/aave/aave-v4/blob/06ee85037e851e4ddea6d00b70d26aaa62c6da53/src/hub/Hub.sol#L218 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC4626.sol#L194 https://github.com/aave/aave-v4/blob/06ee85037e851e4ddea6d00b70d26aaa62c6da53/src/hub/Hub.sol#L218 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC4626.sol#L194" [X Link](https://x.com/jack__sanford/status/1994435759554572674) 2025-11-28T15:58Z [----] followers, [---] engagements ""Since this is redacted we want to make sure that we get it right in terms of a thorough critique of our codebase. Our diligence indicates that Sherlock has one of the best reputations as an auditor - more substance less fluff. That's pretty much how we define ourselves. We want to make sure that we get the most thorough audit possible and that's why we want to work with Sherlock." message from an inbound lead We will keep doing our part to make crypto safe π«‘ https://twitter.com/i/web/status/2016851570697367641 https://twitter.com/i/web/status/2016851570697367641" [X Link](https://x.com/anyuser/status/2016851570697367641) 2026-01-29T12:31Z [----] followers, [----] engagements "Ethereum sets a great example when it comes to security. For all the auditing and internal reviews they do they still put $2000000 up for grabs in a Sherlock audit contest. And their approach was completely vindicated. [--] Highs were found in the contest These weren't Highs in clients that control 1% of the network. In order to meet the criteria for High it has to slash bring down or split 33% of the network. And [--] of these vulnerabilities were found in the contest. Credit to Ethereum for going the extra mile with a $2000000 audit contest. Contests are still the gold standard for securityπ A" [X Link](https://x.com/anyuser/status/2021683581538775064) 2026-02-11T20:31Z [----] followers, [----] engagements "@0xSimao @saffron @sherlockdefi Very impressive π«‘" [X Link](https://x.com/jack__sanford/status/1841564584039342559) 2024-10-02T19:43Z [----] followers, [---] engagements "The [----] @SkyEcosystem report reminds me why I got excited about DeFi in the first place - Real revenue ($400M) and bank-like biz model - Crypto-native governance - Hard cap on SKY total supply - $90M in buybacks (6% of supply) - Profits distributed to SKY holders LFG DeFi π₯" [X Link](https://x.com/jack__sanford/status/2001634803343351924) 2025-12-18T12:45Z [----] followers, [----] engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@jack__sanford Jack Sanford π‘οΈ
Jack Sanford π‘οΈ posts on X about web3, ai, sherlock, ethereum the most. They currently have [-----] followers and [---] posts still getting attention that total [-------] engagements in the last [--] hours.
Engagements: [-------] #
- [--] Week [---------] +166%
- [--] Month [---------] +127%
- [--] Months [---------] +2,353%
- [--] Year [---------] +2,201%
Mentions: [--] #
- [--] Week [--] no change
- [--] Month [--] -9.70%
- [--] Months [--] +107%
- [--] Year [---] +48%
Followers: [-----] #
- [--] Week [-----] +0.07%
- [--] Month [-----] +0.02%
- [--] Months [-----] +12%
- [--] Year [-----] +45%
CreatorRank: undefined #
Social Influence
Social category influence cryptocurrencies finance events exchanges technology brands stocks travel destinations social networks countries celebrities
Social topic influence web3, ai, sherlock, ethereum, in the, defi, protocol, if you, audit, devcon
Top assets mentioned Ethereum (ETH) AUDIT (AUDIT) Bitcoin (BTC) Solana (SOL) Optimism (OP) USDC (USDC) Coinbase Global Inc. (COIN) Aave (AAVE)
Top Social Posts
Top posts by engagements in the last [--] hours
"If you read one thread on the sanctioning of Tornado Cash let it be this one 1/ This week the US Treasury Dept did something its never done before: it sanctioned a piece of code. Weird right Actually it makes perfect sense. Lets peel that onionπ§
π§΅π 1/ This week the US Treasury Dept did something its never done before: it sanctioned a piece of code. Weird right Actually it makes perfect sense. Lets peel that onionπ§
π§΅π"
X Link 2022-08-11T01:56Z [----] followers, [--] engagements
"24 hours later FTX sells to a competitor due to a "liquidity crunch." Why would you trust human beings when you could trust open-source code instead"
X Link 2022-11-08T17:31Z [----] followers, [--] engagements
"@0xZetta @sherlockdefi @sentimentxyz 97.5% of the lost funds are back in Sentiment's possession. The remaining 2.5% is waiting on a Nexus Mutual claim and payout which should happen in under a week"
X Link 2023-04-07T16:31Z [----] followers, [--] engagements
"@maurelian_ @sherlockdefi Audit contests require a judge to decide which vulns are real dupes etc. Judging contests help figure out who the best judges in the community are and then those community judges are paid to be the "Lead Judge" for future contests"
X Link 2023-06-30T00:48Z [----] followers, [--] engagements
""If you can't tell me the four ways you fucked something up.before you got it right you probably weren't the person who worked on it." - @elonmusk"
X Link 2023-09-09T14:06Z [----] followers, [---] engagements
"Hit me up if you'll be at @Permissionless this week @sherlockdefi will be hanging in the shadows (aka the shade)"
X Link 2023-09-11T03:58Z [----] followers, [----] engagements
""For all of @PayPal's advancements.tech companies still needed flesh-and-blood humans to deliver last-mile protection People will always be a component of fraud detection" Do you think this is true Will it always be true for smart contracts too"
X Link 2023-09-16T14:07Z [----] followers, [--] engagements
"Had never heard of the Third Party Doctrine until the @twobitidiot @VivekGRamaswamy Mainnet chat. Basically says if a 3rd party (bank cell service) can access your data the govt can too. Super strong argument for interacting with trustless smart contracts instead"
X Link 2023-09-23T03:20Z [----] followers, [--] engagements
"Uniswap adds a frontend fee. Who loses Average Americans who bought UNI tokens thinking they were getting exposure to the value created by Uniswap. Thanks to bad regulation UNI tokenholders have officially been "duped" into buying exposure to the smart contract fee only"
X Link 2023-10-17T02:06Z [----] followers, [----] engagements
"@0xOwenThurm @0xnirlin @GuardianAudits @sherlockdefi What a claim π You do pay-per-vulnerability right So did you charge GMX for not understanding how their protocol works in this "High severity" issue Or did you just include it in the report to pad your stats"
X Link 2023-11-25T17:55Z [----] followers, [---] engagements
"@0xScourgedev @0xOwenThurm @0xnirlin @GuardianAudits @sherlockdefi I see you are an auditor for Guardian. Did you participate in this audit I see no impact no loss of funds demonstrated no POC and GMX says its intended functionality. Slim chance this would even be a Medium severity issue in Sherlock. Crazy its a High here"
X Link 2023-11-25T20:41Z [----] followers, [---] engagements
"@HollaWaldfee100 Yeah @sherlockdefi gets tested sometimes:"
X Link 2023-12-09T00:05Z [----] followers, [---] engagements
"@ajnafi turns out permissionless includes memecoins Ajna stays undefeated on narrative π«‘"
X Link 2024-03-09T17:10Z [----] followers, [----] engagements
"@high_byte Belief implies you can't prove it. And in this case I think it's very difficult to prove (and there is some evidence pointing in the other direction) Gas optimizations are not just confined to assembly btw"
X Link 2024-03-21T10:57Z [----] followers, [--] engagements
"It seems we're in a bull market. Choose wisely anon"
X Link 2024-03-28T19:26Z [----] followers, [----] engagements
"If you'll actually lose 20-30% by not participating this is bad. I see two ways this could be true: 1) Not enough info is required in initial submission (but there are downsides to requiring more info at that stage) 2) Judges aren't skilled enough Which one do you think it is And what other problems do you think cause this"
X Link 2024-04-02T09:27Z [----] followers, [---] engagements
"How many auditors would actually audit Tornado Cash today All of them None of them I really have no idea"
X Link 2024-05-14T14:25Z [----] followers, [---] engagements
"@eth_call Mutable is at war with immutable"
X Link 2024-05-14T14:36Z [----] followers, [---] engagements
"6 new contests on @sherlockdefi this week You can try to break: - Liquid staking - Liquid restaking - Uni V3 strategies - Real world assets - No-loss prize games - Advanced yield farming looks like a new wave of contests is coming in time to double down on @sherlockdefi looks like a new wave of contests is coming in time to double down on @sherlockdefi"
X Link 2024-05-16T09:24Z [----] followers, [----] engagements
"@jesserroos @CryptoCanal @sherlockdefi @cvhessert @0xPolygon @kadmil_eth @LidoFinance @jpknegtel Hmm thanks cc @CryptoCanal"
X Link 2024-05-16T18:53Z [----] followers, [--] engagements
"7 auditors reviewed @m0labs at the same time: @k1rill_fedoseev @chain_security @Prototech_Labs @threesigmaxyz @Quantstamp @OpenZeppelin @CertoraInc Has anyone analyzed which was most/least effective Source: https://github.com/MZero-Labs/documentation/tree/main/audit-reports https://github.com/MZero-Labs/documentation/tree/main/audit-reports"
X Link 2024-05-24T13:41Z [----] followers, [----] engagements
"@0xt0n1 @m0labs @OpenZeppelin @threesigmaxyz @Prototech_Labs @CertoraInc @chain_security @Quantstamp @k1rill_fedoseev Looking forward to it"
X Link 2024-05-30T16:46Z [----] followers, [---] engagements
"So you want to throw a party π You rent out a venue π You hire a DJ πͺ© You offer free drinks πΈ You even spend $50k to upgrade the sound system πΆ Unless you get confirmation from Cristiano Ronaldo that he'll show up he probably won't @sherlockdefi is the only platform that confirms the world's top auditors will show up to your audit contest And then incentivizes them to try their hardest @lucyoas @jack__sanford This is the observation we made that resulted in us not adopting the same model. Platforms and their constituents aren't 1:1 fungible. Tweak incentives and you get different"
X Link 2024-06-06T09:25Z [----] followers, [----] engagements
"Question for security researchers: Do you think it's fine for an audit contest platform to share your submissions with the client team while the contest is still running"
X Link 2024-06-07T09:22Z [----] followers, 14.4K engagements
"The UwU Lend $20M exploit seems unbelievable Am I getting this right 1) @UwU_Lend forks Aave V2 2) UwU makes changes and gets a @peckshield audit (1) (maybe @peckshield can clarify if this attack vector was in scope or not) 3) @makemake_kbo finds a critical vulnerability [--] YEAR AGO 4) The team does not listen to whitehats and does not fix the vulnerability () despite $200M+ TVL 5) Users get hacked for $20M due to an exploit vector that was known [--] year earlier Can nothing be done to save user funds if the team won't listen I think @_SEAL_Org is designed for this but it can only save user"
X Link 2024-06-11T10:54Z [----] followers, [----] engagements
"I get the argument: You lost your money as a DeFi user That's a skill issue. But 99.9% of newcomers to DeFi will have this skill issue regarding smart contract security. I sympathize less with ppl who lost their money in Luna/Terra setups. At least a high APY is a warning. But how should the average person know that a team is not using the best security practices Must we keep sacrificing users at the altar of blackhat exploits until the whole world learns @jack__sanford The toddler has once again crashed the car. How can we make it safer for toddlers to drive cars @jack__sanford The toddler"
X Link 2024-06-12T09:30Z [----] followers, [----] engagements
"Some tips for whitehats 1) Disclose findings to the vulnerable team immediately 2) Use official bug bounty channels if possible 3) Be extremely transparent about all test transactions 4) Don't insult the team publicly @tayvano_ @krakenfx The real question should be why Krakens in-depth defense system failed to detect so many test transactions. This is indeed what we were testing. You often heard from a weak exchanges response to a security bug finding with a brag of their strong risk control and in-depth @tayvano_ @krakenfx The real question should be why Krakens in-depth defense system"
X Link 2024-06-20T09:39Z [----] followers, [----] engagements
"@sherlockdefi @MakerDAO Worth the $1.35M just to get @nanexcool back from the golf course β³ https://x.com/nanexcool/status/1805587298827764064 Will be participating in this one for old times' sake https://x.com/nanexcool/status/1805587298827764064 Will be participating in this one for old times' sake"
X Link 2024-06-25T15:30Z [----] followers, [---] engagements
"@GLordskotostras @sherlockdefi @MakerDAO Yes π«‘"
X Link 2024-06-25T16:25Z [----] followers, [--] engagements
"@IAm0x52 @MakerDAO Looking forward to it"
X Link 2024-06-25T22:51Z [----] followers, [---] engagements
"$450 per line of code π€― ($1.35M total rewards / 3k nSLOC) The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2 The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2"
X Link 2024-06-26T10:44Z [----] followers, [----] engagements
"Ok ima check the reserved auditors for @MakerDAO @IAm0x52 [--] 1st place finishes on Sherlock @lonelysloth_sec $2.9M in bug bounty payouts @panprog #1 all-time on Sherlock leaderboard @xiaoming9090 Previously #1 on Sherlock and C4 @kankodu $900k in bug bounty payouts @bin2chen #1 on C4 last [--] days @tapired [--] 1st place finishes on Sherlock Damn reserved auditors got hands The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July 8th - August 5th πhttps://t.co/N7ECKKT2f5 https://t.co/eC8FoO0jB2 The biggest audit contest ever $1.35M to find bugs in @MakerDAO Endgame π July"
X Link 2024-06-27T10:36Z [----] followers, [----] engagements
"@satanic_angels_ @agfviggiano @MakerDAO @IAm0x52 @lonelysloth_sec @panprog @xiaoming9090 @kankodu @bin2chen No upper hand these are just the auditors who have committed to reviewing the codebase Sherlock paid some of them to make this commitment (the higher an auditor is ranked on Sherlock's leaderboard the more reserved opportunities they tend to get)"
X Link 2024-06-27T20:31Z [----] followers, [---] engagements
"Interesting attack vector in @MakerDAO from way back in [----] How seriously does @MakerDAO take security π§΅1/7 In light of the upcoming @MakerDAO audit on @SherlockDefi I want to reveal a critical vulnerability I discovered back in [----]. This issue had severe implications for the MakerDAO system. Lets dive into what happened. π How seriously does @MakerDAO take security π§΅1/7 In light of the upcoming @MakerDAO audit on @SherlockDefi I want to reveal a critical vulnerability I discovered back in [----]. This issue had severe implications for the MakerDAO system. Lets dive into what happened. π"
X Link 2024-07-02T10:42Z [----] followers, [----] engagements
"Where are you sitting on the way to EthCC"
X Link 2024-07-04T09:50Z [----] followers, 10.9K engagements
"Sherlock went through a lot of trouble to make sure the last Optimism contest was USDC-based It's better for security experts because they know how much they'll earn It's better for projects because they'll attract even the risk-averse security experts (there are many) Dedicating weeks to an audit contest is risky enough - why expose researchers to token price risk at the same time Note: Sherlock will likely cave to pressure to denominate contests in non-stablecoins at some point but we'll put it off as long as possible and keep the stablecoin % of rewards as high as possible when it happens"
X Link 2024-07-05T19:36Z [----] followers, [----] engagements
"@ljmanini @sherlockdefi @MakerDAO It doesn't have anything to do with accepting lows/info/gas. You can submit these findings on Sherlock but they are not rewarded. The no H/Ms pot is paid out regardless of any findings"
X Link 2024-07-07T13:25Z [----] followers, [---] engagements
"@santipu_ @sherlockdefi Huge congrats and great win in that dHEDGE contest"
X Link 2024-07-18T17:55Z [----] followers, [---] engagements
"Who is the standing army preventing civilizational collapse due to currency debasement Security experts If anything from history is certain it's that humans cannot be trusted with the mint() function for any currency. The US Dollar is on a fast track to FAFO. An American baby born today is $519000 in debt thanks to decisions made before it was born. Reversing this trend is like turning an oil tanker. Deficit spending is one of the few things both US political parties have agreed on in the last [--] years. Austerity is extremely unpopular. Currencies like Bitcoin finally take minting privileges"
X Link 2024-07-23T11:16Z [----] followers, [----] engagements
"Reminder that de-banking is not always done explicitly More regulations = more compliance costs = more de-banking Let's keep building and securing permissionless financial infrastructure that anyone can access π«‘ SCOOP: Mercury cofounder & CEO calls it a sad day as the firm abruptly offboards companies that account for sub 1% of deposits but probably 50% + of compliance work https://t.co/x2NCgucro7 SCOOP: Mercury cofounder & CEO calls it a sad day as the firm abruptly offboards companies that account for sub 1% of deposits but probably 50% + of compliance work https://t.co/x2NCgucro7"
X Link 2024-07-24T12:35Z [----] followers, [----] engagements
"@clesaege Hey Clment Big fan of Kleros and the mission. I'm a co-founder of Sherlock and we've audited Optimism MakerDAO GMX etc. We do great work: One example: Sentiment V1 (med/large DeFi protocol) Pricing: $120000 https://github.com/sherlock-protocol/sherlock-reports/blob/main/audits/2022.10.18%20-%20Final%20-%20Sentiment%20Audit%20Report.pdf https://drive.google.com/drive/folders/18I2ubUJftjgHJ-gY-OrWxX2n4DRDkKS-usp=drive_link https://github.com/sherlock-protocol/sherlock-reports/blob/main/audits/2022.10.18%20-%20Final%20-%20Sentiment%20Audit%20Report.pdf"
X Link 2024-07-25T21:49Z [----] followers, [---] engagements
"A few people asked for the story behind this so here goes. If someone were to ask What radicalized you when it comes to auditing this event would be a starting point. Sherlock has built [--] full-scale DeFi protocols. Theyre smart contract coverage protocols and the V2 is still in use today. In late [----] Sherlock was finishing audits on the main protocol and looking to get an audit for a small update. Back then there were a handful of top audit firms and wed been lucky to work with one on the main protocol. Easily set the record for Sherlocks biggest expense ever. They already had a 5-month"
X Link 2024-07-30T13:16Z [----] followers, 12.9K engagements
"@oot2k1 Yeah let's say it excludes frontend hacks or small hacks. Material loss of Aave's TVL only"
X Link 2024-07-31T12:00Z [----] followers, [--] engagements
"I'm only aware of [--] cases where @sherlockdefi audited the same codebase simultaneously with another auditor. Here's how each turned out: Tokemak V2 Sherlock: [--] Critical/High [--] Medium @HalbornSecurity: [--] Critical/High [--] Medium Perennial V2 Sherlock: [--] Critical/High [--] Medium @zellic_io: [--] Critical/High [--] Medium Index Coop Sherlock: [--] Critical/High [--] Medium @ABDKconsulting: [--] Critical/High [--] Medium The [--] Highs for ABDK were an irrelevant comment line and an unresolved TODO comment. I think this is the best data out there showing the effectiveness of audit contests compared to traditional"
X Link 2024-08-07T15:30Z [----] followers, [----] engagements
"@yashar0x @sherlockdefi @HalbornSecurity Did another auditor audit MakerDAO Endgame at the same time on the same commit hash"
X Link 2024-08-07T16:10Z [----] followers, [---] engagements
"@Kwenta_io @sherlockdefi Excited for it"
X Link 2024-08-08T16:51Z [----] followers, [--] engagements
"I recently learned that some whitehats don't submit Mediums to bug bounty programs when they find them The time required to write it up isn't worth it to them Imagine what their hourly rate must be π€―"
X Link 2024-08-09T11:40Z [----] followers, [----] engagements
"@0xdeniz @MakerDAO @sherlockdefi Great stuff"
X Link 2024-08-14T13:22Z [----] followers, [--] engagements
"The system may not be 100% perfect but it will probably reduce spam by 90%-99% by taking a controversial approach: A [---] USDC deposit is required for every submission. Sherlock only focuses on Critical-severity bounties (maybe Highs in special circumstances) so it's a [---] USDC refundable deposit to earn $50k or $500k or $2M etc. Reduces spam because losing [---] USDC on an invalid finding is painful -- but top whitehats won't blink to deposit [---] USDC for the potential to earn $500k on a valid submission"
X Link 2024-08-20T16:21Z [----] followers, [---] engagements
"@danielvf Nice yeah the Mediums/Lows bring in a ton of submissions and even the valid ones are often not worth fixing on-chain"
X Link 2024-08-20T16:52Z [----] followers, [---] engagements
"@gjaldon @sherlockdefi @Kwenta_io @aslanbekaibimov @marcin_ugarenko Congrats Always scary as Lead Senior Watson when there are so few issues"
X Link 2024-08-21T09:44Z [----] followers, [---] engagements
"Really interesting transaction. I work at @sherlockdefi which has historically been a competitor to @code4rena so take this with a grain of salt but here's my guess as to what happened: March [----] Paradigm takes a 15% stake in Code4rena. It's their first security bet ever. Spirits are high and Code4rena gets its first cash infusion of $6M. Rest of [----] Pretty quiet. The bear market is in full force and audit contests are good but not great. January [----] The bull market comes back and so do audit contests. Spirits are high and everyone (Sherlock Code4rena etc.) is feeling good and doing lots"
X Link 2024-08-22T14:08Z [----] followers, 29.7K engagements
"Step 1: Become a DeFi blue chip Step 2: Pay 100s of auditors to harden the codebase with @sherlockdefi Step 3: Become a consumer-facing household name This is the way π«‘ Sky is here. The best and easiest place to get rewarded for saving without giving up control. Discover the upgraded tokens new features and boosted Sky Token Rewards for early sign-ups. Follow this thread for the latest news and updates about SkyLaunch. https://t.co/Qc25KRPzR8 Sky is here. The best and easiest place to get rewarded for saving without giving up control. Discover the upgraded tokens new features and boosted Sky"
X Link 2024-08-29T17:03Z [----] followers, [----] engagements
"A story in [--] parts π @andyfeili @lonelysloth_sec"
X Link 2024-09-02T12:35Z [----] followers, [----] engagements
"The biggest announcement in audit contest judging EVER just dropped The best of Polymarket and Community Notes built exclusively for judging contest issues π₯ Introducing Real-Time Judging The final evolution of audit contest judging is here. "Polymarket meets Community Notes for Web3 Security" Get to mainnet 3x faster on average only at Sherlock https://t.co/pgcAyjNoek Introducing Real-Time Judging The final evolution of audit contest judging is here. "Polymarket meets Community Notes for Web3 Security" Get to mainnet 3x faster on average only at Sherlock https://t.co/pgcAyjNoek"
X Link 2024-09-11T14:36Z [----] followers, [----] engagements
"Looking forward to speaking at @EFdevcon See you in Bangkok π"
X Link 2024-10-01T13:33Z [----] followers, [----] engagements
"Hugely positive development to see major chains like @Optimism and @arbitrum subsidizing audit costs for protocol teams I hope many more ecosystems take this step Sherlock is honored to be a whitelisted auditor for the @arbitrum Security Subsidy Fund If you're a protocol team planning to deploy on Arbitrum apply below to have your audits paid for: https://t.co/wpYBGhWate Sherlock is honored to be a whitelisted auditor for the @arbitrum Security Subsidy Fund If you're a protocol team planning to deploy on Arbitrum apply below to have your audits paid for: https://t.co/wpYBGhWate"
X Link 2024-10-02T15:59Z [----] followers, [---] engagements
"I feel guilty when I see messages like this. I want to help solve Web3 security for end users but the reality is that smart contract security is only part of the story. Grateful to those who are working in this area and I hope we see more entrepreneurs and companies jump in. We're fucking drowning in SEAL [---] tickets every damn day with people getting drained left and right. It's brutal and the reality is we're nowhere near fixing this. The harsh truth Most of these tickets are coming from basic web2 issuesphishing malware the usual bullshit. We're fucking drowning in SEAL [---] tickets every"
X Link 2024-10-07T09:40Z [----] followers, [----] engagements
"Looking to hire an auditor. Must have: - [--] Medium findings in audit contests - 1st place 3x in $100k+ audit contests - LSW on Sherlock - LSR on Spearbit - 2+ years of audit firm experience - [--] Critical bug bounties on blue chip protocols - 6'5" - blue eyes"
X Link 2024-10-14T12:07Z [----] followers, 13.4K engagements
"Smart contract hacks are becoming less frequent. North Korea probably has [---] cracked hackers all working in the same building. But guess what There are 1000s and 1000s of skilled auditors in Sherlock's Discord alone. The Persians won the battle of Thermopylae after all"
X Link 2024-10-17T12:07Z [----] followers, [----] engagements
"A relevant metric for identifying a strong auditor (emphasis on audit): Coverage How many bugs did they find out of the total number of bugs found in the contest For example finding [--] out of [--] bugs (pictured below) is 85% coverage and that's extremely strong in an audit contest with [---] participants. A relevant metric for identifying a strong audit contest: Redundancy How many bugs were found by just one auditor If only one auditor finds the bug that's dangerous. You miss the bug if that auditor doesn't show up next time. This same @zerolendxyz contest had only [--] bug (a Medium) out of 26"
X Link 2024-10-31T12:45Z [----] followers, [----] engagements
"Forget Satoshi Nakamoto. Who is PapaPitufo"
X Link 2024-10-31T14:42Z [----] followers, [--] engagements
"This one is for protocol builders at Devcon Mark your calendar for 5:40pm today to learn about the [--] most common vulnerabilities found during audit contests so you can avoid these pitfalls https://app.devcon.org/schedule/LYFXZN https://app.devcon.org/schedule/LYFXZN"
X Link 2024-11-12T04:10Z [----] followers, [---] engagements
"@krikoeth @OrderlyNetwork @sherlockdefi Well done π«‘"
X Link 2024-11-14T17:06Z [----] followers, [--] engagements
"Spent an incredible two weeks discovering Thailand with the @sherlockdefi team in Chiang Mai and meeting many of the heroes of Web3 security and Ethereum in Bangkok. Thank you to Devcon @summit_defi and others for allowing me to speak. Looking forward to the next β"
X Link 2024-11-17T16:42Z [----] followers, [----] engagements
"@StErMi @EFDevcon @Uniswap @unichain If this comes true projects will either have to deploy on Unichain do some kind of bridging with Unichain or use a non-Uniswap DEX on their home chain"
X Link 2024-11-17T17:10Z [----] followers, [---] engagements
"Biggest theme from DeFi Security Summit is that Stolen Private Keys is now by far the biggest security risk in crypto. This means [--] things: 1) Smart contract auditing has been very effective π₯ 2) Smart contract security will lose priority π 3) More effort is needed on the opsec side Credit to @_iphelix for the image and a great talking making the security industry aware of this"
X Link 2024-11-18T12:13Z [----] followers, [----] engagements
"Ok guys Vitalik is running his own audit contests now"
X Link 2024-11-22T11:16Z [----] followers, [----] engagements
"Congratulations to @code4rena on joining the triple-digit club with @sherlockdefi 100+ audit contests in [----] This is not an easy accomplishment - no one else is even close π«‘"
X Link 2024-11-25T12:43Z [----] followers, [----] engagements
"I'm incredibly bullish on Web3 security. The good guys have massive advantages over the bad guys. Black hat: learn alone hunt alone validate alone trust no one. Auditors: learn with peers hunt on teams use sounding boards see missed bugs quickly"
X Link 2024-11-26T13:06Z [----] followers, [----] engagements
"Born: August [--] [----] Died: November [--] [----] RIP Tornado Cash sanctions. Privacy is legal again π«‘ Privacy wins. Today the Fifth Circuit held that @USTreasurys sanctions against Tornado Cash smart contracts are unlawful. This is a historic win for crypto and all who cares about defending liberty. @coinbase is proud to have helped lead this important challenge. 1/6 Privacy wins. Today the Fifth Circuit held that @USTreasurys sanctions against Tornado Cash smart contracts are unlawful. This is a historic win for crypto and all who cares about defending liberty. @coinbase is proud to have helped"
X Link 2024-11-27T00:35Z [----] followers, [----] engagements
"@qedk_ @sherlockdefi Much appreciated π"
X Link 2024-12-03T17:38Z [----] followers, [--] engagements
"@gjaldon @solana π"
X Link 2024-12-04T10:32Z [----] followers, [---] engagements
"If you're building a math-heavy DeFi protocol you should do whatever it takes to have @panprog review your codebase. The distance between panprog and most auditors when it comes to derivatives protocols is astounding. Introducing @panprog a world-class blockchain auditor specializing in derivatives protocols and now the third founding researcher at @blackthornxyz. Panprog currently holds the #1 spot on Sherlocks leaderboard and is one of only [--] people to ever reach the top. Panprog's https://t.co/14a2FiRMgL Introducing @panprog a world-class blockchain auditor specializing in derivatives"
X Link 2024-12-06T13:17Z [----] followers, [----] engagements
"Super fortunate to have @deadrosesxyz as a founding member of @blackthornxyz. If time is of the essence no one can thoroughly review a codebase faster than deadrosesxyz. There is scoping a codebase for most humans then there is scoping a codebase for deadrosesxyz. Introducing @deadrosesxyz the next founding security researcher at @blackthornxyz. Deadrosesxyz started as a bug bounty hunter garnering attention for high-profile finds in projects like @VelodromeFi Chronos @arkham LEVEL @muxprotocol and @ExtraFi_io. Since then https://t.co/ZlAE5u5DQx Introducing @deadrosesxyz the next founding"
X Link 2024-12-06T13:21Z [----] followers, [----] engagements
"@bitc0x_eth @NethermindEth @AcrossProtocol @Uniswap @UMAprotocol @Polymarket Congrats on the move"
X Link 2024-12-16T20:04Z [----] followers, [---] engagements
"@KupiaSecurity @sherlockdefi Strong year"
X Link 2024-12-22T20:26Z [----] followers, [--] engagements
"Submitting bug bounties can help auditors prove this too. But theres more noise. Lets say you evaluate based on # of Criticals found or total $ awarded. How does the Wormhole $10M UUPS initialization bug fit in Before audit contests how could a Solidity auditor prove they are good at Rust If you wanted to learn a new language/stack become elite in it and get paid huge $$$ to audit it how would you do it Testing your skills in audit contests is so effective that I can't imagine Before audit contests how could a Solidity auditor prove they are good at Rust If you wanted to learn a new"
X Link 2024-12-24T11:31Z [----] followers, [----] engagements
"Holy Rust π¦ I get to see a lot of unannounced codebases and it feels like every major protocol is moving to Rust this year. Might be a signal to keep an eye on @solana"
X Link 2025-01-03T11:32Z [----] followers, [----] engagements
"@solana @aeyakovenko"
X Link 2025-01-03T11:33Z [----] followers, [---] engagements
"Something crypto teaches you early on: There is no such thing as a price only an exchange rate. Gold outperformed the S&P [---] in [----]. The real return of the stock market is not what you think it is. Gold outperformed the S&P [---] in [----]. The real return of the stock market is not what you think it is"
X Link 2025-01-03T14:12Z [----] followers, [---] engagements
"AI audit agents are going to be huge. @blocksek's experiment makes this extremely clear. I did V4 Damn Vulnerable DeFi V4 recently so I evaluated how approached it. Key takeaways: 1) Even though it's a general developer AI not a specialized auditing AI it solves the challenges quickly and doesn't cheat. 2) The overall structure of solutions isn't crazy novel (hard for it to be) but the implementation is custom and not a copy-paste job from an online solution. Also there aren't many online solutions for V4 because it's fairly new. 3) Its solution to a challenge revealed a second exploit that I"
X Link 2025-01-05T12:37Z [----] followers, [----] engagements
"AI has turned each person into an editor instead of a writer. Instead of writing emails you edit emails. Instead of writing code you audit code. Keep an eye on auditors π"
X Link 2025-01-06T14:10Z [----] followers, [----] engagements
"Let's GHO π¨ New contest: Aave v3.3 @aave DAO π¨ π· Sign up here: https://t.co/rZD3A5isVh Total Rewards: [------] USDC nSLOC: [----] Lead Senior Watson: @0xhyh Starts Monday January 13th at 15:00 UTC Check it out https://t.co/tKK8OoJzyU π¨ New contest: Aave v3.3 @aave DAO π¨ π· Sign up here: https://t.co/rZD3A5isVh Total Rewards: [------] USDC nSLOC: [----] Lead Senior Watson: @0xhyh Starts Monday January 13th at 15:00 UTC Check it out https://t.co/tKK8OoJzyU"
X Link 2025-01-09T19:06Z [----] followers, [----] engagements
"Very important Even with AGI it will still be important to triangulate info from multiple sources Apply this to auditing as you see fit ive developed a new habit of asking questions to multiple llms (gpt grok gemini claude perplexity) as opposed to blindly trusting any single one. what ive found is while individually they all sound pretty intelligent more often than not their answers differ pretty dramatically. ive developed a new habit of asking questions to multiple llms (gpt grok gemini claude perplexity) as opposed to blindly trusting any single one. what ive found is while individually"
X Link 2025-01-10T13:54Z [----] followers, [---] engagements
"I've heard some hype about @CertaiK_Agent @CertaiK_Agent are you a real AI audit agent Seeing a few security-related AI agents out there. Whos building an agent that could be competitive on @sherlockdefi Seeing a few security-related AI agents out there. Whos building an agent that could be competitive on @sherlockdefi"
X Link 2025-01-13T17:33Z [----] followers, [----] engagements
"@CertaiK_Agent Do you know about audit contests Wed like to invite you to be the first AI Agent to compete on @sherlockdefi"
X Link 2025-01-13T17:54Z [----] followers, [---] engagements
"Top [--] AI Security Agents (January 14th 2025) Based on some early research these security agents seem to have the most mindshare and at least a small track record of finding vulnerabilities. 1) Audit Agent by @NethermindSec I've only heard good things about this agent and I know a lot of people who have tried it. Interface is very easy to use. Its business model (showing you the top vulnerability but you pay for the rest) also exudes confidence. 2) Certaik @CertaiK_Agent Listed on @virtuals_io with a $5M market cap. I've met the founders and they seem technically strong. It has discovered some"
X Link 2025-01-14T12:35Z [----] followers, 12K engagements
"@brozzeur @NethermindSec @h4ck_terminal @sherlockdefi Would love to see @h4ck_terminal in action"
X Link 2025-01-15T11:01Z [----] followers, [--] engagements
"Great to see AI security agents and @sherlockdefi getting some attention from the biggest AI agent accounts π₯ Auditor Agents are now participating in competitions @CertaiK_Agent is competing in the AAVE V3.3 contest Is this more of what's to come I firmly believe agents battle testing ecosystem protocols will become BAU in the near future /7 https://t.co/6cCs607oHU Auditor Agents are now participating in competitions @CertaiK_Agent is competing in the AAVE V3.3 contest Is this more of what's to come I firmly believe agents battle testing ecosystem protocols will become BAU in the near future"
X Link 2025-01-15T11:20Z [----] followers, [----] engagements
"I was skeptical for a long time but I've seen enough. AI agents are going to fundamentally change crypto security. Instead of fighting it @sherlockdefi's new goal is to bring security researchers along for the ride π"
X Link 2025-01-15T12:54Z [----] followers, [----] engagements
"Let me be clear: I don't think AI security agents will take the jobs of top auditors anytime soon. But I do see the "lower end" of the security market shifting towards AI agents over time. For example I would be surprised if CertiK's business of ERC-20 token audits wasn't already fully automated by AI or otherwise. Bugs that are both common and low-context will be found by AIs more and more. Static analyzers can already find a lot of them without using any AI. Because AIs need lots of training data and can only accept a small amount of source code as input common bugs (appearing often in"
X Link 2025-01-15T12:54Z [----] followers, [----] engagements
"The Ultimate Security x AI Agent Guide Do we need AI agents in crypto security Are AI agents just another VC meme It all starts with the existing fragmentation in security: There are over [---] active audit firms1 and [----] active independent auditors in crypto security. Why is this the case It exists because there's no right way to secure a codebase. Any method that results in finding vulnerabilities is legitimate. And no single method can provably find every vulnerability. These are facts. To complicate things further many vulnerabilities are kept private. So even if you built a machine that"
X Link 2025-01-17T12:29Z [----] followers, [----] engagements
"No audit reports no Rust devs no test suite. Who knew $10Bn could be created with these lines of code:"
X Link 2025-01-20T14:30Z [----] followers, [----] engagements
"Back when forking Aave was the craziest thing the president had done in this space π‘ Bitcoin is a memecoin and DeFi is dead as we know it. @jack__sanford CEO of @sherlockdefi drops a spicy take on $BTC AAVE forks and the future of DeFi. Catch the clip from our Bangkok event π https://t.co/gyMiTYSRuz π‘ Bitcoin is a memecoin and DeFi is dead as we know it. @jack__sanford CEO of @sherlockdefi drops a spicy take on $BTC AAVE forks and the future of DeFi. Catch the clip from our Bangkok event π https://t.co/gyMiTYSRuz"
X Link 2025-01-20T16:04Z [----] followers, [---] engagements
"I learned about the "first deposit" bug in January [----] for the first time. Multiple projects paid out six-figure bounties for it. Exactly [--] years later it's worth $600. Not sure if that's a lot or a little for a pretty simple bug. Very cool from Sherlock to share how much each finding was paid (per auditor but in total can be calculated) so that you can adjust your strategy for contests. From a pot of $71k $21k was paid for Highs and $50k for Mediums in this case. Max theoretical for one user: $5.5k https://t.co/oALxdmjn8U Very cool from Sherlock to share how much each finding was paid (per"
X Link 2025-01-20T22:00Z [----] followers, [----] engagements
"Super cool page that I don't think anybody knows about. Sherlock will pay you for vulnerabilities found after an audit but before the official bug bounty goes live"
X Link 2025-01-21T15:08Z [----] followers, [----] engagements
"Question for security researchers If Tornado Cash asked you for a solo audit (at a fair price) would you do it Yes No Yes No"
X Link 2025-01-22T12:45Z [----] followers, [---] engagements
"Hearing multiple stories about audit agents finding bugs missed by audit firms. Is this the flippening"
X Link 2025-01-23T12:26Z [----] followers, 10.2K engagements
"Bybit $1.5Bn Hack Explained Like many crypto companies Bybit keeps important funds in a "cold wallet". A cold wallet is controlled by devices disconnected from the internet for extra security. And multiple people need to approve every transaction that happens in this wallet (it's a multi-signature wallet or multi-sig for short). If you remember the $600M Ronin hack that was a simple leak of private keys. The "people" in charge of approving transactions accidentally allowed their private keys to be found by hackers. This attack is more sophisticated. It seems that the honest people in charge"
X Link 2025-02-21T17:49Z [----] followers, [----] engagements
"Good adjustment Just a few minutes ago President Trump signed an Executive Order to establish a Strategic Bitcoin Reserve. The Reserve will be capitalized with Bitcoin owned by the federal government that was forfeited as part of criminal or civil asset forfeiture proceedings. This means it Just a few minutes ago President Trump signed an Executive Order to establish a Strategic Bitcoin Reserve. The Reserve will be capitalized with Bitcoin owned by the federal government that was forfeited as part of criminal or civil asset forfeiture proceedings. This means it"
X Link 2025-03-07T01:20Z [----] followers, [---] engagements
"Looking forward to @EthCC Say hello to more EthCC8 speakers Victoria Calmon from Mento Labs (@v_calmon) Track: π’ Product & Marketers Jack Sanford from Sherlock (@jack__sanford) Track: π Security Yang Wao from Spacecoin (@yangwao) Track: πΆ Cypherpunk & Privacy Xtina from Squid (@0xtna) Track: π¦ https://t.co/chQMzZSOvu Say hello to more EthCC8 speakers Victoria Calmon from Mento Labs (@v_calmon) Track: π’ Product & Marketers Jack Sanford from Sherlock (@jack__sanford) Track: π Security Yang Wao from Spacecoin (@yangwao) Track: πΆ Cypherpunk & Privacy Xtina from Squid (@0xtna) Track: π¦"
X Link 2025-03-18T16:24Z [----] followers, [---] engagements
"@lakejynch @spearbit @cantinaxyz @sherlockdefi This you π€‘ https://x.com/lakejynch/status/1837877973917356064 @CupOJoseph @pashovkrum @code4rena Wrt 3: Ive looked at this space for a very long time. Its my opinion that you cant insure these things. Wrt 1&2: Pashov is good cantina is better π (my opinion) https://x.com/lakejynch/status/1837877973917356064 @CupOJoseph @pashovkrum @code4rena Wrt 3: Ive looked at this space for a very long time. Its my opinion that you cant insure these things. Wrt 1&2: Pashov is good cantina is better π (my opinion)"
X Link 2025-03-27T21:25Z [----] followers, [----] engagements
"Something historic may be dropping next week π"
X Link 2025-03-28T10:49Z [----] followers, [----] engagements
"@realpeterjm Lol yes"
X Link 2025-03-28T13:10Z [----] followers, [---] engagements
"@lakejynch @spearbit @cantinaxyz @sherlockdefi Let me tweet Sherlock's balance sheet right away. Sherlock has paid 100% of claims in full over its [---] year history. Speaking of balance sheets I hear Spearbit/Cantina has been trying to raise for the last [--] months without success. Care to share your balance sheet"
X Link 2025-03-31T20:36Z [----] followers, [---] engagements
"@usualmoney @sherlockdefi @NexusMutual Amazing commitment to security π₯"
X Link 2025-04-02T13:43Z [----] followers, [---] engagements
"@0xflamebit @sherlockdefi @usualmoney @NexusMutual Exactly we had to wait an extra day"
X Link 2025-04-02T14:40Z [----] followers, [--] engagements
"@scottgralnick @sherlockdefi @usualmoney @NexusMutual π"
X Link 2025-04-02T17:07Z [----] followers, [--] engagements
"@TheWeb3Mechanic @banditx0x @bountyhunt3rz Successfully performing an exploit on-chain is not free"
X Link 2025-04-06T16:51Z [----] followers, [---] engagements
"Product innovators: @code4rena @immunefi Fast followers: @spearbit / @cantinaxyz By switching to Sherlock's LSW model now Cantina is admitting they've been doing low-quality audits for a year. Projects should consider asking for a refund. https://docs.cantina.xyz/cantina-docs/cantina-competitions/fellowship-steward-model Hilarious lack of product leadership from @spearbit / @cantinaxyz Sept 2021: @sherlockdefi pioneers audits with independent auditors Dec 2021: @spearbit copies the approach Aug 2022: @sherlockdefi offers audit contests Dec 2023: @cantinaxyz copies the approach Sept 2024:"
X Link 2025-04-07T10:26Z [----] followers, 10.7K engagements
"@high_byte @code4rena @immunefi @spearbit @cantinaxyz You should talk to some of those teams about their experience"
X Link 2025-04-07T13:49Z [----] followers, [---] engagements
"@0xKose @sherlockdefi Congrats Huge achievement"
X Link 2025-04-22T20:55Z [----] followers, [---] engagements
"@EFDevcon @OpenZeppelin @coinfabrik @theredguild @opsek_io @sherlockdefi for sure"
X Link 2025-05-14T19:00Z [----] followers, [---] engagements
"Some other use cases: - Self-custody (government can't take your money) - Private payments (such as Vitalik donating to Ukraine) - Hedge against currency debasement (stablecoins are not stable - although holding bitcoin may fall under 'exposure to cryptocurrencies') imo the big unlock of crypto is economic freedom which is a fairly narrow set of use cases but worth at least many many trillions and fundamentally changes the world by taking power from the government and giving it back to the people"
X Link 2025-06-14T22:38Z [----] followers, [---] engagements
"@ObsidianAudits @sherlockdefi @yearnfi Great performance would expect nothing less"
X Link 2025-06-17T13:39Z [----] followers, [---] engagements
"@code4rena Cool now do it for traditional audits"
X Link 2025-06-17T15:23Z [----] followers, [----] engagements
"http://x.com/i/article/1934287831989460992 http://x.com/i/article/1934287831989460992"
X Link 2025-06-18T12:00Z [----] followers, 139.2K engagements
"@ZhenglongFi @sherlockdefi @MakerDAO @aave @Optimism @GMX_IO @OlympusDAO Looking forward to it"
X Link 2025-06-24T22:10Z [----] followers, [---] engagements
"Looking forward to speaking about blockchain security at EthCC. See you there"
X Link 2025-06-25T18:34Z [----] followers, [----] engagements
"Yeah disappointing to see @spearbit @cantinaxyz ignore the security community that made them successful. Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless deficiencies of the Cork contest and no hint of a response soon. With the amount of https://t.co/Z1bejAqiC2 Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless"
X Link 2025-06-25T18:37Z [----] followers, [----] engagements
"@chrispinnock Cooking"
X Link 2025-07-02T11:58Z [----] followers, [---] engagements
"Are they any good crypto debit/credit cards available to US residents Ideally with EVM DeFi as the backend (even more ideally audited by @sherlockdefi)"
X Link 2025-07-05T17:41Z [----] followers, [----] engagements
"@0xfrsmln @sherlockdefi @BreederDodo Nicely done"
X Link 2025-07-07T16:20Z [----] followers, [---] engagements
"@adrianromero @1inch @cove_fi Nice writeup"
X Link 2025-07-10T20:11Z [----] followers, [---] engagements
"@GMX_IO Thanks for sharing. Wishing the best"
X Link 2025-07-10T20:22Z [----] followers, [---] engagements
"@GMX_IO Well handled"
X Link 2025-07-11T13:47Z [----] followers, [----] engagements
"Very honored to be chosen as the last line of defense for Ethereum π‘ We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade We love collaborating with the @ethereumfndn which always puts security first. Stay tuned for more details to come https://t.co/qBjiW7Tq0v We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade We love collaborating with the @ethereumfndn which always puts security first. Stay tuned for more details to come https://t.co/qBjiW7Tq0v"
X Link 2025-07-18T12:42Z [----] followers, [----] engagements
"Every contest platform and bug bounty platform is essentially becoming unusable for protocol teams due to LLM spam. This rule is one of the main reasons why Sherlock contests don't suffer the same fate. I understand it's harsh (temporarily holding back payments) but it's not difficult to pass (1 valid issue for every [--] invalids). If you're submitting more than [--] invalid issues for every [--] valid issue it becomes less clear that your contribution in the contest is providing real value. Do you have an idea for how to combat LLM spam in a more Watson-friendly way"
X Link 2025-07-22T13:49Z [----] followers, [----] engagements
"It sounds like you're submitting too many invalid issues. Each of those issues has a big cost that I think most SRs don't understand. The community reviews them the Lead Judge reviews them the Sherlock Judge reviews them and many protocol teams still review every issue. And it does stop spam. You can't create a new account and earn money right away. Look at the docs and you'll see why. So that argument is incorrect"
X Link 2025-07-22T14:05Z [----] followers, [----] engagements
"@TheWeb3Mechanic @0x15_eth @sherlockdefi It's true that sometimes it's hard to know ahead of time if an issue will be judged as valid or not. That's why the ratio 4:1 is so generous. It allows for lots of breathing room"
X Link 2025-07-22T14:50Z [----] followers, [---] engagements
"@0xSlowbug @0x15_eth @sherlockdefi Introducing Lows will likely increase the amount of LLM spam by 2-5x and judging time by even more"
X Link 2025-07-22T14:51Z [----] followers, [---] engagements
"@boserba77 @0x15_eth @sherlockdefi Can you explain more about how this works"
X Link 2025-07-22T15:10Z [----] followers, [---] engagements
"@carlitox477 @0x15_eth @sherlockdefi Not a bad idea. So like last [--] issues count towards the ratio and nothing else"
X Link 2025-07-23T01:24Z [----] followers, [---] engagements
".@sherlockdefi and @blackthornxyz have helped secure recent Aave V3 versions. Good smart contract security has literally become systemically important to the traditional financial system"
X Link 2025-07-23T12:30Z [----] followers, [---] engagements
"Franklin Templeton is top [--] on Arbitrum. Time to wake up. The institutions are here"
X Link 2025-07-28T12:12Z [----] followers, 21.5K engagements
"57 views. The core devs of the first $70Bn protocol talk about how they did it. Aave is bigger than a Top [--] US bank. [--] views. We are still so early"
X Link 2025-08-13T12:35Z [----] followers, [----] engagements
"Yield Basis is built by Curve founder @newmichwill and is likely to become a major primitive in the space Definitely worth taking a look π The @yieldbasis Bug Bounty Contest starts today with rewards up to $150000 Happy hunting researchers. https://t.co/mw7L6G3LO5 The @yieldbasis Bug Bounty Contest starts today with rewards up to $150000 Happy hunting researchers. https://t.co/mw7L6G3LO5"
X Link 2025-08-18T14:25Z [----] followers, [----] engagements
"@oxbehindthecode @sherlockdefi @fredrik0x @ethereumfndn Yes should be up soon"
X Link 2025-08-19T16:34Z [----] followers, [--] engagements
"The time has come for this conversation. What should be the fee to submit a finding in an audit contest Free (I love LLM spam) $1 $25 or higher $5 Free (I love LLM spam) $1 $25 or higher $5"
X Link 2025-08-29T13:00Z [----] followers, 23.7K engagements
"My current view of the "endgame" for audit contest and bug bounty submission costs. Please point out any flaws or counterpoints in this argument. @0xFlint_ I don't think $0.10 stops 99% of slop. AI audit companies produce tons of hallucinated issues and these companies now use contests as a cheap feedback loop to train their AI. So contest judges are literally training these companies' AI models for free (or very cheap). And the @0xFlint_ I don't think $0.10 stops 99% of slop. AI audit companies produce tons of hallucinated issues and these companies now use contests as a cheap feedback loop"
X Link 2025-08-29T17:57Z [----] followers, [----] engagements
"Can you explain more I believe Sherlock has by far the most protection for white hats than any platform. For example disputed issues go to a council vote and then to the UMA optimistic oracle at Sherlock. On Cantina a project can rug white hats 5x before they are removed from the platform (my understanding). Can you go into detail about why you have this preference If you find a bug worth $100000 it seems like paying $250 to submit and get first-class priority support from real security researchers (instead of random triagers) would be welcome"
X Link 2025-08-30T18:28Z [----] followers, [----] engagements
"VP of Security at @0xPolygon confirming that top security teams are being DDOS'd by AI spam submissions π And it will only get worse "AI is creating an unexpected crisis for security teams: not through sophisticated attacks but by overwhelming human reviewers with exponential spam generation." Check out the full episode with @jack__sanford and @cvhessert the VP of Security at @0xPolygon Labs below https://t.co/k1xwWcs7u5 "AI is creating an unexpected crisis for security teams: not through sophisticated attacks but by overwhelming human reviewers with exponential spam generation." Check out"
X Link 2025-09-02T13:07Z [----] followers, [----] engagements
"Very fun episode chatting with the man behind the $70Bn protocol @eboadom Episode [--] of The Web3 Security Podcast is now live This week @eboadom Co-founder of @bgdlabs and former CTO of @aave joins @jack__sanford to discuss managing $70Billion in assets major protocol upgrade challenges and more Full episode below π https://t.co/lzXs3JKUmO Episode [--] of The Web3 Security Podcast is now live This week @eboadom Co-founder of @bgdlabs and former CTO of @aave joins @jack__sanford to discuss managing $70Billion in assets major protocol upgrade challenges and more Full episode below π"
X Link 2025-09-03T14:47Z [----] followers, [---] engagements
"Interviewed my first North Korean yesterday Took [--] mins to figure it out Guy did undergrad at UC Berkeley but couldn't name a single street or restaurant in Berkeley π Worked in-person at Meta [--] years but didn't know where his office was Seems if you go into detail about their resume they can't answer much Keep an eye out for this one: @zachxbt https://www.linkedin.com/in/cturney/ https://www.linkedin.com/in/cturney/"
X Link 2025-09-09T12:25Z [----] followers, 10K engagements
"Excited to announce Sherlock's AI auditor. @IAm0x52 is the full-time AI research lead with @muellerberndt joining recently. And it works like magic. "I've tried many different AI audit tools and none come even close to Sherlock AI." - @offerijns CTO of @centrifuge Moreπ Today were introducing Sherlock AI an auditing assistant modeled on the expertise of the worlds top smart contract researchers. Catch vulnerabilities as you build arrive at audits prepared and ship your code with confidence. https://t.co/oyLeDBOKwQ Today were introducing Sherlock AI an auditing assistant modeled on the"
X Link 2025-09-23T15:22Z [----] followers, 15.8K engagements
"We haven't released Sherlock AI's track record in full but we've found Highs and Criticals in: 1) Unaudited codebases of top [--] TVL projects 2) Audited codebases of top [--] TVL projects 3) Bug bounty programs 4) Audit contests"
X Link 2025-09-23T15:22Z [----] followers, [---] engagements
"And beyond that I believe our team has built the best software (UI UX GitHub integration etc.) for any dev team. Sherlock AI has abilities that totally redefine developer workflows. Join the beta now before it ends (and prices go up) π https://audits.sherlock.xyz/request-audit https://audits.sherlock.xyz/request-audit"
X Link 2025-09-23T15:22Z [----] followers, [---] engagements
"After spending some time reviewing this vulnerability and talking to researchers I think Sherlock should have announced this vulnerability as High instead of Critical. The bug bounty platform on which it was submitted classified it as High. Sherlock AI discovered a Critical vulnerability affecting $2400000 in a live lending protocol. This is the first known instance of an AI uncovering a multi-million-dollar bug on mainnet. Here's how Sherlock AI surfaced the vulnerability: https://t.co/qHKzLAJOJr Sherlock AI discovered a Critical vulnerability affecting $2400000 in a live lending protocol."
X Link 2025-10-02T18:53Z [----] followers, [----] engagements
"Awesome validation of Sherlock AI by an early beta tester (@centrifuge) Lots of improvements coming soon π Top teams are already starting to feel the impact Sherlock AI can have. Don't believe us Ask @offerijns CTO of @centrifuge https://t.co/auYcUMaSkm Top teams are already starting to feel the impact Sherlock AI can have. Don't believe us Ask @offerijns CTO of @centrifuge https://t.co/auYcUMaSkm"
X Link 2025-10-07T01:04Z [----] followers, [---] engagements
"@offerijns @centrifuge Great chatting"
X Link 2025-10-15T14:23Z [----] followers, [---] engagements
"I've been asked to turn this thread into a lightning talk for @EthereumDenver's People's Choice [----]. I'll break down the $1.5Bn Bybit hack and share simple steps you can take so it doesn't happen to you π
β Vote for it if you're a member of @SporkDao https://jokerace.io/contest/base/0x8c5d1b5a61d5347e626759500e2fe47037be8ea8/submission/76859480493869597113716665257736352966266862061935663928840378171516690382077 Bybit $1.5Bn Hack Explained Like many crypto companies Bybit keeps important funds in a "cold wallet". A cold wallet is controlled by devices disconnected from the internet for extra"
X Link 2025-02-21T22:53Z [----] followers, [----] engagements
"Aave crossing $50Bn is very significant. In [----] Dodd-Frank declared any bank over $50Bn in assets a "Systemically Important Financial Institution" and added extra regulations. Many banks kept assets at $49Bn to avoid tripping it. Aave blew right past the $50Bn mark"
X Link 2025-07-23T12:30Z [----] followers, [----] engagements
"@0xFlint_ Yeah I think this is the right question. And it only needs to drive away the AIs that have a false positive ratio that is too high. But that may be all of them currently"
X Link 2025-08-29T18:20Z [----] followers, [----] engagements
"Two steps to become a go-to independent auditor for a top protocol team: 1) Learn their codebase better than anyone 2) Be a high-trust individual Researchers if you want to work with top protocols like @aave there is no shortcut for putting in the hours. Check out the full episode with @jack__sanford and @eboadom Co-founder of @bgdlabs and former CTO of @aave below https://t.co/s6oGz1bre6 Researchers if you want to work with top protocols like @aave there is no shortcut for putting in the hours. Check out the full episode with @jack__sanford and @eboadom Co-founder of @bgdlabs and former CTO"
X Link 2025-09-09T11:40Z [----] followers, [----] engagements
"Special thanks to all the researchers who participated in the Fusaka contest on Sherlock Some really great findings and Fusaka is on track for mainnet π The Ethereum testnet Sepolia has been successfully upgraded to Fusaka Next up is the Hoodi testnet which is the final testnet being upgraded. If all goes well with Hoodi Fusaka should land on mainnet in early December. The Ethereum testnet Sepolia has been successfully upgraded to Fusaka Next up is the Hoodi testnet which is the final testnet being upgraded. If all goes well with Hoodi Fusaka should land on mainnet in early December"
X Link 2025-10-14T13:54Z [----] followers, [----] engagements
"Check out the $250000 @centrifuge contest that kicks off today If you like clean codebases this one is for you "We took every single low and even informational issue seriously. Every single issue we're thinking about how can we design the system to be more defensive" Watch the full episode with @offerijns the CTO at @centrifuge and @jack__sanford below https://t.co/ZzWT3iMaJG "We took every single low and even informational issue seriously. Every single issue we're thinking about how can we design the system to be more defensive" Watch the full episode with @offerijns the CTO at @centrifuge"
X Link 2025-10-20T16:33Z [----] followers, [----] engagements
"Very fun episode Coordinating security upgrades across disparate chains in the Cosmos ecosystem is π€― Episode [--] of The Web3 Security Podcast is now live This week @BPIV400 co-CEO of @cosmoslabs_io joins our CEO @jack__sanford to discuss prioritizing security in development @Cosmos Hub deployment and more Watch the full episode below https://t.co/D1tNyADAxA Episode [--] of The Web3 Security Podcast is now live This week @BPIV400 co-CEO of @cosmoslabs_io joins our CEO @jack__sanford to discuss prioritizing security in development @Cosmos Hub deployment and more Watch the full episode below"
X Link 2025-10-22T13:18Z [----] followers, [---] engagements
"Sherlock was busy in Q3 Trusted by the best at every step of the journey. https://t.co/zjCqVxKE2i Trusted by the best at every step of the journey. https://t.co/zjCqVxKE2i"
X Link 2025-10-22T13:19Z [----] followers, [----] engagements
"The incorrect fix is related to the $7.33M live vulnerability that was caught by Cyfrin while the contracts were live on mainnet. Second image is the post-mortem of the $7.33M live vulnerability: It seems the fix you suggested allowed this vulnerability to be possible on mainnet for weeks. Bunni was at risk of being hacked for $7.33M because of a bad fix suggestion from a Pashov audit but you say that Bunni's security outcome was due to their incorrect approach. It seems misleading. From the Cyfrin audit report: https://blog.bunni.xyz/posts/bug-disclosure-reentrancy-lock-bypass/"
X Link 2025-10-23T15:16Z [----] followers, [----] engagements
"AI Auditing and the Future of Web3 Security with some of the top AI audit firms This panel is going to be very cool π AI auditing is the hottest topics in Web3 security. How close are we to reliable automation At DSS @blocksek leads @ChanniGreenwall @balakhonoff @nicowaisman and @jack__sanford in a discussion on what AI can do in audits today where it fails and how it fits along humans. https://t.co/4bWyMi82Gt AI auditing is the hottest topics in Web3 security. How close are we to reliable automation At DSS @blocksek leads @ChanniGreenwall @balakhonoff @nicowaisman and @jack__sanford in a"
X Link 2025-10-30T19:14Z [----] followers, [---] engagements
"Already reading the 2nd edition of Mastering Ethereum First edition + Ethereum whitepaper + How to DeFi got me into Ethereum back in the day Cool that it's made by an all-Italian team Mastering Ethereum 2nd edition is officially out. How can you read it - Online for free: in the next few days/weeks we will publish it on github/x and probably other venues - Kindle: you can buy it on amazon - Paperback: you can buy it on amazon - Online not for free (doesn't Mastering Ethereum 2nd edition is officially out. How can you read it - Online for free: in the next few days/weeks we will publish it on"
X Link 2025-10-31T11:18Z [----] followers, [----] engagements
"Highly recommend this podcast with @drakefjustin if you want to: 1) Learn the what and why of @ethereum's ZK and quantum roadmap 2) Understand what it takes to be a top contributor at a $400Bn+ protocol "Having a blockchain that is so secure that nothing can break it not a nation state not a quantum computer that is the dream that we have" Episode [--] of The Web3 Security Podcast with @jack__sanford and @drakefjustin senior researcher at the @ethereumfndn is now live https://t.co/ICVObY9j5S "Having a blockchain that is so secure that nothing can break it not a nation state not a quantum"
X Link 2025-11-05T15:43Z [----] followers, [---] engagements
"@Balancer Great writeup and transparency"
X Link 2025-11-06T01:21Z [----] followers, [---] engagements
"Come hang with @sherlockdefi @ethereumfndn and @gnosisdotio at an awesome venue in Buenos Aires next week. Message me or someone at Sherlock to make sure you get in π Will you be in Buenos Aires for @summit_defi and @EFDevcon Join us for Proof of Security co-hosted by the @ethereumfndn and @gnosisdotio Expect a keynote panel and open networking amongst leaders shaping security infrastructure DeFi and more. Sign up below π Will you be in Buenos Aires for @summit_defi and @EFDevcon Join us for Proof of Security co-hosted by the @ethereumfndn and @gnosisdotio Expect a keynote panel and open"
X Link 2025-11-11T16:23Z [----] followers, [----] engagements
"Giving a state of the union talk in a few hours about AI in Web3 Security with Coinbase Dozens of hours and dozens of interviews with devs and SRs went into this π¨π» Our CEO @jack__sanford will be live with @buildonbase for the Coinbase Security Series today at 6pm UTC Topic: How Web3 Security is Changing with AI Set your reminders now Our CEO @jack__sanford will be live with @buildonbase for the Coinbase Security Series today at 6pm UTC Topic: How Web3 Security is Changing with AI Set your reminders now"
X Link 2025-11-14T12:37Z [----] followers, [---] engagements
"@QwQiao When I worked at Morgan Stanley and Citadel the biggest joke position in both companies was the Chief Economist"
X Link 2025-11-17T01:05Z [----] followers, [---] engagements
"Really cool conversation with @sha2nk_ of @coinbase Web3 security is getting so good that Web2 attack vectors are becoming bigger targets "Anything we want to launch on-chain we have to be absolutely sure of. Absolutely zero room for error." This week @sha2nk_ Head of Security @base joins our CEO @jack__sanford for Episode [--] of The Web3 Security Podcast Full episode below π https://t.co/PBTCZ0ygQA "Anything we want to launch on-chain we have to be absolutely sure of. Absolutely zero room for error." This week @sha2nk_ Head of Security @base joins our CEO @jack__sanford for Episode [--] of The"
X Link 2025-11-19T18:01Z [----] followers, [---] engagements
"It's clear that Aave V4 wants to be a vacuum for the highest-quality collateral in the crypto space I've never seen a concept where a borrower pays less interest if their collateral quality is higher very cool A more detailed (and technical) overview of the protocol: https://t.co/EzNha7tEmA A more detailed (and technical) overview of the protocol: https://t.co/EzNha7tEmA"
X Link 2025-11-25T12:33Z [----] followers, [----] engagements
"If you can crack Aave V4 your life will change. @aave V4 has already been reviewed by legends like @deadrosesxyz @Montyly @IAm0x52 @xiaoming9090 Now @0xSimao is putting his #2 ranking and [---] leaderboard points at risk to lead the Aave V4 contest. Starts today π
I personally audited this as part of the @blackthornxyz engagement. Tightest codebase I've ever seen. If I had to bet on anybody in the world to break it though I'd bet on @0xSimao I personally audited this as part of the @blackthornxyz engagement. Tightest codebase I've ever seen. If I had to bet on anybody in the world to break it"
X Link 2025-12-01T12:09Z [----] followers, 10.2K engagements
"@AnthropicAI @MATSprogram Very cool. Why only look at Binance Smart Chain for post-March [----] contracts Either way earning $3694 post-March is cool but @sherlockdefi AI already uncovered a $350000 exploit in a live contract: https://x.com/sherlockdefi/status/1971528912992878981 Sherlock AI just flagged a Critical vulnerability in a leading lending protocol that put $350k+ of user collateral at risk. This is the 1st known instance of an AI catching a Critical vulnerability in a live protocol with TVL at risk. Heres what the bug did - and why it could"
X Link 2025-12-02T04:22Z [----] followers, 14.6K engagements
"Really interesting approach to benchmarking. There's really no better place than on-chain to prove AI's merit. Sherlock AI has already "discovered" 100x more exploitable TVL in Anthropic's post-March [----] timeframe ($350000 vs. $3476) Sherlock AI Opus [---] GPT-5 New on our Frontier Red Team blog: We tested whether AIs can exploit blockchain smart contracts. In simulated testing AI agents found $4.6M in exploits. The research (with @MATSprogram and the Anthropic Fellows program) also developed a new benchmark: https://t.co/QpGPMqlDRG New on our Frontier Red Team blog: We tested whether AIs can"
X Link 2025-12-02T04:27Z [----] followers, [----] engagements
"Getting mentioned by @ethereum always hits different π Congrats to the Ethereum devs and community on officially upgrading to Fusaka"
X Link 2025-12-04T00:44Z [----] followers, [----] engagements
"Minimum days to become LSW: [--] Days in @aave V4 contest: [--] If you get 1st place in Aave V4 you are almost guaranteed to become LSW on @sherlockdefi even with a brand-new account π«‘ hi @jack__sanford @TheWavexyz Im planning to join the AAVE v4 contest on @sherlockdefi if I get 1st place can you give me the LSW title π hi @jack__sanford @TheWavexyz Im planning to join the AAVE v4 contest on @sherlockdefi if I get 1st place can you give me the LSW title π"
X Link 2025-12-05T12:32Z [----] followers, [----] engagements
"I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty payouts this year"
X Link 2025-12-09T11:52Z [----] followers, 19.8K engagements
"@immunefi These announcements: https://x.com/immunefi/status/1753432276120060100 #ImmunefiStats Excellent start to the year $1.8m paid to whitehats in January. Let's go. https://t.co/zCvDYxF8Zc https://x.com/immunefi/status/1753432276120060100 #ImmunefiStats Excellent start to the year $1.8m paid to whitehats in January. Let's go. https://t.co/zCvDYxF8Zc"
X Link 2025-12-09T11:52Z [----] followers, [----] engagements
"@r0bre @immunefi You think it's mainly due to higher quality auditing than [----] or higher quality development"
X Link 2025-12-09T13:07Z [----] followers, [---] engagements
"@mikeleffer @immunefi True hard to have a decrease if you don't pay out [----] in the first place https://x.com/drdr_zz/status/1966127716417319300 Hey @cantinaxyz wanted to reach out about the pending payment from July [----] but you don't answer to DMs here neither can I verify on Discord. https://x.com/drdr_zz/status/1966127716417319300 Hey @cantinaxyz wanted to reach out about the pending payment from July [----] but you don't answer to DMs here neither can I verify on Discord"
X Link 2025-12-09T13:56Z [----] followers, [----] engagements
"Average Critical bug bounty payout on @immunefi: 2024: $46228 2025: $25617 -45% π What's causing bug bounty payouts to be nearly cut in half in [----] I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty payouts this year I compiled all the available @immunefi monthly announcements from 2024/2025 Bug bounty $ payouts are down roughly -41% this year BTC is +56% over the same period What could be causing the sharp decrease in bounty"
X Link 2025-12-10T12:20Z [----] followers, [----] engagements
"@josepchetrit @immunefi Interesting why would Cantina (and Sherlock) taking some of the market cause the Critical payouts to go down though"
X Link 2025-12-10T13:49Z [----] followers, [---] engagements
"@josepchetrit @immunefi Yeah I agree with that if Immunefi is losing the highest-paying customers at a higher rate then it could cause their payout sizes to drop"
X Link 2025-12-10T22:14Z [----] followers, [---] engagements
"@josepchetrit @immunefi Yeah fair unfortunately I don't think the data is there for the other platforms to do a proper global analysis. Even for Immunefi the data is missing 7/24 months"
X Link 2025-12-10T22:15Z [----] followers, [--] engagements
"@josepchetrit @immunefi Interesting this seems relevant: https://x.com/samczsun/status/1998816590901756081 i wrote some thoughts on bug bounties payouts and how we should think about crypto security going forward https://t.co/kV1C6OCS8A https://x.com/samczsun/status/1998816590901756081 i wrote some thoughts on bug bounties payouts and how we should think about crypto security going forward https://t.co/kV1C6OCS8A"
X Link 2025-12-10T22:23Z [----] followers, [---] engagements
"@huvoliveira @immunefi Correct it's only based on 17/24 publicly available months"
X Link 2025-12-11T19:34Z [----] followers, [--] engagements
"@WhiteHatMage Maybe. At least: P(Critical bounty paid) P(Critical exists) So there's a 72% chance that an average project has an exploitable Critical in it during a year. Not sure if this is true: P(blackhat exploit) = P(Critical bounty paid)"
X Link 2025-12-15T15:24Z [----] followers, [---] engagements
"@centrifuge @itsbhaji AI auditing will go mainstream π€"
X Link 2025-12-18T22:38Z [----] followers, [---] engagements
"So many top teams are reaching out about AI auditing this month even compared to November. What changed"
X Link 2025-12-23T15:54Z [----] followers, [----] engagements
"Attack and Defend: Sherlock AI has two distinct phases: 1) Attack: searches for Criticals using first-principles logical analysis of code paths 2) Defend: methodically checks every known vulnerability and compares it with the current code path Think of Attack as a bug bounty hunter Think of Defend as an auditor Sherlock AI V2.1 We've shipped another upgrade to Sherlock AI bringing our model even closer to how experienced human auditors think and work. This release introduces a new scope-aware research architecture deeper security methodologies and improved prompt design that"
X Link 2025-12-23T17:59Z [----] followers, [----] engagements
"@jayendra_jog @OpenAI Cool setup. Would love to compare it against Sherlock AI to see how it does"
X Link 2026-01-09T14:58Z [----] followers, [---] engagements
"@Taridoku Well done"
X Link 2026-01-10T03:19Z [----] followers, [---] engagements
"The performance by @IAm0x52 in the @centrifuge contest might go down as one of the all-time great performances Following the results of the @centrifuge contest @IAm0x52 has retaken the top spot on the Sherlock leaderboard Congratulations to @panprog on an incredible run spending [---] days at #1. How long can @IAm0x52 stay on top https://t.co/6tSYi7hBwe Following the results of the @centrifuge contest @IAm0x52 has retaken the top spot on the Sherlock leaderboard Congratulations to @panprog on an incredible run spending [---] days at #1. How long can @IAm0x52 stay on top https://t.co/6tSYi7hBwe"
X Link 2026-01-15T17:35Z [----] followers, [----] engagements
"Weve tried many different AI audit tools and none come even close to Sherlock AI." π₯ Been great working with the @centrifuge team and watching the RWA space blow up at the same time. https://t.co/OsQbVpDbQ6 https://t.co/OsQbVpDbQ6"
X Link 2026-01-15T20:35Z [----] followers, [----] engagements
""I didn't want to have security as a separate function from engineering." - @BPIV400 It seems that AI will bring development and security much closer together and teams like @cosmos that already function that way will be ahead of the curve. If you can put up a dollar early on security it can save you $3 on audits $5 on bug bounties and $10 on like an exploit. Here's my notes on the Web3 Security podcast episode featuring @BPIV400 co-CEO of @Cosmos hosted by @jack__sanford from @sherlockdefi. From Politics to If you can put up a dollar early on security it can save you $3 on audits $5 on bug"
X Link 2026-01-24T16:02Z [----] followers, [----] engagements
"@vinicaboy @idlefinance @sherlockdefi Congrats"
X Link 2025-01-08T18:14Z [----] followers, [---] engagements
"The ERC-4626 standard has a built-in safeTransferFrom() for deposits However some deposit functions like Aave V4's add() make you do the safeTransferFrom() separately Why is this What determines when to include safeTransferFrom() in the function or not"
X Link 2025-11-28T15:58Z [----] followers, [----] engagements
"ERC-4626 deposit(): Aave V4 add(): https://github.com/aave/aave-v4/blob/06ee85037e851e4ddea6d00b70d26aaa62c6da53/src/hub/Hub.sol#L218 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC4626.sol#L194 https://github.com/aave/aave-v4/blob/06ee85037e851e4ddea6d00b70d26aaa62c6da53/src/hub/Hub.sol#L218 https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/token/ERC20/extensions/ERC4626.sol#L194"
X Link 2025-11-28T15:58Z [----] followers, [---] engagements
""Since this is redacted we want to make sure that we get it right in terms of a thorough critique of our codebase. Our diligence indicates that Sherlock has one of the best reputations as an auditor - more substance less fluff. That's pretty much how we define ourselves. We want to make sure that we get the most thorough audit possible and that's why we want to work with Sherlock." message from an inbound lead We will keep doing our part to make crypto safe π«‘ https://twitter.com/i/web/status/2016851570697367641 https://twitter.com/i/web/status/2016851570697367641"
X Link 2026-01-29T12:31Z [----] followers, [----] engagements
"Ethereum sets a great example when it comes to security. For all the auditing and internal reviews they do they still put $2000000 up for grabs in a Sherlock audit contest. And their approach was completely vindicated. [--] Highs were found in the contest These weren't Highs in clients that control 1% of the network. In order to meet the criteria for High it has to slash bring down or split 33% of the network. And [--] of these vulnerabilities were found in the contest. Credit to Ethereum for going the extra mile with a $2000000 audit contest. Contests are still the gold standard for securityπ
A"
X Link 2026-02-11T20:31Z [----] followers, [----] engagements
"@0xSimao @saffron @sherlockdefi Very impressive π«‘"
X Link 2024-10-02T19:43Z [----] followers, [---] engagements
"The [----] @SkyEcosystem report reminds me why I got excited about DeFi in the first place - Real revenue ($400M) and bank-like biz model - Crypto-native governance - Hard cap on SKY total supply - $90M in buybacks (6% of supply) - Profits distributed to SKY holders LFG DeFi π₯"
X Link 2025-12-18T12:45Z [----] followers, [----] engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing