Home
Notification
Profile
Trending Articles
News
Bookmarked and Liked
History
Creator Center
Settings
PatrickAlphaC
--
Follow
Competitive audits are still the best way to onboard to web3 security.
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content.
See T&Cs.
68
0
Explore the latest crypto news
⚡️ Be a part of the latests discussions in crypto
💬 Interact with your favorite creators
👍 Enjoy content that interests you
Email / Phone number
Sign Up
Login
Relevant Creator
PatrickAlphaC
@PatrickAlphaC
Follow
Explore More From Creator
I spoke to a Solana project (Cyfrin does Solana work now!) about their codebase, and we asked them why they kept a piece of their codebase out of scope for an audit. Their answer: “We plan to keep it closed sourced so the security needs are less.” 1. Without a security review, you’re just delaying the hackers to break down your project and find holes. Relying on obscurity should never be your entire security plan! 2. It seems this is a trend across Solana projects. This needs to change! Also closed sourced contracts have issues regardless, but that’s for another day…
--
Hot takes that I think shouldn’t be hot, and should be “the default” 1. The contest platform is ultimately responsible for the payout. It is the contest platform that promises payout, so if a platform doesn’t pay out, no matter the drama, it is the platform’s fault. 2. The auditors are the workers, and should be treated with the same respect as you would someone on your team. Changing goal posts in the middle of a review, allowing your team to be taken advantage of by allowing clients to dismiss submissions for any reason, or even giving the opportunity for a client to ruin the integrity of a contest (sharing results that could be leaked before contest ends, allowing the protocol to fix the bug and then close the issue because “oh it’s fixed now”) isn’t acceptable. Team > Client. With this, you end up giving the client better output because the team actually cares. Changing the rules of a competition that pays out money could even be considered illegal in some cases. 3. Exclusivity deals on bounty platforms are the antithesis of security. Imagine finding a live crit and not being able to report it because you have an exclusivity deal. 4. Despite all this, bug bounties and competitive audits are still the best way to get into the industry. Don’t let this be the excuse you give to platforms to treat you like dirt, but also keep in mind, many of them are trying their best. Unless they violate one of the statements I made above, in which case they may not be.
--
Ledger has made a lot of oopsies, this may be one of them - decommissioning a wallet is frustrating for those who purchased one. But on the plus side, they are still the only wallet to show EIP-712 hashes for signing. Other wallet brands, pay attention.
--
We made a smart contract dev framework for Vyper. We made a pretty cool feature. We think it would be cool in foundry. We made a ticket for it in foundry. Open source is amazing. https://github.com/foundry-rs/foundry/issues/6556
--
If you want to be cyberpunk Want a new career for you or your friends Want to make web3 a safer place Want to learn how to improve the solidity compiler @CyfrinUpdraft
--
Latest News
Stablecoins Gain Traction as Financial Giants Explore Digital Tokens
--
Cookie DAO’s InfoFi Play: Snaps, DataSwarm & AI Tokenomics Explained
--
BlackRock's Bitcoin ETF Sees Nine Consecutive Weeks of BTC Accumulation
--
OTC Weekly Trading Insights (06/26/2025)
--
Binance Research: Bitcoin Recovers From Geopolitical Shock, but Altcoin Season Still Out of Reach
--
View More
Trending Articles
$BTC pumped after clearing the lower side liquidity and now
DeCrypto TokenTalks
As of today, I can confidently say that even if we have 10 b
Farrah Depetris qTix
THE FINAL BOUNCE BEFORE THE BLOODBATH.
Xmeta4
Learn this simplest method of trading cryptocurrencies, and
Square-Creator-14f57d253
XRP Insiders Dump $68M Daily—Smart Money Exit from the Dust
Saloocrypto
View More
Sitemap
Cookie Preferences
Platform T&Cs
