Rappie @rappie_eth
Fuzzing specialist | @SpearbitDAO ASR | @perimeter_sec founder github.com/rappie Netherlands Joined July 2018-
Tweets142
-
Followers412
-
Following728
-
Likes1K
By profiling Echidna across a range of smart contract scenarios, one of our interns identified and fixed a deep performance issue in one of its dependencies, hevm, significantly improving Echidna’s memory usage.blog.trailofbits.com/2024/05/08/usi…
Nice! It can be a huge pain to get access to tokens when doing onchain fuzzing with Echidna. This makes it easy.
Nice! It can be a huge pain to get access to tokens when doing onchain fuzzing with Echidna. This makes it easy.
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
In this workshop we go over the work we did for Centrifuge Liquidity Pools: - How to quickly get to a high coverage - Deciding what to mock and what to cover - Keeping the story simple Watch till the end for alpha on Centrifuge V2! Video is in the Recon Discord Server
Did a pretty cool thing with @Curvance and @trailofbits! Excited to finally be able to highlight this! blog.trailofbits.com/2024/04/30/cur…
gigagas ✅ teragas ✅ petagas - soon ItyFuzz with GPU EVM on 8x H100 can fuzz smart contracts at 700M+ transactions per second (~0.1 petagas/s).
Now that we’re seeing auditors joining projects as security partners, I wonder how long it’ll be before we see teams opt for an invariant testing driven development cycle with fuzzing/formal verification like we’ve seen with unit/end-to-end testing in web2. This seems like it…
The 3.4 million dollar Paraswap whitehat rescue across eight chains had an unusual twist in it. Front running by MEVbots was a big concern - some chains don't have private txs. So the team added a new bug that only they could exploit, then used it for the rescue. MEV impossible.
Here's the script I've been using to make both Echidna & Medusa work with external libraries. gist.github.com/aviggiano/d0c3… This is useful so that you don't need to manually edit your `cryticArgs` or `deployContracts` config parameters. Also, it converts all external libs to…
I just built the first Fuzzing Campaign with Create Chimera App 👀 - Foundry + Medusa by default - Best practices templates - Coded examples in the docs - Runs medusa with zero config - Compatible with Recon Pro Template written by @nican0r Go check it out!
Today I talk about onchain fuzzing with Echidna allthingsfuzzy.substack.com/p/onchain-fuzz…
I do it exactly the same way. We just added helpers for this to fuzzlib today 🙂 github.com/perimetersec/f…
I do it exactly the same way. We just added helpers for this to fuzzlib today 🙂 github.com/perimetersec/f…
I often get asked how to start with fuzzing. This is what I recommend: Start with the Echidna tutorial by @trailofbits. github.com/crytic/buildin… Once you're familiar with the basics, study other fuzzing campaigns. github.com/perimetersec/p… For a deep dive into the principles…
- Invariant Testing on Live Smart Contracts - Recipes - And Recurring Automations all in the latest recording of the Recon Office Hours!
halmos v0.1.11 Adds support for - the ecrecover precompile - the vm.addr(key) and vm.sign(key, digest) cheats - the makeAddr functions from forge-std
If you're getting into fuzz testing and want to see some examples of what it looks like on real codebases I'd highly recommend this repo by @rappie_eth. There's a lot of small details you learn from seeing real implementations that are hard to get from tutorials/docs alone.…
Wayne @Cyb3rWayne
31 Followers 298 Following (ISC)2 CC / CEH / CySA+ / WEB3 security researcher / Smart Contract audit
Tu Tri Mi @trimituvn
31 Followers 421 Following
Ignacia Lutz @LutzIgna
48 Followers 5K Following
Zer0Luck | ChainLight @Younsle1
746 Followers 5K Following Security researcher at @chainlight_io | @theori_io | All opinions are my own/nfa ☁
Nick Addison @naddison
2K Followers 1K Following Ethereum, Solidity | Developer at @OriginProtocol | Author of sol2uml and tx2uml
... @VirtualOil
308 Followers 711 Following
Odell Kopp @KoppOde
69 Followers 5K Following
奥卡姆剃刀下的.. @Stonejiajia
59 Followers 411 Following
Theyro @Theyro21020
8 Followers 314 Following
Daejun Park @daejunpark
1K Followers 236 Following web3 security + formal methods @a16zcrypto; prev. director of formal verification @rv_inc; phd @IllinoisCS
Albahaca @Albahaca0000
13 Followers 259 Following EVM Smart Contracts Security Researcher @code4rena/@codehawks
FayTitus @c6KfqRctLjI1d1D
1 Followers 384 Following
xiaohuajiao @xiaohuajiao
144 Followers 463 Following
BeverlyEvelina @hwdXdV7Uo2P82J
3 Followers 432 Following
Penny Wimpee @PennyWimp
0 Followers 168 Following
Annika Folio @AnnikaFoli26019
73 Followers 5K Following
Drawtue @DrawtueGteNn
0 Followers 355 Following
Tuethors @TuethorsFj_6ZR
0 Followers 354 Following
Lyanna Ancheta @anche_lyan
0 Followers 191 Following
Ironside Security �.. @IronsideSec
21 Followers 376 Following smart contract Audits : https://t.co/CvgnjsWvwT watson @sherlockdefi 📩
Sidrah Lescarbeau @SidrahL34622
58 Followers 5K Following
DebbyFoster @02YT7d5SIs1s88
1 Followers 488 Following
Thesmmeth @thesmmeth6837
1 Followers 357 Following
Daniel Armstrong @daniel_arms90
57 Followers 196 Following An independent blockchain security researcher currently active in audit contests on platforms such as Code4rena, Sherlock, and Immunefi.
Audra Mccarl @AudraMccar82388
93 Followers 5K Following
Though @Though1445186
13 Followers 577 Following
Ali0x @Alicrali333
11 Followers 160 Following
Jacquie Walden @JacquieWal54403
101 Followers 5K Following
Ameira Colwell @ColweAmei
77 Followers 5K Following
NextWindhustler🕵�.. @mylifechangefa1
500 Followers 795 Following 19 - Web3 whitehat, Network security, QA Tester/Engineer, contributor @onlydust_com, securing @usesendtokens and focusing on projects built on @layerzero_labs
𝚘xCHIBY🌾 @chibylogs
3K Followers 921 Following Web 3 Security Researcher|| Audits|| cm @NavigatingWeb3_ marketing lead @QuotoFinance
Gi @uspokoisya22
96 Followers 282 Following
Tessa Olivarra @tes_olivar
74 Followers 5K Following
DanKaizer @DanKaizer
122 Followers 105 Following Core contributor to @azuroprotocol. @alliancedao ALL7 Web3 and CS-GO enjoyer!
Zer0Luck | ChainLight @Younsle1
746 Followers 5K Following Security researcher at @chainlight_io | @theori_io | All opinions are my own/nfa ☁
Zealynx @ZealynxSecurity
277 Followers 33 Following Smart Contract Security Reviews with Fuzzing & Formal Verification tests included. Blog: https://t.co/8JB4EtLrgA Founders: @TheBlockChainer & @seecoalba
lourens @LourensLinde
556 Followers 1K Following Out there, on-chain, finding bugs in smart contracts. Junior Fuzzing Dev @getreconxyz
Pop Punk @PopPunkOnChain
23K Followers 252 Following co-founder of @gasliteGG // wassie in residence @g8_keep // the cheapest airdrop tool https://t.co/T919t1We7l
DanKaizer @DanKaizer
122 Followers 105 Following Core contributor to @azuroprotocol. @alliancedao ALL7 Web3 and CS-GO enjoyer!
dimulski @dimulskiatanas
395 Followers 98 Following Web3 Security Researcher 🕵️ | 50+ H/M vulnerabilities found 🎩 | DM for audits 💼
Pashov Audit Group @PashovAuditGrp
1K Followers 1 Following Your world-class smart contract security partner. We have audited Ethena, 1inch, Karak, pump. fun, TapiocaDAO, Gains Network, Radiant
Hudaibia @Hudaibia99
182 Followers 995 Following "Web3 security enthusiast. Passionate about building secure and user-friendly experiences . Let's talk tech #web3security #SwiftLang #Sketch
Rajkumar(0xrajkumar.e.. @0xRajkumar
1K Followers 1K Following Smart Contract Security Researcher whitehat @immunefi | @yAcademyDAO fellow
ljmanini @ljmanini
798 Followers 315 Following wearer of a white hat book an audit ➡️ https://t.co/199gwmgOcu
Enigma Dark @EnigmadarkLabs
67 Followers 5 Following Leveraging white-hat expertise to protect a wide range of blockchain applications & enhance their security.
savi0ur.eth @_savi0ur
330 Followers 411 Following Ex. Software Engineer @Cisco | Web 3.0 (MEV and DeFi) | rustacean 🦀 | whitehat @Immunefi | Smart Contract Auditor at @code4rena, @sherlockdefi
Zaevlad | Pre-audit s.. @RightNowIn
2K Followers 166 Following Security researcher, Foundry and tests expert. ✉️ DM for pre-audit research to eliminate the most common bugs and prepare your protocol for a high-level audit
⁵⁄₉ @fiveoutofnine
9K Followers 973 Following
Scraping Bits Podcast @ScrapingBits
1K Followers 2 Following A technically rich podcast by developers for developers. Focusing on Web3 and AI. Created by @DeGatchi.
CharlesWang @CharlesWangP
17K Followers 587 Following Securing web3 since 2020 | Over 250 audits conducted | Trusted by the largest protocols | Over 500 high risk findings | Lead auditor @bailsecurity
Proof Of Podcast @ProofOf_Podcast
1K Followers 548 Following Hosting security researchers, devs and founders to discuss tech, crypto and everything light touches. Host @hake_stake Available on all platforms 🔗👇
Don Dodge @DonDodge
24K Followers 349 Following Tech veteran Cyfrin, CodeHawks, Google, Microsoft , Napster, AltaVista
Cyfrin CodeHawks @CodeHawks
5K Followers 3 Following Helping companies secure smart contracts and auditors get paid. More than $500k rewarded to auditors. Powered by @cyfrinAudits
Vitto Rivabella @VittoStack
113K Followers 377 Following Head of GTM @CyfrinAudits | Ex Lead Dev Rel @AlchemyPlatform | Created @cyfrinupdraft and @AlchemyLearn| Making web3 mainstream
Kevin @kvncnls
31K Followers 1K Following Designer #1 at @monad_xyz | prev lead designer @CyfrinAudits | Web3, DeFi, NFTs.
Erik Voorhees @ErikVoorhees
685K Followers 4K Following Toward peace, markets, and Bitcoin. Founder of https://t.co/vPo8SbPo6Q
33Audits @solidityauditor
2K Followers 107 Following Your guide to the best knowledge on Smart Contract Security | Linktree for inquires ⬇️
juancito @0xJuancito
7K Followers 632 Following ⚔️ Smart Contracts Auditor 🔎 SR1 @code4rena 🕵️♂️ Whitehat @immunefi
nirlin.eth @0xnirlin
2K Followers 517 Following Blockchain Security Auditor | Anti-AI-Auditor Telegram : https://t.co/5ypYkMPrHS
c4lvin | ChainLight @SiwonHuh
624 Followers 1K Following Web3 Research Analyst @chainlight_io, @theori_io | c4lvin.eth
The_Obin @Kodak_Rome
170 Followers 509 Following Independent security researcher | Touching grass via Airdrop Farming | ZAP Chain ⚡️
ArmedGoose @0xArmedGoose
161 Followers 348 Following Alter ego @0xluk3 | Hacking at @monethic_io | Part-time audit contest competitooor
Kavita B @0xscaudits
213 Followers 2K Following Exploring the intersections of Web3 and security, safeguarding decentralized ecosystems one line of code at a time | #Web3SecurityResearcher
0xrudra @0xrudrapratap
4K Followers 582 Following Triage @immunefi | Views are my own | Interested in Smart Contract Security | CTF's for @water_paddler/@thehackerscrew1 YT https://t.co/Qc6MuxtZw5
Suha @suhackerr
366 Followers 522 Following ML security @trailofbits. Opinions not representative of my employer. She/Her. (@[email protected])
PETER d/acc @0xpeternguyen
867 Followers 4K Following Technologist. Art Enthusiasm. Contributing to positive-sum MIT license. My tweets are my own. https://t.co/KUr0GCyGwc
NevvDevv🛡️ @NevvDevv
784 Followers 2K Following Independent blockchain developer, researcher & auditor | @WorkpodAudits Council
Todorov @0xTodorov
2K Followers 705 Following Full-time Smart Contract Security Researcher | Ex Cybersecurity expert in Web2
Mr Anon @ShieldifyAnon
5K Followers 509 Following Founder of @ShieldifySec 🛡️ はブロックチェーンセキュリティ監査を専門とする (smart contract audits)
Alex Becker 🍊🏆�.. @ZssBecker
1.0M Followers 21 Following Hyros. Neo Tokyo. Life stuff on https://t.co/lcpQ4QMUFn | 2024 Holds n Partners https://t.co/PEDIyoSP6q
afkbyte.(eth | lens) .. @afk0b
2K Followers 1K Following research eng @eigenlayer | professional inter @0xMantle @sozuhaus | bag fumbler @partyhatDAO | NFA
Pyro | 0x3b @0x3b338
2K Followers 648 Following Smart contract auditor. Reach out at https://t.co/1XtsF8h1NQI'm in
We're releasing a very limited set of 100 early bird tickets 🎉🎉🎉 100 tickets @ $150 each This year is going to be BIG with some exciting changes to add more interactive workshops, networking, and co-working. Secure your spot: defisecuritysummit.org
Today we're releasing @BountyVision Here we aggregate bug bounty insights across platforms to: 1. Show the state of bug bounties across the ecosystem 2. Assess bounty sizes relative to funds at risk 3. Aid whitehats in finding bounty information (including in-scope assets)
proud of the team here @NascentSecurity for launching @BountyVision! see detailed information of bug bounties across multiple platforms & in-scope assets along side this, @delitzer wrote a blogpost & tweet thread that goes into *why* bounties are important checkout…
Today we're releasing @BountyVision Here we aggregate bug bounty insights across platforms to: 1. Show the state of bug bounties across the ecosystem 2. Assess bounty sizes relative to funds at risk 3. Aid whitehats in finding bounty information (including in-scope assets)
By profiling Echidna across a range of smart contract scenarios, one of our interns identified and fixed a deep performance issue in one of its dependencies, hevm, significantly improving Echidna’s memory usage.blog.trailofbits.com/2024/05/08/usi…
I will be giving a talk/workshop about the invariant testing campaign of the Euler vaults at the event, don’t miss it!!
Introducing the first-ever Spearbit HackerHouse with @eulerfinance & @CertoraInc. This is the highest EV Web3 security event in history with $1.25M on the line at @cantinaxyz. Full access to Euler's team. All meals provided. No costs. Just show up. Seats Limited. RSVP Below:
Would you want to see what projects other people are fuzzing and add them to your Recon account?
@thepantherplus @sherlockdefi @panprog @IAm0x52 @cergyk1337 @deadrosesxyz @HollaWaldfee100 @zachobront I'm not sure anyone can be like 0x52, he is just on another level
Friendship with 3074 ended
If you are a web3 auditor you'd definitely appreciate this group We exclusively talk about the business and making money aspects of this space - lots of alpha has been shared in the group already. Anybody is welcome to join. Rules in pinned message. t.me/web3securitybu…
Don't have the context, but want to say I've worked with David for over a year and he's always been incredibly kind and respectful to me If there was a disagreement, it should have been handled privately first. Not the other way around. Encrypted messages don't help anyone.
today is the third time in less than a year that @TrustlessState has bullied a female founder / early employee at a company he’s a investor in and i’ve had enough this behavior is gross using whatever social capital or influence you have to bully women is insane behavior
For too long I put off learning foundry, I’d take part in competitions but not worry about running tests because I was either afraid of the mess of trying to debug build errors (unfortunately too common) or didn’t see the point in running a test somebody else had written. As a…
"top tier security firm"
experimenting with visuals as test documentation
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
Excited to share the latest fuzzing project with @perimeter_sec. We focused on @OriginDeFi's recent refactor to simplify their Vault contract. 22 invariants tested for 130M+ runs 1 high severity issue found 12 tolerances established and tested Many thanks to @danielvf for his…
@rappie_eth @perimeter_sec @OriginDeFi @danielvf Things we absolutely love to see!!
With smart accounts + passkeys, I think we’re getting close to ideal internet credential. Users can 1. Create signers 2. Associate many signers with one identity 3. Manage signers on a public, auditable, and permissionless platform Oh and it has payments + identity built in
@willrobinson23 Another lens: if Apple, Google, OnePassword etc are all allowing credential creation via passkeys, then to devs we appear as a one stop shop that aggregates all these into one product.
It always makes me sad to hear about people getting scammed by phishing sites. At @OriginProtocol, we report all phishing domains to @MetaMask. They show a warning to everyone who has installed their extension. We also report every phishing domain to ICANN abuse.
Lets goooo just saw this - nice 🔥⚒️ Being able to warp through time during an invariant campaign is essential for generating realistic scenarios (accruing interest etc.)
Trends for United States
You might like
