Rappie @rappie_eth
Fuzzing specialist | @SpearbitDAO ASR | @perimeter_sec founder github.com/rappie Netherlands Joined July 2018-
Tweets142
-
Followers412
-
Following728
-
Likes1K
By profiling Echidna across a range of smart contract scenarios, one of our interns identified and fixed a deep performance issue in one of its dependencies, hevm, significantly improving Echidna’s memory usage.blog.trailofbits.com/2024/05/08/usi…
Nice! It can be a huge pain to get access to tokens when doing onchain fuzzing with Echidna. This makes it easy.
Nice! It can be a huge pain to get access to tokens when doing onchain fuzzing with Echidna. This makes it easy.
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
In this workshop we go over the work we did for Centrifuge Liquidity Pools: - How to quickly get to a high coverage - Deciding what to mock and what to cover - Keeping the story simple Watch till the end for alpha on Centrifuge V2! Video is in the Recon Discord Server
Did a pretty cool thing with @Curvance and @trailofbits! Excited to finally be able to highlight this! blog.trailofbits.com/2024/04/30/cur…
gigagas ✅ teragas ✅ petagas - soon ItyFuzz with GPU EVM on 8x H100 can fuzz smart contracts at 700M+ transactions per second (~0.1 petagas/s).
Now that we’re seeing auditors joining projects as security partners, I wonder how long it’ll be before we see teams opt for an invariant testing driven development cycle with fuzzing/formal verification like we’ve seen with unit/end-to-end testing in web2. This seems like it…
The 3.4 million dollar Paraswap whitehat rescue across eight chains had an unusual twist in it. Front running by MEVbots was a big concern - some chains don't have private txs. So the team added a new bug that only they could exploit, then used it for the rescue. MEV impossible.
Here's the script I've been using to make both Echidna & Medusa work with external libraries. gist.github.com/aviggiano/d0c3… This is useful so that you don't need to manually edit your `cryticArgs` or `deployContracts` config parameters. Also, it converts all external libs to…
I just built the first Fuzzing Campaign with Create Chimera App 👀 - Foundry + Medusa by default - Best practices templates - Coded examples in the docs - Runs medusa with zero config - Compatible with Recon Pro Template written by @nican0r Go check it out!
Today I talk about onchain fuzzing with Echidna allthingsfuzzy.substack.com/p/onchain-fuzz…
I do it exactly the same way. We just added helpers for this to fuzzlib today 🙂 github.com/perimetersec/f…
I do it exactly the same way. We just added helpers for this to fuzzlib today 🙂 github.com/perimetersec/f…
I often get asked how to start with fuzzing. This is what I recommend: Start with the Echidna tutorial by @trailofbits. github.com/crytic/buildin… Once you're familiar with the basics, study other fuzzing campaigns. github.com/perimetersec/p… For a deep dive into the principles…
- Invariant Testing on Live Smart Contracts - Recipes - And Recurring Automations all in the latest recording of the Recon Office Hours!
halmos v0.1.11 Adds support for - the ecrecover precompile - the vm.addr(key) and vm.sign(key, digest) cheats - the makeAddr functions from forge-std
If you're getting into fuzz testing and want to see some examples of what it looks like on real codebases I'd highly recommend this repo by @rappie_eth. There's a lot of small details you learn from seeing real implementations that are hard to get from tutorials/docs alone.…
Wayne @Cyb3rWayne
31 Followers 298 Following (ISC)2 CC / CEH / CySA+ / WEB3 security researcher / Smart Contract auditTu Tri Mi @trimituvn
31 Followers 421 FollowingIgnacia Lutz @LutzIgna
48 Followers 5K FollowingZer0Luck | ChainLight @Younsle1
746 Followers 5K Following Security researcher at @chainlight_io | @theori_io | All opinions are my own/nfa ☁Nick Addison @naddison
2K Followers 1K Following Ethereum, Solidity | Developer at @OriginProtocol | Author of sol2uml and tx2uml... @VirtualOil
308 Followers 711 FollowingOdell Kopp @KoppOde
69 Followers 5K Following奥卡姆剃刀下的.. @Stonejiajia
59 Followers 411 FollowingTheyro @Theyro21020
8 Followers 314 FollowingDaejun Park @daejunpark
1K Followers 236 Following web3 security + formal methods @a16zcrypto; prev. director of formal verification @rv_inc; phd @IllinoisCSAlbahaca @Albahaca0000
13 Followers 259 Following EVM Smart Contracts Security Researcher @code4rena/@codehawksFayTitus @c6KfqRctLjI1d1D
1 Followers 384 Followingxiaohuajiao @xiaohuajiao
144 Followers 463 FollowingBeverlyEvelina @hwdXdV7Uo2P82J
3 Followers 432 FollowingPenny Wimpee @PennyWimp
0 Followers 168 FollowingAnnika Folio @AnnikaFoli26019
73 Followers 5K FollowingDrawtue @DrawtueGteNn
0 Followers 355 FollowingTuethors @TuethorsFj_6ZR
0 Followers 354 FollowingLyanna Ancheta @anche_lyan
0 Followers 191 FollowingIronside Security �.. @IronsideSec
21 Followers 376 Following smart contract Audits : https://t.co/CvgnjsWvwT watson @sherlockdefi 📩Sidrah Lescarbeau @SidrahL34622
58 Followers 5K FollowingDebbyFoster @02YT7d5SIs1s88
1 Followers 488 FollowingThesmmeth @thesmmeth6837
1 Followers 357 FollowingDaniel Armstrong @daniel_arms90
57 Followers 196 Following An independent blockchain security researcher currently active in audit contests on platforms such as Code4rena, Sherlock, and Immunefi.Audra Mccarl @AudraMccar82388
93 Followers 5K FollowingThough @Though1445186
13 Followers 577 FollowingAli0x @Alicrali333
11 Followers 160 FollowingJacquie Walden @JacquieWal54403
101 Followers 5K FollowingAmeira Colwell @ColweAmei
77 Followers 5K FollowingNextWindhustler🕵�.. @mylifechangefa1
500 Followers 795 Following 19 - Web3 whitehat, Network security, QA Tester/Engineer, contributor @onlydust_com, securing @usesendtokens and focusing on projects built on @layerzero_labs𝚘xCHIBY🌾 @chibylogs
3K Followers 921 Following Web 3 Security Researcher|| Audits|| cm @NavigatingWeb3_ marketing lead @QuotoFinanceGi @uspokoisya22
96 Followers 282 FollowingTessa Olivarra @tes_olivar
74 Followers 5K FollowingDanKaizer @DanKaizer
122 Followers 105 Following Core contributor to @azuroprotocol. @alliancedao ALL7 Web3 and CS-GO enjoyer!Zer0Luck | ChainLight @Younsle1
746 Followers 5K Following Security researcher at @chainlight_io | @theori_io | All opinions are my own/nfa ☁Zealynx @ZealynxSecurity
277 Followers 33 Following Smart Contract Security Reviews with Fuzzing & Formal Verification tests included. Blog: https://t.co/8JB4EtLrgA Founders: @TheBlockChainer & @seecoalbalourens @LourensLinde
556 Followers 1K Following Out there, on-chain, finding bugs in smart contracts. Junior Fuzzing Dev @getreconxyzPop Punk @PopPunkOnChain
23K Followers 252 Following co-founder of @gasliteGG // wassie in residence @g8_keep // the cheapest airdrop tool https://t.co/T919t1We7lDanKaizer @DanKaizer
122 Followers 105 Following Core contributor to @azuroprotocol. @alliancedao ALL7 Web3 and CS-GO enjoyer!dimulski @dimulskiatanas
395 Followers 98 Following Web3 Security Researcher 🕵️ | 50+ H/M vulnerabilities found 🎩 | DM for audits 💼Pashov Audit Group @PashovAuditGrp
1K Followers 1 Following Your world-class smart contract security partner. We have audited Ethena, 1inch, Karak, pump. fun, TapiocaDAO, Gains Network, RadiantHudaibia @Hudaibia99
182 Followers 995 Following "Web3 security enthusiast. Passionate about building secure and user-friendly experiences . Let's talk tech #web3security #SwiftLang #SketchRajkumar(0xrajkumar.e.. @0xRajkumar
1K Followers 1K Following Smart Contract Security Researcher whitehat @immunefi | @yAcademyDAO fellowljmanini @ljmanini
798 Followers 315 Following wearer of a white hat book an audit ➡️ https://t.co/199gwmgOcuEnigma Dark @EnigmadarkLabs
67 Followers 5 Following Leveraging white-hat expertise to protect a wide range of blockchain applications & enhance their security.savi0ur.eth @_savi0ur
330 Followers 411 Following Ex. Software Engineer @Cisco | Web 3.0 (MEV and DeFi) | rustacean 🦀 | whitehat @Immunefi | Smart Contract Auditor at @code4rena, @sherlockdefiZaevlad | Pre-audit s.. @RightNowIn
2K Followers 166 Following Security researcher, Foundry and tests expert. ✉️ DM for pre-audit research to eliminate the most common bugs and prepare your protocol for a high-level audit⁵⁄₉ @fiveoutofnine
9K Followers 973 FollowingScraping Bits Podcast @ScrapingBits
1K Followers 2 Following A technically rich podcast by developers for developers. Focusing on Web3 and AI. Created by @DeGatchi.CharlesWang @CharlesWangP
17K Followers 587 Following Securing web3 since 2020 | Over 250 audits conducted | Trusted by the largest protocols | Over 500 high risk findings | Lead auditor @bailsecurityProof Of Podcast @ProofOf_Podcast
1K Followers 548 Following Hosting security researchers, devs and founders to discuss tech, crypto and everything light touches. Host @hake_stake Available on all platforms 🔗👇Don Dodge @DonDodge
24K Followers 349 Following Tech veteran Cyfrin, CodeHawks, Google, Microsoft , Napster, AltaVistaCyfrin CodeHawks @CodeHawks
5K Followers 3 Following Helping companies secure smart contracts and auditors get paid. More than $500k rewarded to auditors. Powered by @cyfrinAuditsVitto Rivabella @VittoStack
113K Followers 377 Following Head of GTM @CyfrinAudits | Ex Lead Dev Rel @AlchemyPlatform | Created @cyfrinupdraft and @AlchemyLearn| Making web3 mainstreamKevin @kvncnls
31K Followers 1K Following Designer #1 at @monad_xyz | prev lead designer @CyfrinAudits | Web3, DeFi, NFTs.Erik Voorhees @ErikVoorhees
685K Followers 4K Following Toward peace, markets, and Bitcoin. Founder of https://t.co/vPo8SbPo6Q33Audits @solidityauditor
2K Followers 107 Following Your guide to the best knowledge on Smart Contract Security | Linktree for inquires ⬇️juancito @0xJuancito
7K Followers 632 Following ⚔️ Smart Contracts Auditor 🔎 SR1 @code4rena 🕵️♂️ Whitehat @immunefinirlin.eth @0xnirlin
2K Followers 517 Following Blockchain Security Auditor | Anti-AI-Auditor Telegram : https://t.co/5ypYkMPrHSc4lvin | ChainLight @SiwonHuh
624 Followers 1K Following Web3 Research Analyst @chainlight_io, @theori_io | c4lvin.ethThe_Obin @Kodak_Rome
170 Followers 509 Following Independent security researcher | Touching grass via Airdrop Farming | ZAP Chain ⚡️ArmedGoose @0xArmedGoose
161 Followers 348 Following Alter ego @0xluk3 | Hacking at @monethic_io | Part-time audit contest competitooorKavita B @0xscaudits
213 Followers 2K Following Exploring the intersections of Web3 and security, safeguarding decentralized ecosystems one line of code at a time | #Web3SecurityResearcher0xrudra @0xrudrapratap
4K Followers 582 Following Triage @immunefi | Views are my own | Interested in Smart Contract Security | CTF's for @water_paddler/@thehackerscrew1 YT https://t.co/Qc6MuxtZw5Suha @suhackerr
366 Followers 522 Following ML security @trailofbits. Opinions not representative of my employer. She/Her. (@[email protected])PETER d/acc @0xpeternguyen
867 Followers 4K Following Technologist. Art Enthusiasm. Contributing to positive-sum MIT license. My tweets are my own. https://t.co/KUr0GCyGwcNevvDevv🛡️ @NevvDevv
784 Followers 2K Following Independent blockchain developer, researcher & auditor | @WorkpodAudits CouncilTodorov @0xTodorov
2K Followers 705 Following Full-time Smart Contract Security Researcher | Ex Cybersecurity expert in Web2Mr Anon @ShieldifyAnon
5K Followers 509 Following Founder of @ShieldifySec 🛡️ はブロックチェーンセキュリティ監査を専門とする (smart contract audits)Alex Becker 🍊🏆�.. @ZssBecker
1.0M Followers 21 Following Hyros. Neo Tokyo. Life stuff on https://t.co/lcpQ4QMUFn | 2024 Holds n Partners https://t.co/PEDIyoSP6qafkbyte.(eth | lens) .. @afk0b
2K Followers 1K Following research eng @eigenlayer | professional inter @0xMantle @sozuhaus | bag fumbler @partyhatDAO | NFAPyro | 0x3b @0x3b338
2K Followers 648 Following Smart contract auditor. Reach out at https://t.co/1XtsF8h1NQI'm in
We're releasing a very limited set of 100 early bird tickets 🎉🎉🎉 100 tickets @ $150 each This year is going to be BIG with some exciting changes to add more interactive workshops, networking, and co-working. Secure your spot: defisecuritysummit.org
Today we're releasing @BountyVision Here we aggregate bug bounty insights across platforms to: 1. Show the state of bug bounties across the ecosystem 2. Assess bounty sizes relative to funds at risk 3. Aid whitehats in finding bounty information (including in-scope assets)
proud of the team here @NascentSecurity for launching @BountyVision! see detailed information of bug bounties across multiple platforms & in-scope assets along side this, @delitzer wrote a blogpost & tweet thread that goes into *why* bounties are important checkout…
Today we're releasing @BountyVision Here we aggregate bug bounty insights across platforms to: 1. Show the state of bug bounties across the ecosystem 2. Assess bounty sizes relative to funds at risk 3. Aid whitehats in finding bounty information (including in-scope assets)
By profiling Echidna across a range of smart contract scenarios, one of our interns identified and fixed a deep performance issue in one of its dependencies, hevm, significantly improving Echidna’s memory usage.blog.trailofbits.com/2024/05/08/usi…
I will be giving a talk/workshop about the invariant testing campaign of the Euler vaults at the event, don’t miss it!!
Introducing the first-ever Spearbit HackerHouse with @eulerfinance & @CertoraInc. This is the highest EV Web3 security event in history with $1.25M on the line at @cantinaxyz. Full access to Euler's team. All meals provided. No costs. Just show up. Seats Limited. RSVP Below:
Would you want to see what projects other people are fuzzing and add them to your Recon account?
@thepantherplus @sherlockdefi @panprog @IAm0x52 @cergyk1337 @deadrosesxyz @HollaWaldfee100 @zachobront I'm not sure anyone can be like 0x52, he is just on another level
Friendship with 3074 ended
If you are a web3 auditor you'd definitely appreciate this group We exclusively talk about the business and making money aspects of this space - lots of alpha has been shared in the group already. Anybody is welcome to join. Rules in pinned message. t.me/web3securitybu…
Don't have the context, but want to say I've worked with David for over a year and he's always been incredibly kind and respectful to me If there was a disagreement, it should have been handled privately first. Not the other way around. Encrypted messages don't help anyone.
today is the third time in less than a year that @TrustlessState has bullied a female founder / early employee at a company he’s a investor in and i’ve had enough this behavior is gross using whatever social capital or influence you have to bully women is insane behavior
For too long I put off learning foundry, I’d take part in competitions but not worry about running tests because I was either afraid of the mess of trying to debug build errors (unfortunately too common) or didn’t see the point in running a test somebody else had written. As a…
"top tier security firm"
experimenting with visuals as test documentation
The Echinda fuzzer can optimize. We had code that we wanted to see how bad things could get with an important safety feature disabled. Rappie used optimizing to determine the max sizes for possible accumulated rounding errors. Was very useful. Prod still has the safety. :D
Excited to share the latest fuzzing project with @perimeter_sec. We focused on @OriginDeFi's recent refactor to simplify their Vault contract. 22 invariants tested for 130M+ runs 1 high severity issue found 12 tolerances established and tested Many thanks to @danielvf for his…
@rappie_eth @perimeter_sec @OriginDeFi @danielvf Things we absolutely love to see!!
With smart accounts + passkeys, I think we’re getting close to ideal internet credential. Users can 1. Create signers 2. Associate many signers with one identity 3. Manage signers on a public, auditable, and permissionless platform Oh and it has payments + identity built in
@willrobinson23 Another lens: if Apple, Google, OnePassword etc are all allowing credential creation via passkeys, then to devs we appear as a one stop shop that aggregates all these into one product.
It always makes me sad to hear about people getting scammed by phishing sites. At @OriginProtocol, we report all phishing domains to @MetaMask. They show a warning to everyone who has installed their extension. We also report every phishing domain to ICANN abuse.
Lets goooo just saw this - nice 🔥⚒️ Being able to warp through time during an invariant campaign is essential for generating realistic scenarios (accruing interest etc.)