11364
• Articles: @officercia • Blog: officercia.mirror.xyz • X: x.com/officer_cia
Use this list of fantastic telegram channels I've put together in order to discover them as your own personal Web3-Google!
• t.me/addlist/uesom31GM1I4Yjgy
What’s new?
• Added new channels, mostly non-tech format!
Feel free to use this folder to onboard your non-web3 friends to Web3, as the majority of the channels are maintained by independent researchers. There are also additional channels for news, CT reviews, and more!
A small tip to subscribooors: if you find a channel interesting, move it out of the folder into your main list of chats. That way you’ll view content you’re interested in more often, and channels get more views instead of just subscribers!
#security #offtopic
Awesome tips out there fam 👀
Pure alpha 🐺🐺 🌕
#audit #ethereum #web3
officercia.mirror.xyz/y7qzSLS8qZuU_fdHcrYyN7eZxGzfo_Z5avmNHqhbrZU
Читать полностью…
A friendly reminder to my US subscribers (there are 35% of you): I have never visited your country and have no plans to. If you wish to ask me about my view on elections or political parties, please unsubscribe.
Again, I have no knowledge in this area, have never been to the United States, and am not interested in whether you are a Democrat or a Republican. Thank you.
#offtopic
Yet another OpSec tip (a thread):
• https://x.com/officer_cia/status/1823414116918137003?12
• x.com/officer_cia/status/1823413948265242634?1
Please like & RT!
#opsec #security
Technical Bug Bounty Methodology ⬇️
• x.com/ogcybersec/status/1821876793508323448
#web2 #security
Save this post if you've been scammed or hacked!!!
• x.com/officer_cia/status/1800971266049847467?1
More tips listed here: x.com/officer_cia/status/1821820067824230585 as an example, you don’t have to ask the police to rescue funds but to proof you are holding them and then send these docs to CEXes/tether/circle in order to freeze stolen funds.
#security #privacy
Thank you for a mention 🫡!
• x.com/dethsca/status/1821242974455640275?1
#security #web3
Here’s an example we shared with our Community of how excluding certain user inputs from a hash message exploitation attack vector can be caught with Glider 👇
• https://x.com/elen__kay/status/1821125802949280062?s=46
Found this interesting 👀 Join our Discord to learn more 🫡
#audit #web3
Uhm… My XMR address (in case someone wanted to tip me):
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds
These were the Inferno hackers…
I think I will keep these funds on a separate address until someone officially asks for a refund. Thank you for ruining my day:(
Glider queries can describe complex bugs and find matches on all live smart contracts within dozens of seconds!
You often ask us about real queries and use cases, and we have something to share👇
• https://x.com/xyz_remedy/status/1820768545615085946?s=46
#audit #web3
🚨 JUST IN: The Ronin Network bridge, which currently secures over $850M, has been paused while investigating a potential $10M (~4000 ETH) MEV exploit reported by white hats.
Читать полностью…
A couple simple tips won't hurt your OpSec, please save this post!
Please support my work on OpSec & privacy. I am not a whale at all (feel free to cross-verify) and need your support.
The best thing is to support me directly by donating to any address from the list below:0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth — Ethereum & L2s;17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU or bc1q75zgp5jurtm96nltt9c9kzjnrt33uylr8uvdds or bc1p378ghr5k40tm2tw40m4lu4a680m8cfpqd7m6utx5d6p28e5xvnpsqs9f86 - Bitcoin;0zk1qydq9pg9m5x9qpa7ecp3gjauczjcg52t9z0zk7hsegq8yzq5f35q3rv7j6fe3z53l7za0lc7yx9nr08pj83q0gjv4kkpkfzsdwx4gunl0pmr3q8dj82eudk5d5v - Railgun;TYWJoRenGB9JFD2QsdPSdrJtaT6CDoFQBN - TRX;
You can also support me by minting one of my Mirror articles NFTs or just DM me in Telegram (@farm42) for address! Thank you very much! ❤️
What about SSD? Electromagnetic impulse doest not do anything to them, is there a reliable way to kill them without leaving ability to recover anything?
🧢 Do you submit a lot of bug reports, but only a few of them ever get escalated to the organization? Finding a valid bug does not always guarantee a bounty, as you still need to back up your findings by submitting high-quality reports.
So we asked Hexens.io's expert triage team to share valuable tips to help you submit better bug reports 👇
✍ A great bug report starts with a clear and concise bug description. Explain exactly what the bug is, provide context about its impact, and why it matters. It sets the stage for understanding the bug from the outset.
Example - LID-2
🖥 If the vector is complex, detail the attack step by step. Lay out each action clearly, enabling anyone to reproduce the issue. This approach shows the exact exploitation method, making assessing and addressing the risk easier.
Example - EIG 14
🛡A working Proof of Concept (PoC) is essential. Demonstrate the exploit in action using videos, screenshots, or live links (for Web2) and an executable code file for Web3. This validates the bug’s impact and shows it’s not just theoretical but a real-world threat.
Example - MAN1-17
🧩 Add references and links to related CVEs, docs, or external sources. These resources bolster your report’s credibility, offering additional context and helping to compare the issue with known vulnerabilities.
🎯 Use clear and concise language. Avoid jargon and keep your report straightforward. The goal is to communicate effectively with both technical and non-technical team members, ensuring everyone understands the bug and its risks.
🧢 And finally, if the triage team suggests an improvement, or requires more information to properly triage your submission - please make sure you provide all of the necessary info. The team does their best to help you succeed but they cannot do it without your collaboration.
Now get hunting 🪲 There’s a valid bug report waiting to be submitted 💊
GM frens! 🌞
If you enjoyed yesterday's read 👆 then you're going to love what we have in store for you on our Discord 🚀
Be the first to get all the latest Glider news, Remedy updates, and more. Plus, you'll have a direct line to ask all your questions and learn some insights 👀
See you there 🫡
US elections be like the AVP: Alien vs. Predator movie.
Whoever wins, humanity lose.
#offtopic
For my chat participants: Guild chat has been deleted and I will NOT be creating any additional chat rooms, once again, Guild 3.0 chat has been deleted. This response is for those who write to me saying, "Hey, you banned me in chat." I simply erased the chat, not banning anyone. It might not appear immediately because of a Telegram error.
The only public chat where you can check my account is LobsterDAO. I'm out of all chat rooms and I don't have any personal private groups.
#offtopic
Remedy commits to Web3’s security by providing cutting-edge solutions and services, and we are eager to highlight our partner, LineaBuild.
Projects building on Linea can now quickly launch bug bounty programs and benefit from:
- No commissions and listing fees
- Free triaging during beta (powered by hexens.io security teams)
- One-of-a-kind ZK proof of duplicate
- Access to glide.R.xyz, our flagship technology
Join R.xyz to enhance security across Ethereum!
#audit #web3 #security
GM 🧢 Another day, another Glider deep dive - this time exploring Glider's capabilities with Instruction 🚀
If you'd like to see more insights and the practical example - join our Discord and check #glider-resources section.
P.S. that channel contains the best resources on Glider 👀 Don't miss out 🫡
GM Whitehats 🧢
Here's a list of BB programs on R.xyz with 1 million payout🫡
PancakeSwap - $ 1,000,000
Boba Network - $ 1,000,000
Scroll - $ 1,000,000
Polygon - $ 1,000,000
Join Remedy Discord to get new program updates 💊
Happy Hunting 🪲
This article never gets old 😎
• https://officercia.mirror.xyz/NS2iRVe70aFRzCed2oX24ZoTIGMLnaHAg9UGT06cyOI
Thanks to today’s donator, there will be more articles to be posted soon!
#opsec #security
Handling signatures with arbitrary user inputs in smart contracts can lead to critical vulnerabilities. Here’s an example of how excluding certain user inputs from a hash message exploitation attack vector can be caught with Glider.
Follow us on Twitter or join our Discord for more insights and examples 🫡
Anyways… please support me with a like or RT! I need your support, fam.
• https://x.com/officer_cia/status/1820953940927631654?s=46
#solidity #web3 #defi
To the individual who gave me a significant donation this morning: you are incredibly amazing, I appreciate you! DM me on TG or here on X in private messages if you'd like! I'd be happy to talk to you or assist!
Anyway - I respect your anonymity! If you don't want to, you don't have to DM! Have an awesome day!!!
P.S.
If you want to support me, use these addresses: t.me/officer_cia/2585 or my ByBit deposit address: 0xeeb111d3a354fb00d72c00b3179c066ff0b4b1f9
#offtopic
In this paper, authors present the first systematic study on 533 Solidity compiler bugs! ⬇️
• x.com/officer_cia/status/1820694793107738624?1
#security #paper
+ 1 yet another awesome tool has just been released 👀
• x.com/xyz_remedy/status/1820534487106945186?1
#mev #web3
On-chain clown of the day: The Pancake Bunny exploiter accidentally transferred $3.6M to the DAI contract address 8 hrs ago
0x72df3d8b97b92188eb7516277836fd07e994b276c858052815a398cc52c91bc1