Alex the Entreprenerd

@entreprenerd

34 Following

33 Followers

Alex the Entreprenerd pfp

Alex the Entreprenerd

Getting some love for our work at Recon

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

If you’re going to announce a bug bounty or contest, do it as early as possible There’s no advantage in delaying but there’s advantage in people preparing for it

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

DailyWarden is a newsletter that sends you all ongoing Web3 Security Contests This is by far the most opened resource for Security Researchers that participates in contests and bounties Some even have it as their homepage!

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Watch me break a ERC4626 in 5 minutes with Invariant Testing: https://x.com/getreconxyz/status/1935021723327332528 In this video I use: - Foundry to setup tests and debug possible bugs - Echidna to explore many possible combinations and break a ERC4626 vault This helps you find complex bugs!

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

One new Bug Per Day, sent directly into your inbox OneBugPerDay.com

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

This free book teaches you how to write solidity tests to find bugs

1 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

This free book teaches you how to write solidity tests to find bugs

1 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

In this beginner friendly video I’m joined by the Remedy team to talk about Stateful fuzzing for Security with Foundry and Echidna If you want to find and prevent more unique bugs, this is the video for you! - Scaffold tests with the Recon Extension - When to use Foundry vs Echidna and Medusa - How to quickly write your Invariant Tests and iterate - Why and How to write specific properties https://youtu.be/-d2rLOQB3l0

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Musings on why devs keep shipping rounding error bugs

2 replies

2 recasts

31 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

Our Solidity invariant testing extension reached 100 downloads! I’m doing a workshop tomorrow with Hexens, will share the recording here!

0 reply

0 recast

2 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

Got the promotion and the bag, nice

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

After 2 years of reviews with Spearbit, I’ve finally been promoted to the highest rank of Lead Security Researcher!

13 replies

3 recasts

79 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

I’ve collected a few high signal videos and resources to help founders prevent exploits in: - Smart Contracts - Web2 (phishing, social media account takeover, impersonation) - Governance (private key loss) They are all here: https://book.getrecon.xyz/opsec/main.html

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Secureum Workshop on using Foundry and Echidna for Stateless and Stateful Fuzzing to find bugs: https://www.youtube.com/watch?v=3A7aa5B8aak

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

I went live with Shafu to talk about the Recon Extension for invariant testing - Write foundry tests - Run powerful tools like Echidna, Medusa and Halmos - Instantly debug with Foundry repros https://youtu.be/Sl2rz-y8_xg?si=493TxC-P3IDXNEp_

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

What would it take for you to use another tool over foundry?

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Solidity HTTP Make HTTP requests written in solidity in your foundry code

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Bugs like rounding errors are easy to detect and hard to escalate into crits Bugs like silent overflows are harder to detect but easy to escalate Every bug is easier to find with different techniques That’s why you should try all and use what works for you

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Bugs like rounding errors are easy to detect and hard to escalate into crits Bugs like silent overflows are harder to detect but easy to escalate Every bug is easier to find with different techniques That’s why you should try all and use what works for you

0 reply

0 recast

3 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

One weird trick to cut your audit cost by half - Write as much of your code as Stateless functions - Run Fuzzers and Formal tools on them Auditor can quickly verify their behaviour and “take them for granted”, or quickly find mistakes in your logic State is a hidden input

0 reply

0 recast

2 reactions