bountyhunt3rz: life on the blockchain

riptide & montyly (josselin feist, humble slither creator) discuss his tenure at trailofbits, web2 vs web3 security posture, security tooling, internalizing security and solving the human problem, concolic execution/hybrid fuzzing, using LLMs as a force multiplier, an ALPHA drop, why putting underscores in your file names is 32337, and much, much, more ...

riptide & the Obsidian audit team (0xjuann & 0xspearmint) discuss their Fraxlend high severity bug find including a deep dive into ERC4626 vaults, helping hyperliquid builders with their hyper-evm-lib public good, how they use automated tooling during audits, why you should drop out of med school to be an auditor, defi strategies and risk tolerance, alpha drops, and much, much, more ...

riptide & mackenzie discuss the inner workings of immunefi, what happens behind the scenes as soon as you click submit on that juicy bug report, mackenzie's unique omniscient view of bug reports and bug hunters, how to up your negotiation game to get paid, and much, much, more ...

riptide & danielvonfange discuss running a bug bounty program at Origin and dealing with LLM spam and bounty sizing, how he creates tests and invariants, hunting bugs before you were born, the challenges of selecting audit partners, security in crypto now vs the past, why devs and auditors should cross-train, why PHP rules, and how morals, ethics and incentives intersect in crypto, and much, much, more ...

riptide & chasethelight discuss how getting rugged on BSC led him to create his automated bug finding tool Lightchaser, why programming in C and ASM can make learning new languages easier, why static and dynamic analysis trumps LLMs, why you should dig deeper to outperform automated bug detection, why we need bounty hunters and the importance of manual review, how Lightchaser V4 is leveling up bug detection, and much, much, more ...

riptide & 0xe4669da discuss the challenges of breaking into bug hunting, mistakes he made when getting started, when to change your approach when it's not working, why you need to fully understand solidity inside and out, how focusing on your objective will lead to deeper bug discoveries, a LayerZero alpha drop from our guest, and much, much, more ...

riproprip & riptide discuss the origins of the humble chad, his humble background, scoring big bounties in business class,  repetition and building a knowledge base to find bugs, what to do when you find a bug but don't know who to contract, is the ethereum foundation bug bounty size correctly, avoiding burnout, incentives drive human behavior, and why you should jetsurf anon ...

riptide & lonelysloth discuss how it feels hitting 7 figure bounty payouts, how to find obscure bugs that no one is looking for, why bounty hunters find bugs auditors miss, ZK bugs and things to look for, approach to learning new complex subjects, what motivates a lonelysloth, what planet he actually comes from, and much, much, more ...

riptide & 0xflint discuss his humble beginnings in crypto making $0.01 on his first contest to becoming an LSR at Certora, how to get what you want out of life, breaking into crypto and why merit trumps all, use cases for premium LLM tools while auditing, alpha drop on solidity trapdoors, why he punishes himself to improve day-in and day-out, why you should add communication and leadership skills to your tech stack, questions from the humble podcast audience, and much, much, more ...

riptide & milotruck discuss being #1 on the codea4ena leaderboard in 2023, working as an LSR at Spearbit, from an infosec background to competing in contests, dipping his toes in bountyhunting, why competitive audits beats collaboration, how contests have evolved, incentives and rewards, bug hunting tools, how security has gotten worse in crypto, and much, much, more ...

riptide & bytes032 discuss the audit business, demand for languages outside of solidity, how to keep the drive to succeed, optimistic mindset, what makes a good auditor, auditor vs. bountyhunter, leaving your comfort zone and trusting your instincts, and much, much, more ...

riptide & 0xsimao "the human fuzzer" discuss being a humble aerospace engineer to getting started in crypto with ThreeSigma and then selected to be a part of Blackthorn, how he approaches audits vs. contests, auditors vs. bountyhunters, approaching bug hunting with the right mindset to locate zee bugs, auditing for clients that do not respect security, bountyhunting is playing the long game, taking the L when you miss a bug as an auditor, red flags in codebases and what to look for and things that are always out of scope during an audit that bug hunters should look at and much, much, more ...

riptide & tpiliposian discuss how auditors and bounty hunters differ, hexens audit model, what the certora prover actually does, what devs should do prior to deploying, RED FLAGS to look for when looking at a project to bounty hunt on, why everyone misses bugs, getting your money's worth as a protocol dev with audits and contests, and much, much, more ...

riptide & merkle_bonsai discuss his $400,000 bug find on Oasys which took a world record 7 months to finally get paid, bug hunting blockchain backend code instead of contracts, the future of blockchains and which coding languages have staying power, nicotine and caffeine, rewriting protocol code to better understand it, smaller screens means more bugs, behavioral tricks and environmental context to train your brain for bug hunting, how DeGate is his nemesis, humble elliptic curve explanation, ZK moon math, virtual earths and the relation to GPS accuracy, and much, much more ...

riptide and rootrescue discuss his $400,000 bounty find on Enzyme, how out-of-scope assets can land you monster bugs, relayers and forwarders, why to look at deployment scripts, how Army training translates to being a cracked bug hunter, a fat juicy ALPHA DROP, and how to check the chain using your own archive node w/ semgrep, and much, much more ...

riptide and jack discuss how his audit competition/bounty platform Sherlock stacks up against the competition, why bounty hunters should focus their time there, how the platform has evolved over the years, addressing complaints with competitions to include: self-judging, spam, and insider bad behavior. Also how to create incentive based systems to obtain desired outcomes, what makes a good audit, and much, much more ...

riptide & nnez discuss his secret to becoming a top 15 ranked bug hunter with Immunefi and earning $1,000,000 in bug bounties, meritocracy in crypto and why that is a good thing, bounty negotiations, why bounties are easier than contests, defi security with TradFi participants, what protocols to look at and how to find bugs, looking outside of solidity, an ALPHA drop, and much much more ...

riptide & riproprip discuss his $500,000 bug find on Raydium's CLMM, hunting bugs solo and the pitfalls of contests, how printing out calldata can help you find bugs, leveling up as a new hunter,  finding your motivation to devote time to bug hunting, and why to get and remain ripped and totally jacked at a young age with the first physical ALPHA DROP in the history of this podcast ... and much, much more anon

riptide & kankodu discuss his bug hunting techniques to keep him in the top #20 of the immunefi leaderboard, a deep dive on his recent $250k Balancer bug writeup that he kept under wraps for 2 years, bounty negotiations and how to shoot yourself in the foot with the dilution effect, the truth about the existence of the Indian bug hunting mafia ... and much more!

riptide & zigtur discuss tactics on bug hunting in competitions, why learning rust, Go, and solidity can be a lethal combo, deep dives on Cosmos SDK including where to look for bugs, competitions vs. bounty hunting, how zigtur has been dominating the recent contests, some serious ALPHA drops and much more (like what is his preferred French cheese) ...