bountyhunt3rz: life on the blockchain

riptide & n4nika discuss his fluency with almost every programming language on the blockchain, building your skillz via ASM and C, AI on blockchains, offloading investor risk with insurance, hack volume YoY, effectively using AI + manual review, how and why to touch grass, and much, much more ... 

Marco and riptide discuss how difficult it is to get paid hunting bugs, publishing on your terms, getting ghosted for months on end, bear market bounty hunting thoughts, disclosures, BB arbitration, how marco looks like Kain from C&C, and much, much, more ...  

riptide and philbugcatcher discuss AI, AI, and more AI, transitioning from management consulting to bug hunting, why top notch human auditors will always have a place, adapt or die in crypto, taking risks to succeed, and much, much, more ...

riptide & windhustler discuss how he runs his audit business Burrasec, incentivizing your auditors, methods and tactics, SR talent, is Croatia a new SR hotspot, competing amongst other audit firms, thoughts about specialized audit business models, targeted bounty hunts as a service, and much, much, more ...

riptide & drastic watermelon lounge by the pool at the faena hotel in buenos aires and discuss devconnect, yAudit, CTFs, security outlook, competitions, getting shafted on a juicy bug bounty, judges must be crazy, auditor profit maxxing, AI submissions, and probing the mystery of why each time you order the same type of coffee in buenos aires it changes, and much, much, more ...

riptide & mitchell amador (CEO of Immunefi) discuss the IMU token, it's flywheel effect, and how you can invest in security researchers, why L1s are back in fashion, mitchell's view of 1000 blockchains, security and the future of our industry, the story of Steemit from the ICO era, deep thinking and the bigger picture, cosmology and finding a greater purpose, nicotine maxxing and much, much, more ... 

riptide & j4x discuss coming from cybersec and web2 CTFs to web3, a deep dive on rust, the contest game before and now, focusing on less popular languages, nomad bug hunting, why failing high school french and working at a call center helped him as a bug hunter, and much, much, more ...

riptide & tim discuss competitions at immunefi, conditional pots, making the game fair, backroom dealing and shift protocols, why SRs should participate, proxy negotiation, and much, much, more ...

riptide & patrick Patrick Collins (co-founder of @cyfrinaudits, @soloditofficial, @codehawks, and @cyfrnupdraft) discuss how he got here and why he's building in crypto, web3 security and where its going, contests and codehawks, properly incentivizing bug hunters, how money drives decisions, his motivation behind educating bug hunters, a juicy ALPHA DROP for the gym, and much, much, more ...

riptide and alix40 discuss soloaudit: his public good contribution to the security space where devs can find independent security researchers for hire, why valkyrisecurity is offering web2 & web3 security reviews, web2 bug hunting vs web3, web2 defi attack points, how we make this space secure for both grandma and JP Morgan, AI audits, and much, much, more ...

riptide & adrian hetman discuss running the triage department at immunefi, how to write the best bug report, using LLMs wisely, how your report is viewed by triagers and the protocol team, why reports get rejected, cleaning your brain's cache to improve your bug hunting, a juicy ALPHA drop, and much, much, more ...

riptide & montyly (josselin feist, humble slither creator) discuss his tenure at trailofbits, web2 vs web3 security posture, security tooling, internalizing security and solving the human problem, concolic execution/hybrid fuzzing, using LLMs as a force multiplier, an ALPHA drop, why putting underscores in your file names is 32337, and much, much, more ... 

riptide & the Obsidian audit team (0xjuann & 0xspearmint) discuss their Fraxlend high severity bug find including a deep dive into ERC4626 vaults, helping hyperliquid builders with their hyper-evm-lib public good, how they use automated tooling during audits, why you should drop out of med school to be an auditor, defi strategies and risk tolerance, alpha drops, and much, much, more ... 

riptide & mackenzie discuss the inner workings of immunefi, what happens behind the scenes as soon as you click submit on that juicy bug report, mackenzie's unique omniscient view of bug reports and bug hunters, how to up your negotiation game to get paid, and much, much, more ... 

riptide & danielvonfange discuss running a bug bounty program at Origin and dealing with LLM spam and bounty sizing, how he creates tests and invariants, hunting bugs before you were born, the challenges of selecting audit partners, security in crypto now vs the past, why devs and auditors should cross-train, why PHP rules, and how morals, ethics and incentives intersect in crypto, and much, much, more ...

riptide & chasethelight discuss how getting rugged on BSC led him to create his automated bug finding tool Lightchaser, why programming in C and ASM can make learning new languages easier, why static and dynamic analysis trumps LLMs, why you should dig deeper to outperform automated bug detection, why we need bounty hunters and the importance of manual review, how Lightchaser V4 is leveling up bug detection, and much, much, more ...

riptide & 0xe4669da discuss the challenges of breaking into bug hunting, mistakes he made when getting started, when to change your approach when it's not working, why you need to fully understand solidity inside and out, how focusing on your objective will lead to deeper bug discoveries, a LayerZero alpha drop from our guest, and much, much, more ... 

riproprip & riptide discuss the origins of the humble chad, his humble background, scoring big bounties in business class,  repetition and building a knowledge base to find bugs, what to do when you find a bug but don't know who to contract, is the ethereum foundation bug bounty size correctly, avoiding burnout, incentives drive human behavior, and why you should jetsurf anon ...  

riptide & lonelysloth discuss how it feels hitting 7 figure bounty payouts, how to find obscure bugs that no one is looking for, why bounty hunters find bugs auditors miss, ZK bugs and things to look for, approach to learning new complex subjects, what motivates a lonelysloth, what planet he actually comes from, and much, much, more ...

riptide & 0xflint discuss his humble beginnings in crypto making $0.01 on his first contest to becoming an LSR at Certora, how to get what you want out of life, breaking into crypto and why merit trumps all, use cases for premium LLM tools while auditing, alpha drop on solidity trapdoors, why he punishes himself to improve day-in and day-out, why you should add communication and leadership skills to your tech stack, questions from the humble podcast audience, and much, much, more ...

riptide & milotruck discuss being #1 on the codea4ena leaderboard in 2023, working as an LSR at Spearbit, from an infosec background to competing in contests, dipping his toes in bountyhunting, why competitive audits beats collaboration, how contests have evolved, incentives and rewards, bug hunting tools, how security has gotten worse in crypto, and much, much, more ...

riptide & bytes032 discuss the audit business, demand for languages outside of solidity, how to keep the drive to succeed, optimistic mindset, what makes a good auditor, auditor vs. bountyhunter, leaving your comfort zone and trusting your instincts, and much, much, more ...

riptide & 0xsimao "the human fuzzer" discuss being a humble aerospace engineer to getting started in crypto with ThreeSigma and then selected to be a part of Blackthorn, how he approaches audits vs. contests, auditors vs. bountyhunters, approaching bug hunting with the right mindset to locate zee bugs, auditing for clients that do not respect security, bountyhunting is playing the long game, taking the L when you miss a bug as an auditor, red flags in codebases and what to look for and things that are always out of scope during an audit that bug hunters should look at and much, much, more ...

riptide & tpiliposian discuss how auditors and bounty hunters differ, hexens audit model, what the certora prover actually does, what devs should do prior to deploying, RED FLAGS to look for when looking at a project to bounty hunt on, why everyone misses bugs, getting your money's worth as a protocol dev with audits and contests, and much, much, more ...

riptide & merkle_bonsai discuss his $400,000 bug find on Oasys which took a world record 7 months to finally get paid, bug hunting blockchain backend code instead of contracts, the future of blockchains and which coding languages have staying power, nicotine and caffeine, rewriting protocol code to better understand it, smaller screens means more bugs, behavioral tricks and environmental context to train your brain for bug hunting, how DeGate is his nemesis, humble elliptic curve explanation, ZK moon math, virtual earths and the relation to GPS accuracy, and much, much more ...

riptide and rootrescue discuss his $400,000 bounty find on Enzyme, how out-of-scope assets can land you monster bugs, relayers and forwarders, why to look at deployment scripts, how Army training translates to being a cracked bug hunter, a fat juicy ALPHA DROP, and how to check the chain using your own archive node w/ semgrep, and much, much more ...

riptide and jack discuss how his audit competition/bounty platform Sherlock stacks up against the competition, why bounty hunters should focus their time there, how the platform has evolved over the years, addressing complaints with competitions to include: self-judging, spam, and insider bad behavior. Also how to create incentive based systems to obtain desired outcomes, what makes a good audit, and much, much more ...

riptide & nnez discuss his secret to becoming a top 15 ranked bug hunter with Immunefi and earning $1,000,000 in bug bounties, meritocracy in crypto and why that is a good thing, bounty negotiations, why bounties are easier than contests, defi security with TradFi participants, what protocols to look at and how to find bugs, looking outside of solidity, an ALPHA drop, and much much more ...  

riptide & riproprip discuss his $500,000 bug find on Raydium's CLMM, hunting bugs solo and the pitfalls of contests, how printing out calldata can help you find bugs, leveling up as a new hunter,  finding your motivation to devote time to bug hunting, and why to get and remain ripped and totally jacked at a young age with the first physical ALPHA DROP in the history of this podcast ... and much, much more anon

riptide & kankodu discuss his bug hunting techniques to keep him in the top #20 of the immunefi leaderboard, a deep dive on his recent $250k Balancer bug writeup that he kept under wraps for 2 years, bounty negotiations and how to shoot yourself in the foot with the dilution effect, the truth about the existence of the Indian bug hunting mafia ... and much more!

riptide & zigtur discuss tactics on bug hunting in competitions, why learning rust, Go, and solidity can be a lethal combo, deep dives on Cosmos SDK including where to look for bugs, competitions vs. bounty hunting, how zigtur has been dominating the recent contests, some serious ALPHA drops and much more (like what is his preferred French cheese) ... 

riptide & blockian (ControlZ_1337 & pwnmansh1p) discuss the unique Austrian method of hunting bugs while drinking raw milk and wearing augmented reality goggles, how the trio found a critical bug in LayerZero V1, laying low while ranked #38 on the Immunefi leaderboard, some very juicy ALPHA DROPs, career paths for bug hunters, and the importance of understanding the code better than the devs to find the most impactful bugs!

riptide & zachobront discuss how a humble book salesman started dominating audit contests to raking in $300k from Chainlink on a critical bug find! Also we explored how to expand your neural pathways to find new bugs, plus a deep dive ALPHA DROP on finding bugs in Optimism forks including the exact Go files to start looking at in Geth, making money leveraging your bug hunt knowledge to getting paid out in contests ... and much, much, much, much, more. 

riptide & 100proof discuss bounty negotiation tactics, human behavior, incentives, acting in good faith, and why bounty hunters must be paid. 100proof treats listeners to a detailed walkthrough of a juicy bug he found in Morpho. Riptide introduces the ALPHA DROP: on each episode both riptide and his guest will drop a piece of juicy bug hunting alpha to help you find your next big bounty

riptide & deadrosesxyz discuss hunting for bugs on the blockchain including techniques, secrets and tools of the trade, integrating LLMs into your workflow, getting paid, traits of a bounty hunter, and how bulgarian teenagers are taking over the space