StErMi (@StErMi) / X

StErMi

10.1K posts

StErMi

@StErMi

#web3 dev + auditor | @SpearbitDAO LSR, @immunefi bug hunter, sage of AAVE codebase :D

ethereum L1/L2

Joined April 2008

Pinned
StErMi
@StErMi
Jun 23, 2024
During the next few days, I will share some of my private security research work that I have done in the last year. All those projects are @aave related, and I feel very proud to have been chosen as one of the security partners to review them. I'm pretty sure that the
16K
StErMi
@StErMi
Jan 1, 2023
Many people lately sent me DM asking how to become a security researcher and approach web3. Here are some of the suggestions I gave to them (keep reading, it's a long one)
64K
StErMi
@StErMi
May 16, 2023
I can finally share that I was able to find three different bugs on @AaveAave during a @SpearbitDAO audit on the @MorphoLabs project. In the coming weeks, I'll share a more detailed blog post, so keep an eye on my Twitter if you don't want to miss it!
BGD. Bug bounties proposal
From governance.aave.com
44K
StErMi
@StErMi
Feb 24, 2024
I can finally disclose that I was able to find another 2 unique bugs in the @aave v2/v2 ecosystem: 1) Inconsistent validation on Aave v2/v3 2) Inconsistent HF (Health Factor) behavior swap borrow rate mode With these two additions, I have found and disclosed in total 5
40K
StErMi
@StErMi
Nov 4, 2022
Solidity security pro-tip: how does "delegate call" behave in different scenarios? 1) existing contract, existing function, return uint256 2) existing contract, NOT existing function 3) existing contract, existing function that REVERT 4) not existing contract
StErMi
@StErMi
Apr 7, 2024
Finally, it's time to share what I was working on the last couple of days during my spare time: github.com/StErMi/smartco… Smart Contract Inspector is a small Chrome Extension utility for people like me that needs to review the source code of verified Smart Contracts on all the
GitHub - StErMi/smartcontract-inspect: Quickly open your favorite Web IDE to review the selected...
From github.com
8.5K
StErMi
@StErMi
May 20, 2023
I have crushed another huge milestone for my 2023 🔥 I was able to find and disclose two bugs on @immunefi (already confirmed and processed by the client). Can I now add it to my Twitter bio as an achievement? 😁
8.8K
StErMi
@StErMi
Dec 31, 2022
2022 recap - switched from web2 full stack to web3 as security researcher - Done @TheSecureum RACE, CARE and CARE+ - Done @yAcademyDAO Block 1 - Done 8 audits with @SpearbitDAO - Found 2 high and 8 med from @code4rena - Posted 55 posts on my blog stermi.xyz
11K
StErMi
@StErMi
Nov 17, 2023
Do you remember that some weeks ago I was talking about three different massive career announcements I wanted to share, but they were not ready yet to be disclosed? This is the first one. I'm very proud to finally be able to share that I have been promoted to LSR inside the
Spearbit
@spearbit
Nov 14, 2023
We'd like to recognize @zachobront and @StErMi for their recent promotions to the Lead Security Researcher (LSR) level. This is no small feat and is a testament to their dedication, leadership, and technical aptitude in the realm of Web3 security. Well done!
13K
StErMi
@StErMi
Apr 11, 2024
The Chrome extension Smart Contract Inspect has been approved and is published in the Chrome Web Store 🚀 chromewebstore.google.com/detail/smart-c… What does it do? It allows you to inspect the source code of a Smart Contract with your preferred Web IDE with just one click (or keyboard
chromewebstore.google.com
Smart Contract Inspect - Chrome Web Store
Inspect the source code of a Smart Contract with your preferred Web IDE with just one click (or keyboard shortcut)
6.8K
StErMi
@StErMi
Sep 21, 2021
I wanted to create something for #rarity by @AndreCronjeTech. So I came up with the idea of a global and pluggable Achievement System. This is just a Proof of Concept but I would love to get some feedback from the community! stermi.medium.com/proof-of-conce… #solidity #web3 #dev 👇 🧵
Proof of Concept of an Achievement System for Rarity
From stermi.medium.com
StErMi
@StErMi
Jul 21, 2024
I just realized that I'm in first rank position for the @aave Aave v3.1 Competition @cantinaxyz contest. Nice to know that I'm still in the top rank for the Aave codebase 😎
5.3K
StErMi
@StErMi
Jul 20, 2023
I think that it's pretty clear that there should be some kind of council between audit entities (audit firms, @code4rena, @sherlockdefi, @SpearbitDAO, ...) and protocols to define and adopt the following standards and procedures - security researchers should audit deployments to
13K
StErMi
@StErMi
Jan 26, 2024
Do you want to know more about the Transient Storage Opcode? Solidity 0.8.24 has just dropped and there's an interesting blog post about it that is worth checking it out. "Transient storage is a long-awaited feature on the EVM level that introduces another data location besides
11K