Log inSign up
cmichel
1,225 posts
Image
user avatar
cmichel
@cmichelio
blockchain dev & security šŸ¹šŸ› @SpearbitDAO/@cantinaxyz šŸ–Šļø blog @ cmichel.io DM @cantinaxyz for audit views are my own
cmichel.io
Joined January 2016
2,501
Following
12.9K
Followers
  • user avatar
    cmichel
    @cmichelio
    Oct 29, 2021
    Replying to @Meta
    Image
  • user avatar
    cmichel
    @cmichelio
    Mar 5, 2022
    ETH devs: write math libraries in assembly to save gas Meanwhile, CosmWasm devs: I need the fractional part of a decimal number. Let me stringify it, find the ".", put a "0" in front of it and string-parse it again github.com/Anchor-Protoco…
    Image
  • user avatar
    cmichel
    @cmichelio
    Jan 30, 2023
    if you want to create web3 security content, instead of creating the hundredth auditor roadmap, auditing tips that are just common knowledge, or spot the bug challenge content, try this instead: create cheat sheets for protocols you audited 1/7
    68K
  • user avatar
    cmichel
    @cmichelio
    Jun 26, 2024
    I audit Blast, they announce a million $ competition afterwards. I audit Euler, they announce a million $ competition afterwards. I audit Maker, they announce a million $ competition afterwards.
    37K
  • user avatar
    cmichel
    @cmichelio
    May 2, 2022
    After grinding for 14 months I finally reached my goal of being the first to cross 1M$ on the @code4rena leaderboard. 🄳 Thanks to everyone involved, this has been very fun, lucrative, and I learned a lot by seeing other wardens' vulnerabilities that I missed.
    Image
    Los Angeles Lakers Kobe Bryant GIF
    user avatar
    Code4rena
    @code4rena
    May 2, 2022
    1/ Code4rena all-star @cmichelio crossed $1,000,000 in Warden payouts: code4rena.com/leaderboard How did he put those numbers on the board? 🧵
  • user avatar
    cmichel
    @cmichelio
    Jan 29, 2025
    Whenever I find a bug, I look back and ask: How could I have found that faster? I go back, figure out which steps of thought were necessary, and retrain myself to perform only those steps in 30 seconds. Fooming Shoggoths - Thought That Faster
    open.spotify.com
    Thought That Faster
    The Fooming Shoggoths, Eliezer Yudkowsky Ā· I Have Been A Good Bing Ā· Song Ā· 2024
    10K
  • user avatar
    cmichel
    @cmichelio
    Dec 3, 2023
    Dear Lord, please forgive any issues I'm about to submit and any severities I'm about to inflate. I'm just playing this game called competitive audits and it's primarily played for points against a judge bound by a flawed rule book filled with infinite loopholes and vague
    47K
  • user avatar
    cmichel
    @cmichelio
    Apr 26, 2023
    hot take: even if @CertiK pointed this out 90% of you would still have been rugged because you don't actually read the audits. Trusted third-party issues exist in the majority of protocols, either directly through admin privileges or indirectly through upgradeable contracts 1/6
    user avatar
    yieldfarming
    @delucinator
    Apr 26, 2023
    Replying to @delucinator
    and Certik did audit this, it's not like a swapped out frontend, Certik legit saw the contract allow infinite to some random ass address and gave it a pass
    Image
    67K
  • user avatar
    cmichel
    @cmichelio
    Nov 5, 2025
    the founder @0xlawlol openly admitted on the @TaikiMaeda2 podcast that their bug bounty strategy is to: 1. exploit the protocol first 2. negotiate afterwards 3. still call yourself whitehat after hearing that I stayed far away from this protocol
    user avatar
    Stream Finance
    @StreamDefi
    Nov 4, 2025
    Yesterday, an external fund manager overseeing Stream funds disclosed the loss of approximately $93 million in Stream fund assets. In response, Stream is in the process of engaging Keith Miller and Joseph Cutler of the law firm Perkins Coie LLP, to lead a comprehensive
    50K
  • user avatar
    cmichel
    @cmichelio
    Sep 13, 2024
    proud to be the first Cantina fellow. I've been working closely with @SpearbitDAO/@cantinaxyz for years now and am very bullish on the leadership, the team's execution, and their incentives to attract the best talent. Excited to be joining them exclusively. Not much will change
    user avatar
    Cantina 🪐
    @cantinasecurity
    Sep 12, 2024
    Announcing the very first member of the Cantina Fellowship Program: @cmichelio, signed exclusively for $2M 🪐
    Image
    00:00
    17K
  • user avatar
    cmichel
    @cmichelio
    Oct 30, 2021
    Wrote up my thoughts on how to become a smart contract auditor as I received a few DMs cmichel.io/how-to-become-… #ethereum
  • user avatar
    cmichel
    @cmichelio
    Jun 11, 2024
    Your oracle has 11 price sources and takes the median. How many sources must you manipulate for the median to change? If the prices are all close to each other it should be 6, not 5. There's more to it: The oracle used is the `sUSDePriceProviderBUniCatch`. It takes 11 sources - 1
    Image
    Image
    Image
    Image
    user avatar
    PeckShield Inc.
    @peckshield
    Jun 10, 2024
    Today's @UwU_Lend hack leads to $19.4m loss. The root cause is a price oracle issue. In particular, the sUSDe asset is priced as median from multiple sources. Five of them, i.e., FRAXUSDe, USDeUSDC, USDeDAI, USDecrvUSD, and GHOUSDe, were manipulated during the hack. The stolen
    37K
  • user avatar
    cmichel
    @cmichelio
    Feb 10, 2023
    I'm auditing in VR, that's my alpha. Pros: Portable, good as a second screen when traveling Cons: The resolution is still too bad (2x more pixels would do) and I don't see my keyboard. Can't do any serious work yet
    Image
    00:00
    27K
  • user avatar
    cmichel
    @cmichelio
    Mar 11, 2023
    What DeFi protocols have USDC price hardcoded to 1$?
    50K

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

TermsĀ·PrivacyĀ·CookiesĀ·AccessibilityĀ·Ads InfoĀ·Ā© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
Advertisement
Advertisement