Log inSign up
Ulaş Anıl
169 posts
user avatar
Ulaş Anıl
@_ulasanil
Smart Contract Auditor @nethermindsec + appsec enjoyer ex @Bugcrowd @rootstock_io
Turkey
ulasec.netlify.app
Joined August 2015
499
Following
517
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Jun 24, 2025
    Just got a confirmed bug on @immunefi immunefi.com/s/ss/?severity… BUT..It wasn't a smooth ride. Not at all. Constantly got ignored by Immunefi. Questions were left unanswered. Mediation was concluded with 0 explanation to me. Not a good start for me. Hope the next one will be better.
    Image
    I just found a confirmed bug!
    From immunefi.com
    5.7K
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Apr 19, 2024
    A year ago I reported a bug in the ENS Permanent Registrar contract that landed me $100,000 bounty. Can you spot the issue? How it can be exploited? Solidity version is 0.5.0 :) Edit: I forgot to mention GRACE_PERIOD is constant and set to 90 days.
    Image
    2.2K
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Nov 17, 2017
    Just scored a bounty of €2500 @intigriti, check my profile: intigriti.be/public/profile… My biggest bounty to this date!
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Apr 27, 2018
    Replying to @pentest_swissky
    First thing I tried: dig \<img/onerror=\'alert\(1\)\'src=abd\>.e93cfb4f37d5fcef03af.d.requestbin.net and it worked...
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Jun 24, 2025
    Replying to @0xMackenzieM and @immunefi
    Thanks for handling the criticism so well. And yes Immunefi team was quick to act on it. Honestly, looking back at my tweet, I can see it didn’t come from a constructive perspective. Sorry for that. Just a note, I worked in a bug bounty company before. I know how hard and tricky
    1K
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Oct 31, 2018
    Replying to @akita_zen
    And that's the problem for me. When I earn enough money(less than $1000), I quit for the rest of the month which made me lazy. Someone living in the more expensive country has to work more and harder to make ends meet.
  • user avatar
    Ulaş Anıl
    @_ulasanil
    May 20, 2023
    Replying to @0xpurplepanda and @samczsun
    Dangers of create2 + selfdestruct. Attacker calls the selfdestruct to destroy the initial proposal. Next, using create2 attacker deploys the malicious contract to the EXACT SAME address. Recommended reading ->
    Image
    Metamorphic Smart Contracts: Is EVM Code Truly Immutable?
    From mixbytes.io
    148
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Sep 6, 2023
    Hey @PatrickAlphaC , first of all I am fan of your work. I think @CodeHawks is great. But I have one complaint. I think the reward amounts should be published after the escalation process is over. 🧵
    1K
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Apr 19, 2024
    Replying to @_ulasanil
    Funny detail, I found this bug after watching Patrick's interview with Tincho about auditing ENS. @PatrickAlphaC youtube.com/watch?v=A-T9F0…
    926
  • user avatar
    Ulaş Anıl
    @_ulasanil
    May 18, 2025
    Replying to @plmaltais
    I got my first bug bounty payout during a 2016 Turkish coup attempt. I was hiding in a underground parking lot whole day with no internet and got out in the morning just to check my bounty reward. Good times :D
    130
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Feb 5, 2024
    Replying to @0xCharlesWang
    Some dude in Reddit was asking for a help with his upgradable proxy. I noticed the functions started reverting after an upgrade. Turns out they upgraded from OZ v4 to OZ v5 contracts without checking the storage layouts. $600k stuck in a bricked contract :/ Sad
    258
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Aug 5, 2025
    Replying to @xKeywordx
    Thanks bro 🙏
    141
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Aug 8, 2018
    Replying to @SYNTAXERRORBA
    Check out intigriti. Most of the time same day triage&payment. European time ofc.
  • user avatar
    Ulaş Anıl
    @_ulasanil
    Apr 17, 2018
    Replying to @gwendallecoguic and @bountyfactoryio
    Have you tried @intigriti ? They are Europe based as well. Fast response time, good support and programs pay well.
Advertisement
Advertisement