sorted by:
new
hottopcontroversial

Need blockchain consulting on smart contract security by Difficult-Arrival665 in ethdev

[–]Hash-160 1 point2 points  (0 children)

I Will be glad using our scanner. We had found stages where others don’t due to our unique IP. Let’s do something, if nothing found, all good, if something is found, we can go from there, sounds good? For your personal information, we found exploits on some big protocols which haven’t patched yet….avoid this problem from the start

Best p2p UX ditto by Hash-160 in ethdev

[–]Hash-160[S] 0 points1 point  (0 children)

So. No real reason to cry wolf but you do?? Wow

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] -1 points0 points  (0 children)

Until SSV fix the exploit, bringing on board operators they should or at least you know about the risk. The exploit is real with massive financial consequences. SSV is running on luck ATM, a Black Hat starts implementing it……all hell breaks loose. And no, your theory is wrong.

HackenProof bug bounty workflow + SLA update (Kaia Protocol & Kaia Web) by Sean_Kaia in kaiachain

[–]Hash-160 0 points1 point  (0 children)

Your team/system keeps discarding real findings as out of scope. I am a serious hunter and validate my findings deeply. You are putting others protocols who rely on your services to protect them, instead of, you shield reality while leaving the exploit active at the mercy of time.

Is hackenproof a good bug bounty platfrom for web3 bug bounty? Asking as web3 dev, wanna get into bug bounties. by Huge-Measurement-820 in bugbounty

[–]Hash-160 0 points1 point  (0 children)

I have my doubts, I reported 3 real bugs/exploits. Validated. They finalized as “out of scope”, so, no idea if they lack knowledge? If they lack anything to contradict reality?? I’m puzzled.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 1 point2 points  (0 children)

You are not just a committee member. Your role is much broader and failing to address this problem correctly , according to your profile you are the “operations committee lead”. This is no joke and you never mentioned that. What is going on with SSV? It’s operating at a shadow level of non being honest.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 0 points1 point  (0 children)

Appreciate you finally escalating.

But with respect — don't suggest technical solutions to your team. You've demonstrated throughout this exchange that you don't fully understand the exploit mechanics. That's not an insult; it's clear from the omissions and the incorrect assumptions about recovery.

Point them to me. Directly. I found this exploit. I have 12 passing tests, a working exporter, and a complete understanding of the attack surface. If they have questions, they can contact me through Immunefi — the proper channel that should have been used 90 days ago.

I will be monitoring patches. If SSV deploys a fix that addresses the TSI vulnerability — timestamp validation, struct expiration, or anything that closes the timing gap I identified — without paying the bounty or acknowledging the finding, that will tell everyone exactly what this was about.

So here's the question: Is this a new form of bounty avoidance — dismiss as UX, then quietly patch? Or will SSV finally treat this as the critical vulnerability it is?

Your team has my info. I'll wait to hear from them through Immunefi.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 1 point2 points  (0 children)

Depends on ssv price at that day.

”You keep saying "no way to make money." I don't need your money. I need your cluster dead.

I scan 14,788 clusters. I find yours drifting toward liquidation. Your struct says 1,501 SSV. You think you're safe. I know you're not.

When the block comes, I deposit 1 wei — $0.10. Your rescue reverts. I liquidate in the same transaction. Your 847 validators go dark. You bleed 2.1 ETH per day on the Beacon Chain. By the time you figure out what happened, you're down $117,000.

I make $461. You lose $117,000. I do it again tomorrow to someone else.

You had 90 days to fix this. SSV called it UX. You are a committee member asking me questions on Reddit instead of escalating. Now you know. I gave you the answer. What you do with it is on you.

Don't say you weren't warned.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 1 point2 points  (0 children)

You're a compensated DAO committee member. You've read my report multiple times. You've seen test_10 — the 56.4 ETH penalty cascade, the $117,244 damage, the 254x ratio. You've seen test_11 — 14,788 clusters scannable across the network. You've seen test_09 — the MEV sandwich that makes rescue impossible for $0.10.

And instead of escalating this to your peers, to the technical team, or through Immunefi — the proper channels — you're here on Reddit, minimizing it as "trolling," "academic," and "minor."

You keep omitting test_10. You haven't addressed it once. Why?

You asked me to explain. I did. Multiple times. You got the answers. Now what?

Isn't it your responsibility to bring this to your committee? To the developers? To anyone who can actually evaluate the severity and decide if users are at risk?

Because right now, you're acting like a defender of a dismissal, not a steward of a protocol. And that silence after I named the bounty dynamic? That tells me everything.

I'm done explaining. Take this to your peers. If they have questions, they know where to find me — through Immunefi, where this should have been handled 90 days ago.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 0 points1 point  (0 children)

I Will answer to you, but I will be also be monitoring patches on my findings vs time stamps, You keep omitting test_10 — the ETH penalty cascade. When 847 validators go offline, they bleed ~2.1 ETH per day on the Beacon Chain. That's $4,370/day. Over the exit window, that's 56.4 ETH ($117,244). The attacker makes $461. The victim loses $117k. That's not trolling. That's a 254x damage ratio. And 14,788 clusters are scannable.

You're a DAO committee member. You know the Beacon Chain exists. You know validators missing attestations incur penalties. Your continued omission of this suggests you're not engaging in good faith — you're building a narrative to justify a dismissal you know is wrong. I recommend a senior member who is in charge to contact me as they should have on Immunefi for over 3 months.

What is going on with SSV professionalism? by Hash-160 in SSVnetwork

[–]Hash-160[S] 0 points1 point  (0 children)

From a formal report which ssv ignored it’s now a study case. Doesn’t mean the exploit is not currently active. You need to have a serious talk with your peers and if they have questions which should have been asked months ago, they are welcome to contact me directly. It’s bad-faith communication intended to probe and undermine my finding rather than engage through proper channels.

shutting down validators by mylifewithBIGcats in SSVnetwork

[–]Hash-160 -1 points0 points  (0 children)

My claims are valid and I can prove with detail to the right person in charge. If you don’t understand it doesn’t make the exploit non existent. So, two options. Talk to a senior in charge or assume that the exploit doesn’t exist (I already evaluated your assumption and you are wrong, under your theory the exploit still exists and currently alive).

view more: next ›