Let's start the week with some good news 📰:
Block IV starts!
Applicants - please check your mailboxes, as all communications have been sent out.
Pinned Tweet
GIF
read image description
ALT
3
5
17
Show this thread
Follow
Click to Follow yAcademyDAO
yAcademy
@yAcademyDAO
Scaling security: reports.yacademy.dev
Get an audit: yacademy.dev/auditing-servi
Apply for Fellowship: yacademy.dev/fellowship-pro
yAcademy’s Tweets
To stop hacks, you must first understand them🧠
gives a master class on how blockchain threat intel is evolving. Lots of good advice, including a new list of the 10 most common attack vectors:
11
36
we like the kzg
1
1
14
New year, new vid! 📽️ Happy 2023!
gives a very special demo-driven walkthrough using formal verification tooling on the solidity stack.
Lots of tips here -- put on your security researcher hats and enjoy!
3
12
48
♥ 🤝
Quote Tweet
Shout out to @yAcademyDAO which was basically the start of my practical web3 security journey together with code4rena. Learned a ton, did my first audits and reports, met smart and cool people - 10/10 experience
1
22
📽️ Our next video:
Features , a prominent web3 security researcher, who goes over a collection of high-risk findings, along with tips you can apply to your own audits. Enjoy!
2
13
52
Docs first? Code first?? Neither?! 😱
contrasts approaches, principles, and mental models for a successful audit:
youtube.com/watch?v=3xUHvx
Thanks Joran!
1
23
79
4/ I will continue with a "proxies deep dive" using a resource from (linked below)
Proxies are hard to do right as they are very error-prone. Let’s not forget, badly used proxy patterns paid $10M as a bounty to a researcher earlier this year.
1
4
47
Show this thread
Today we release an inspirational talk by who pulls from previous experiences, best practices, and ethereum culture to dive deep into the spirit of security auditing + ecosystem safety. Enjoy!
1
20
53
U up?
demos his recently released txn explorer ~ for which there are no docs, this vid is the docs lol.
Plus a demo and a call for beta-testers for his new vscode extension, that's you anon
3
19
112
We hope to open-source more content! Thanks
We're going to approach rolling out previous videos on YT slowly, as we get used to it. We take privacy seriously and want to ensure everyone remains comfortable participating in the block.
Quote Tweet
@samczsun was kind enough to demo this to our Block IV participants! We've uploaded it onto our Youtube channel here: youtube.com/watch?v=HXgu23
In the beginning, he also demos his eth txn viewer and contrasts it vs existing options. The vscode ext is ~18 mins in. Enjoy!
2
11
Special thanks to our Resident chads for spearheading this amazing resource.
1
Show this thread
Please feel free to submit issues & PRs via github.com/YAcademy-Resid.
The website is a living document that we plan to keep updated and we hope it becomes a useful resource for devs and auditors alike!
1
3
Show this thread
Proxies are full of benefits — but their security issues are equally legendary. Even the largest bug bounty ($10 mil) was a proxy issue.
Want $10 mil anon? We compiled all proxy issues in one place:
1
2
Show this thread
The first proxy was written over 6 years ago! Thanks . Many proxy types now exist, each with pros and cons. We compiled all the proxy types into one list to help you compare: proxies.yacademy.dev/pages/proxies-
2
2
Show this thread
Even the origin story of the delegatecall opcode started with a bug.
The original callcode opcode didn't use msg.sender or msg.value from the caller contract context. EIP-7 added delegatecall to fix that.
github.com/ethereum/EIPs/
1
3
Show this thread
Proxies are useful, but are full of footguns.
Do you know all the proxy types? Or all the proxy security issues? We have a site for you: proxies.yacademy.dev
3
34
98
Show this thread
The warm-up week of our 4th fellowship program is underway, starting with some quizzes to get fellows hot n' ready for the first audit next week
Should we open-source everything at the end of the block? quizzes, talks, audit reports, write ups of high severity bugs?
#YABlock4
7
3
37
I'm amazed at the overall talent which applied to this block. It was already hard for us to select candidates for last block — this one was next level.
For whoever didn't make it: It's been agonizing to send the last of the rejection emails. You can rejoice in that.
Quote Tweet
If you didn't make this block -- keep building, and keep being awesome! We recognize you, appreciate your effort, and encourage you to try again for next block!
Show this thread
1
2
14
If you didn't make this block -- keep building, and keep being awesome! We recognize you, appreciate your effort, and encourage you to try again for next block!
1
1
4
Show this thread
If you didn't make it to this block, please don't be discouraged.
💪 Strive on - keep coding, building, reviewing, and we highly encourage you to apply again in the next fellowship (aiming for Q1 2023).
1
5
Show this thread
Fellowship Block applications are now closed! Thank you to all that applied 🙏
You can still apply, but will be placed for next block.
*We are still working through our fellowship pipeline. All applicants will receive an acceptance decision email by Nov 16th at the latest.
2
3
18
Show this thread
Thank you to everyone who applied. The decision will be emailed to everyone in ~1 week. The fellowship block starts shortly after on the 14th.
Please be patient 🙂
Quote Tweet
Announcing yAcademy's Fellowship Block IV
Mark your calendars: Nov. 14 - Dec. 16
Applications open! yacademy.dev/fellowship-pro
Interested in learning web3 security? More details:
Show this thread
GIF
read image description
ALT
2
1
10
This happens too often. Blockchain security must improve! Audits help, but leveling up your skills is an important piece of the puzzle.
Quote Tweet
Announcing yAcademy's Fellowship Block IV
Mark your calendars: Nov. 14 - Dec. 16
Applications open! yacademy.dev/fellowship-pro
Interested in learning web3 security? More details:Show this thread
GIF
read image description
ALT
1
4
Show this thread
For additional info and further reading:
- you can read through our previous articles: medium.com/yacademyblog
- review our previous public reports:
reports.yacademy.dev or github.com/yacademy/audits (also includes previous Block reports)
9
Show this thread
To apply for Block IV:
As Fellow: yacademy.dev/fellowship-pro
For an audit: yacademy.dev/auditing-servi
As Guest Auditor:
1
5
Show this thread
For Guest Auditors:
If you're an experienced Security Researcher looking to:
- interact with a set of intellectually-curious fellows & other auditors
- help secure our ecosystem via education
- have fun, participate in the block, hang out :)
Please don't hesitate to contact us!
1
1
4
Show this thread
For Projects:
There is an additional incentive for getting your contracts reviewed during the block: more eyes on the code 👀
Our regular Resident Auditors review your code, alongside an excellent set of Fellows - actively learning by scrutinizing, discussing, and debugging.
1
5
Show this thread
For Fellows:
Each block runs for 4 weeks (+1 warmup week) where Fellows will have a chance to review real-world contracts with support and mentorship from experienced Security Researchers.
...You will need to pass the interview though - no exceptions 😈
1
7
Show this thread
🛡️ Announcing yAcademy's Fellowship Block IV 🛡️
Mark your calendars: Nov. 14 - Dec. 16
Applications open! yacademy.dev/fellowship-pro
Interested in learning web3 security? More details:👇
GIF
read image description
ALT
11
42
109
Show this thread
🤝💪
GIF
read image description
ALT
Quote Tweet
1) Finally meeting @yAcademyDAO teammates - in the flesh.
Meeting security-ace @bl4ckb1rd71 for the first time - suddenly, a 
of emotions, as I could put a face to someone I had been virtually task-slogging with for close to a year.
cc: @usmannk twitter.com/thraull/status…
of emotions, as I could put a face to someone I had been virtually task-slogging with for close to a year.
cc: @usmannk twitter.com/thraull/status…Show this thread
2
2 new transaction explorers were released this week. Too many options? Distracted by #Devcon? Fear not, use this guide.
3
26
131
Show this thread
There’s never been a better time to launch a product 😜. Really proud of this 🐰+🦄, and very glad of the smooth collaboration with and . Team work at its finest
Quote Tweet
Introducing Bunni, a protocol that makes Uniswap v3 liquidity composable.
Bunni uses fungible ERC-20 tokens to represent LP positions instead of NFTs, which makes it far easier to integrate Uniswap liquidity in other apps.
bunni.pro
Show this thread
1:09
45.6K views
1
3
11
reports.yacademy.dev is live with our audit reports! It'll be quicker to navigate between reports and search for keywords (via header 🔍 search bar)
2
9
18
Show this thread
Quote Tweet
Who's at @EFDevcon?
Come say hi to us, wearing the yAcademy t-shirts... 
1
3
4
Show this thread
1
2
6
Finally, perhaps the fastest approach is to use a browser-based tool from or tintinweb: library.dedaub.com/contracts/Ethe
1
6
Show this thread
If you prefer to skip etherscan, use `cast code` to download the bytecode for any contract and use one of the many bytecode-to-opcode disassemblers to view the opcodes.
1
1
Show this thread