Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 18 - riptide
203 Plays13 days ago
riproprip & riptide discuss the origins of the humble chad, his humble background, scoring big bounties in business class, repetition and building a knowledge base to find bugs, what to do when you find a bug but don't know who to contract, is the ethereum foundation bug bounty size correctly, avoiding burnout, incentives drive human behavior, and why you should jetsurf anon ...
Recommended![Episode 19 - 0xe4669da [SPECIAL n00b EDITION] image](https://media.zencastr.com/cdn-cgi/image/width=112,quality=85/image-files/677fcded3f04b4e1c3f96cfc/1b4f61b7-5c8c-48b2-9d61-66ec9549c632.png)
Transcript
Intro: Meet RipRopRip and Riptide
00:00:08
Speaker
Good morning, bounty hunters. My name is RipRopRip. I'm not the usual host of this podcast. I have no idea what I did in the past to deserve this honor, but it is my absolute pleasure to introduce the guest that needs no introduction.
00:00:23
Speaker
The man, the myth, the original humble chat bounty hunter, Riptide. How you doing, my man? man I'm doing fine, sir. Thank you for guest hosting the podcast today.
00:00:35
Speaker
Yes, it's going to be wild. Let's see where this goes. Let's... Yeah. All right. First, before we get started. So I'm i'm the guest on the podcast today.
00:00:46
Speaker
This was requested by a bunch of people to have me
Sponsors and Offers
00:00:51
Speaker
on. So ah Mr. RiproPrip was kind enough to to be the host. So...
00:00:57
Speaker
We'll do a quick message from our our humble sponsor, Recon first. We are sponsored by them. You could learn more at gitrecon.xyz forward slash Riptide. Recon offers high quality solidity audits powered by invariant testing, working with leading projects such as Centrifuge, Liquity, and Badger.
00:01:16
Speaker
They also have a ton of useful resources for bounty hunters and protocol devs. We like that you could fuzz directly from your GitHub. Check them out, gitrecon.xyz forward slash Riptide.
00:01:28
Speaker
Mention that I sent you and you'll get five grand off for first time customers for an invariant testing engagement. We're also brought to you by rare skills, go to rare skills.io forward slash rip tide and get yourself 10% off a bootcamp to go learn some new blockchain and bug hunting skills.
00:01:48
Speaker
Okay. Mr.
Nickname Origin: Bicep and Fitness Journey
00:01:50
Speaker
Ripper rip, take it away. Yeah. So first, obviously there's a similarity in in the our handles. So I got to ask, why did you choose Riptide?
00:02:01
Speaker
ah What did you make? Like, what's a Riptide? the The Riptide stamp. This is like when you have an old email from back in the day where it's like badass2000 at AOL.com.
00:02:16
Speaker
And Riptide was my, was like half of an alias. So as I've always been into fitness and I started at about like 15 and I'd always start doing calisthenics and gym and all that stuff.
00:02:32
Speaker
And so people would make comments, whatever. And you go through the army, you you kind of get a nickname and people would call me bicep. and then And so I changed it to something I call myself bicep riptide.
00:02:49
Speaker
Like when I flexed the bicep, it was like a riptide wave. chi This is awesome. so so And then for Twitter, you know I chopped it just to riptide. i don't want to flex on dudes with bicep riptide.
00:03:03
Speaker
that That's awesome. So did you get into calisthenics before like getting onto into hunting?
Balancing Fitness: Calisthenics and Weightlifting
00:03:12
Speaker
Yeah, I actually started... really going hard in calisthenics, because I've been doing, um I tried to do kind of amateur bodybuilding ever since I was i was young and really gotten into that, followed Schwarzenegger and ah you know never went, kind of never competed because I never wanted to do steroids and do all the upkeep that goes with you know going pro.
00:03:35
Speaker
And so I just decided, well, I'm just going to do it so I look good. ah you know All show, no go, right? And ah it was kind of like that for a long time. And then once COVID happened, ah the gyms closed.
00:03:49
Speaker
I was living in Miami and I said, well, know, I got to do something else. And the only things that were open were these great outdoor workout parks and down in Miami beach, I'd go down there and um just everyone would be doing calisthenics. And I thought, oh, yeah, i I'm tough and go to gym forever. What's up?
00:04:06
Speaker
And I tried to replicate some of these moves that the guys were doing just try to do, yeah know, I can knock out 24 pull-ups in two minutes. I did that in the army. Okay. So I thought, Hey, I got this.
00:04:19
Speaker
And then these guys are doing muscle ups. They're, they're lifting their legs up while doing pull-ups. They're doing handstand pull-ups. Um, you name it, all these things that require a lot of core strength and a lot of balance.
00:04:32
Speaker
And, um, and I realized right there that I was lacking big time. So, That's where I started during COVID and and just started cranking calisthenics. and then I mixed it with heavy weights because I feel like as a man, once you get to a certain age, you kind of lose that that vigor.
00:04:49
Speaker
And so I've never really lost that except for temporary ah periods in time. And those temporary periods I noticed were when I was not lifting heavy weights.
00:05:00
Speaker
So I started doing calisthenics a lot And I noticed that kind of like something was missing. And then I went and jacked some heavy weights and it all came back. So I think that's essential to do calisthenics and throw in heavy weights.
00:05:14
Speaker
Obviously a lot of protein, this and that. And, you it's always been a good recipe for for feeling good. Yeah, I absolutely love that. This is not just a facade. That's actually like you.
00:05:25
Speaker
So you started out doing bodybuilding. And then I guess since you mentioned the military, I can ask maybe, like, I'm not sure if you're allowed to disclose that, but what did you do? I imagine you being the biggest guy in the company and like carrying the LMGs or Nate launchers. Is it like that?
00:05:44
Speaker
or like No, no not not even. The reason I got, because I'm i'm not a tall guy. um And so the reason I got into it initially was to just kind of not be bullied in high school.
00:05:55
Speaker
I was like, well, you know I can't grow any taller. So, uh, I might as well try to get jacked just so no one will mess with me. Yeah. let' to be honest so yeah That worked. so I wasn't, uh, the biggest guy in, in the squad or any of that, uh,
00:06:10
Speaker
But you know there's there's guys in in all shapes and sizes. And sometimes the guys that look like the skinniest dudes will just ah outperform everybody. it's It's like, they call it the retard strength sometimes, but it makes no sense.
00:06:27
Speaker
Yeah, don't fuck with a skinny guy. like you never a Who smokes all these cigarettes right before PT? The guy will just crank. Yes, we used to smoke them like ah before games.
00:06:40
Speaker
Like the the guys who were out smoking before games, like I i wasn't ever joining them. But guys from the team did it. And i screw I saw them running around the court and I was like gassed.
00:06:53
Speaker
And those guys having smoked, I don't know, two, three cigars before, cigarette cigarettes before, like they were passing me by sometimes. I don't know how those guys do it. They have some malfunctioning gene.
00:07:06
Speaker
They're just super soldiers. I don't know. Yeah, I think it's not malfunctioning.
00:07:11
Speaker
These are the same guys that would have an all-nighter and do the walk of shame coming on base at 5.36 a.m. in their club clothes and then just quickly change and go run a 10-miler like it's nothing, vomiting on the way.
00:07:25
Speaker
but It's superhuman. As long as they keep going, it's fine, I guess.
00:07:31
Speaker
but That's right. I think you mentioned not having a traditional InfoSec background. um Obviously, after the army, like my question would be, how did you find like the first keyboard?
00:07:47
Speaker
Or did it happen before?
Early Passion: Computers and Apple Demos
00:07:50
Speaker
Oh, first keyboard, way before. So I was really lucky. yeah We grew up pretty broke. But my dad had a job at a place called the Neighborhood Computer Store in California.
00:08:04
Speaker
And they sold Apple computers. And this is the eighty s And so we couldn't afford a computer, but he would get to bring home these brand new, you know, Apple Mac SE2 demo models. It would cost two, $3,000 just so he could demo them so he could sell them to the customers.
00:08:21
Speaker
So we had a home PC for free and we would start clicking and, and get used to it there. And then after that, I got my, but we got our first family PC from a garage sale.
00:08:33
Speaker
386 and from there I just it was it was in the laundry room i just started started digging into it and I thought it was the coolest thing ever and you know just just exploring I mean this is no internet this is just on a command prompt with no instruction manuals you don't know what you're doing But you see that there's something fascinating about it.
00:08:57
Speaker
And just, I think, the unknown. Because with a computer, you could do, it's limitless on on the amount that it can keep your attention. And so that's always that's always pulled me in. and And ever since then, I've always been either building my own computers or just tinkering with it, just trying to, to take it apart, see how it works. And then you start kind of doing that with software and with hex editing and and applying cracks for games. And so just, just trying to, i don't know what, what's the central thing here. Just like, just trying to understand how things work when you don't understand them.
00:09:39
Speaker
Yes, what else can you do if you like have the the best, most malicious machine possible or like the most wondrous machine at your home and then you can just try out stuff, right?
00:09:50
Speaker
It doesn't really break, which is unlike other toys you play with. Unless you like actively touch the stuff, you can't break it, so you can do everything as long as you reset again. It's a perfect environment learn something. I completely deleted Windows one time.
00:10:02
Speaker
Yeah, I mean, you can fuck it when you have no clue what you're doing, but yeah, mostly you're good. Yes, it's bad because we didn't have the internet so when we deleted our operating system there was nowhere for us to go to Google how to set it up again.
00:10:16
Speaker
That's right, hopefully do you had the floppies. Yes. old Old man talk right here. yeah Could you still ban them or was your first computer like after that?
00:10:29
Speaker
ah Say it again, the first part. Could you still ban the floppy disks? Oh, yeah. um I did have that drive, but I was basically hard hard floppies, three and a half.
00:10:41
Speaker
Okay, cool. So I guess sometime after that, you some somewhere along the way, joined crypto, Twitter, or crypto in general.
Crypto Journey: From Trading to Bug Bounties
00:10:53
Speaker
Tell us about that. like What was it like? Did you farm Pultous in the beginning, or what did you do? Now, so I got on CT, I don't even know. I've been on Twitter.
00:11:04
Speaker
This account what is ancient, and I used it for, I don't even know what. when you know When Twitter came out, no one had an idea what it was for, and they would just tweet bullshit.
00:11:15
Speaker
And I think I tried to get like refunds from airlines, you know, just, or whatever, try to get a job or whatever I was doing. And then, I changed it over to, you know, this handle and a couple different PFPs, this and that, but I think I, man, it's hard to say.
00:11:32
Speaker
Um, Because it definitely wasn't when... Because I got into Bitcoin first, and I guess I didn't have any presence on Twitter. And I didn't look to have a presence until like the ICO ah phase. And that's where I started following some of those you know big accounts from back in the day.
00:11:51
Speaker
you know these These traders that... Didn't really know anything, but knew more than the average guy. And so people would follow these guys like they were gods. And I was like, holy shit, man, these guys, if only I could make this 100x. And so I was following traders initially on there.
00:12:07
Speaker
and then um And then DeFi Summer kind of morphed into following you know people talking about DeFi Alpha. and But I didn't really have any sort of presence until I started finding bugs.
00:12:21
Speaker
Until I was like, all right, this is... this is going to be my thing I guess yeah okay so first you kind of like start out that you straighter or at least that where the people you were looking to the did you also then like go into any V I'm still like trying to like build a bridge to your first trip Yeah, no, i didn't do MEV.
00:12:47
Speaker
didn't i didn't even know about it. And the reason I really got into, I guess, bug bounties was, you because DeFi crashed and DeFi summer. It just bombed out.
00:13:00
Speaker
And I was like, man, I can't rely on on this as any sort of livelihood. yeah I never take profits at the top. you know I always miss the signal. But I was like, I can't have the market determine how I'm going to feel every day.
00:13:15
Speaker
And I wanted an exit from that. And I i knew I had like a technical background. I knew I knew enough about it. where I would be capable of doing something else. I just didn't know what it was. And then I came across the, I'd see the bugs and the hacks that would happen. And I thought, what yeah what's going on here? Like how, I should learn this.
00:13:36
Speaker
And then I saw ImmuneFi had the bounties and you know those big dollar figures got me interested. And- What were the bounties like back then? Like how, what were the amounts at the start when you started looking?
00:13:51
Speaker
Do you remember? Oh, I mean, there were there were seven figure bounties, six, seven figure bounties. Nice. No doubt. Yeah. I mean, that that gets you. And then the biggest thing was like you'd open a contract and you just see the money there, like see the tokens. And I was like, this is so crazy that you could just like find a way to pull these out and they'll pay you for it.
00:14:13
Speaker
And so it was like ah that, and and but i I still couldn't find a way to like to start from scratch because any new bounty hunter knows it's like, it's an uphill battle, especially if your tech is old, man. Like I hadn't done any coding in years. I put it all in the back burner.
00:14:32
Speaker
So like, I didn't even know what they were using for IDEs. I was, everything was rusty, man. So I was like, man, I got to get up to speed. And where did I go? I went to ETH Denver, I think. And I saw ImmuneFi there.
First Major Payout: ImmuneFi Experience
00:14:47
Speaker
They had a booth, much love to ImmuneFi. And they had like a little quiz and it was like five questions. And if you got five questions right, you'd get the hoodie and you know you you'd win their little competition.
00:14:59
Speaker
And just before that, on the way there, I read the whole Ethereum book and I was really like getting into it and and just nonstop diving deep. And so I answered everything correctly and they were like, what the fuck?
00:15:11
Speaker
So I got the hoodie, yeah got all that stuff. And then I was able to parlay that into, um they had their white hat. like beginner program, like the monthly stipend that apparently Lonely Sloth started, much love the Lonely Sloth.
00:15:27
Speaker
And so i started be I started taking that, the White Hat stipend for, I think, maybe three months. But that really helped, like giving me the motivation to say, hey, look, you have a backstop, you could just focus on this. And so that was like really beneficial to to kicking off the journey.
00:15:47
Speaker
Yeah, so you mentioned three months for taking the stipend. How long did it take you then after making it kind of like the decision? I got the hoodie.
00:15:59
Speaker
I'm getting a stipend. I want to do this. How long did it take you to your first buck? First bug after that, I'm gonna say, let's say I start from zero and I get the the stipend three months.
00:16:14
Speaker
It was probably at the end of it where I got like a grand from um what was it called x token or something and it was kind of like a pity bounty like you tried really hard okay it was a technicality but they gave me a grand and i was like oh shit i got paid for this i could do it i could do it i got pumped up man and that kind of gave me the power to to just push through and then um Dude, from that, i mean, go from a grand to pulling the arbitrum bounty is just fucking crazy. Like I had a few submitted that were rejected based upon whatever. But then, you know, just just kind of luck and knowing what to look for and coming across a monster bounty coming from nothing it's is pretty unexplainable, the high you get.
00:17:04
Speaker
Yeah, it's life-changing, right? 1K, it's like it's a zero to one. it's the best thing ever because ah it shows you that you can do this but how much like how big was the arbitrary bounty 400 eath yeah how much i went through all the ups and downs
00:17:27
Speaker
uh man i think it was um about 600 something k oh that's runway right It's big runway. and But in my mind, I'm like, I'm getting the two mil because it was a max critical, whatever. And then they try to lowball me.
00:17:44
Speaker
And we had to negotiate. and then ah And then in that scenario where you're facing life-changing money and you're going through ImmuneFize process, which is very slow, right? Like you submit a message on their website and then you just wait.
00:18:01
Speaker
And I'm like, you know, they've already confirmed it, but I'm like, man, they're not even going to pay me. You know, you're thinking of all the bad scenarios. Like they're just going to ghost me whatever, everything comes in your mind, every scenario, and you're just waiting. And this went on for, want to say like over two weeks where I'm just kind of, you know, on the edge, like, okay, we're negotiating 250 grand. Okay. Now it's, it's like 500 grand. Okay. And I'm thinking this is getting better. It's not what I want, but it's still good.
00:18:30
Speaker
But then it just kept delaying. went for like a month I'm thinking, man, these guys aren't, aren't even going to pay me. And I spoke with them on the phone and, All kinds of stuff. But you're just assuming the worst case scenario. Like, this can't be real. There's no way I'm going to get paid this amount.
00:18:44
Speaker
And then I was leaving the dentist's office. And then I checked my Ether scan. I saw 400 ETH come in. i was like, holy shit, man. This is pretty dope.
00:18:56
Speaker
Yes. I think, like, the the the first bug bounty where you get runway that takes you, like, over a year or two. That's like where you can like make a new decision, right? It's kind of like the world is showing you you can do this.
00:19:11
Speaker
Now you have the resources. Now you just need to commit deeper. And yeah, obviously you are the humble chat. So <unk> I think everybody has to take it in stride when they downgrade the payout amount.
00:19:26
Speaker
But I think it like obviously getting more would have like not hurt you. But you kept going, right? You you have a lot of bugs.
00:19:37
Speaker
How long did it take you to the next bug?
Building Skills and Confidence in Bug Hunting
00:19:40
Speaker
and Yeah, sorry. Yeah. No, after that, yeah you're right. I mean, it is what it is. And a lot of people get different results. And it is what it is. But you got to move on and just just try to do your best.
00:19:54
Speaker
But after that, I kind of just got into a role. I remember when I posted, i said, know, I told these guys, I said, hey, either way, I'm going write I'm going put a write up out there.
00:20:05
Speaker
And the response is crazy. Like I had like 20 followers and I put that right up out there to get some notoriety and to kind of show everyone about Arbitrum. And I want to get feedback on on what they thought was legit for the bug too.
00:20:21
Speaker
But I put it out there and I'm there with my wife in the kitchen and I had the alerts on on Twitter. And I went from like 20 followers to like 5,000. And my phone was just like moving around the counter. It was going crazy.
00:20:37
Speaker
It was just beeping and popping all day. And I was laughing my ass off like, this is crazy. And from there, like um I just kept at it and and I started getting into a ah groove and obviously your skill sets better.
00:20:54
Speaker
And then I just started, you know, just finding other bugs. just Just, I think just, you know, finally I could see the bugs in the code. Whereas before it was like just absorbing contracts and not really matching things, not connecting the dots.
00:21:11
Speaker
I missed some big ones like the Rari Capital One. I looked at those contracts. I didn't see the reentrancy. you know I looked at the ah the Nomad one. I looked at the storage slot. I saw that anomaly, but it didn't click like how it would be exploited.
00:21:28
Speaker
So all that stuff kind of came to a head and then I started finding bugs and I was like, oh, okay, this is cool. And it's like, boom, 50 grand bug. All right, boom, 80 grand bug.
00:21:39
Speaker
Like when it starts coming in then it's it's a good reinforcing mechanism to really keep you dedicated to it. Yes, most definitely. So...
00:21:50
Speaker
I'm not sure if you like want to disclose that stuff, but I think you traveled around. Do you remember where you were like when you were getting, like the for me, that's a yearly salary, 50 80K. You can easily live off well with that kind of money for a year in Europe.
00:22:05
Speaker
Do you remember where you were?
00:22:10
Speaker
Yeah, um for some of these, i was, yeah, because we traveled pretty much ah almost after that. I remember, i can't remember when I hit the balancer one, which was like 80 grand, but I hit one with radiant capital, which was basically 75 grand.
00:22:28
Speaker
And I was on, and this is a humble Chad speaking, I was on an Emirates flight with my family and I was able to fly business for the first time with my family. it was a big goal of mine to like, hey, yeah, as a guy that had food stamps growing up to be able to say, hey, look, this is a pretty cool achievement for us to to do this one. So we flew international Emirates business and I'm on the flight and I'm on the internet and I found the radiant bug.
00:22:54
Speaker
And I'm laughing. I was like, I got paid out. You found it in the air? On the flight, on the flight, on my little 13-inch Dell XPS on the airline Wi-Fi. And i'm negotiating on Telegram with them. And I got paid out before the flight landed.
00:23:10
Speaker
And I was telling my Wi-Fi, I was like, yo, we just paid 75 grand on this bike. And it's like, it's crazy. Because that's a year's wages for most people. It's it's completely nuts.
00:23:23
Speaker
Yes. So did the other passengers notice or did you like kept your cool?
00:23:30
Speaker
I kept my humble cool. low That's awesome. I wouldn't have been able to do that. It's like, I think that's the first time I'm hearing like finding a crit right in the air.
00:23:41
Speaker
Like, and before you land, you're done. Yeah, I mean, it's it was a really notable kind of place to find it because normally you're just where you're in a cafe, you know, there's nothing unique about it.
00:23:55
Speaker
And this was like, i was on the flight in the first time flying business. It was like, it's pretty cool. Yeah, this is so awesome. So I think that kind of sounds like you already had a process, right? Because I'm not sure like if people know about airplanes are like tight spaces, you have to flip up your display, ah getting yourself to then not look out of the window, but focus onto the screen and then do the stuff. Like what was your process back then?
00:24:26
Speaker
Did you wake up every morning, do your push-ups, do your pull-ups, and then get to the computer? Or what did you do?
Relaxed Bug Hunting Approach
00:24:34
Speaker
I wish my tweets reflected reality like i like I'm some monk who wakes up it does this crazy routine. But to be honest, i mean i'll I always get some exercise in throughout the day. It's not like...
00:24:48
Speaker
I always do it before that. Like, I don't really have this routine except for, you know, when I get on the computer and start looking for bugs, I kind of follow usually the same type of pattern. and And that is, and that's what what's kept my interest all these years is is just looking for things that interest you.
00:25:10
Speaker
And so that's why i think I don't function that well in a structured type of like hey you got to audit this thing and this is what you're doing this week i think i'd just be really bored doing that consistently like i'll do it ad hoc but i like to just approach my day and say all right blockchain like what do you got out there and i may get ideas for x people talk about a project open up a tab check it out or I might just open up a random block or um you know someone on CT mentioned something and then I said, oh, that reminds me of whatever, I look at my notes and then I'll pull up a project that I've had in my, you know, ah cloned for ages and just just pull up the code again and just look at it, just because I'm interested in it. So if I'm not interested in it,
00:25:59
Speaker
I don't really bother with it. um Big money behind it. None of that really matters because it doesn't captivate you long enough to make it worth your while, in my opinion.
00:26:10
Speaker
So that's kind of my process is just look at something interesting and just dive in it and try to figure it out until you know until you kind of lose interest and say, well, yeah have I gave it my all?
00:26:24
Speaker
um Is there anything here or should I move on? Yeah, so that makes a lot of sense. I mean, you have like a wealth of loan knowledge, like you build that stuff up over time.
00:26:35
Speaker
What would you say to newer bounty hunters who don't have that kind of wealth of knowledge and how do they can like ingest all the info necessary to be able to find the bugs?
Advice for Newcomers: Understanding Bugs and Reports
00:26:48
Speaker
Yeah, it's the best thing that worked for me is is just reading contracts. I'd read audit reports to know how to identify the bugs. Because you can read as many contracts as you want to get the syntax down, the style, to see how you know a staking function is implemented.
00:27:06
Speaker
All that's very valuable. And once you see 50 different staking functions and time locks and all these things, you see patterns and you see people doing the same thing and you see what good code looks like and bad code looks like.
00:27:20
Speaker
And the ones that have problems stand out easier through all that repetition. But even with all that, you have to read audit reports in the beginning or bug bounty write-ups or something to be able to identify all the different types of bugs out there.
00:27:36
Speaker
And you know they have the different classes of bugs. Read all that so you know you can actually spot a bug. But then once you'd be able to spot it, I would read all the contracts that you can, and it's just out there on the blockchain, just explore, it's so cool.
00:27:51
Speaker
And once you read all that, then you have this corpus in your head, and then you make little notes. Just have a little note file and say, hey, okay, and this, this is suspicious because blah, and maybe it's nothing, but maybe it's something where you go back to it and you learn from it.
00:28:08
Speaker
And yeah, eventually you you come up with something. But for new guys, you have to have some sort of knowledge to rely on. Don't just GPT it and rely on that to do the work for you because a lot of times that's wrong with a false positive or it says there's no bugs or something like that.
00:28:29
Speaker
and if you have the skill behind it you could say hey look obviously human review is better at this moment in time and you need to be able to identify it and rely just upon yourself and not using any tools yes i think you gotta read the write-ups uh that's uh read the audit reports read the write-ups learn to read the code learn to love the code and then my question to you will be um I'm not sure, like, for you, it seems everything happened so far in in the past, but do you remember, like, the category offer a bug you really liked?
00:29:08
Speaker
Like, what was it in? Was it, like, a staking contract? Was it a DEX? Was it lending? it
00:29:14
Speaker
If you look on my GitHub, which I um made public just to read me on there, has bugs I've found, the majority that you'll see are signature related, it turns out. And I think, and that's what I focus on recently a lot because I think it's so interesting.
00:29:32
Speaker
This is well hey, maybe we'll just do alpha drop here, but I call it bounded awareness. So like, you have, it's like a limitation on somebody's ability to notice or consider something that's outside their immediate focus.
00:29:50
Speaker
So imagine you have ah dev, right? And he's coding something. And in that first layer, he's looking at the code and he can see obvious flaws in his code and and all that.
00:30:03
Speaker
But if his function talks to a library or a nested function or something like that, the deeper you go, then you have this bounded awareness problem. And so with signatures, you have that a lot. And signatures, they are the key that unlocks all yeah all the secrets of the contract, right?
00:30:24
Speaker
So they're very powerful. And there's a lot to them. They look simple on the surface, but when you dive into how they're used and all the different ways that people can screw them up, it's pretty interesting the bugs that you find there.
00:30:38
Speaker
from replayability to malleability, using ABI encode pact or using ABI encode. Both of those can can have severe flaws or doing type conversions.
00:30:52
Speaker
There's so many different aspects to it that I've seen devs get wrong and which is it's why a great area I think to focus on is is these things with um where you have that bounded awareness problem, which is, I mean, the same thing is just going as deep as you can, but you you kind of pull it away from the devs, their front of mind, what they're looking at and what they're thinking about to something deeper in there.
00:31:17
Speaker
And I think that's a great place to to find bugs. Yes, I agree. Signatures are important. i They're kind of like the the key that- And you were the guy who said- said Yeah, but you were were you the guy that said, ah don't trust comments, they lie? Yeah.
00:31:38
Speaker
I think that was your comment. Such a great comment. I always think about that when I delete all comments. When I listened to the Lonely Sloth episode, I was like, now I can't even trust constants anymore. Like, do I have to check the caps on every constant?
00:31:56
Speaker
You check everything. I know, that that was a good one. It's so cool. It's these little fine-grained details. yes Yes, I was so happy when I saw the the announcement that he got that bug.
00:32:10
Speaker
ah like You know I'm kind of into Solana, so when I saw that I immediately had to read it and then when they went and said like this is Lonnie Sloth bug, I and was happy. yeah He's a beast, man. He is a real beast.
00:32:28
Speaker
Yes, the sheer bandwidth of that guy. like I can't even imagine how much time it takes to stack up all the pox like I don't know how many months he has now of writing books.
00:32:42
Speaker
I know. Well, you mentioned you had one that you were working on for a long time and you just you just submitted that. How did that go?
00:32:51
Speaker
or you don't know yet I'm i'm still like not I'm not sure if I'm allowed allowed to talk about this without putting my bounty at danger so like I'm totally don't say anything just wait I'm gonna do that is it gonna rock the leaderboard when it comes out nah like yeah in my opinion the slot is up there with 2 million for the year I'm not gonna cover that Oh, shit.
00:33:20
Speaker
Okay. but like yeah I have my own leaderboard. i'm I'm not sure, but as far as I'm aware, this loss is up there for this year.
00:33:30
Speaker
We'll see. We will see. Yes. I love that it's like only the the half of the year mark, and some people are up there with seven figures already.
00:33:40
Speaker
um That's awesome. ah From your explanation about signatures, I think it's easy to see how you started out in ETH. And you also mentioned that you were doing a contest on, I think, Cantina for, I think, something, some new for hard fork on Ethereum, ah to be honest. I don't know much about those, but how did go for you?
00:34:05
Speaker
ah No, I didn't do it. didn't do the Pectra one. I did not participate. Okay. Never mind, never mind ben you do You must be thinking of of Mr. Ziktur. I remember you saying that you tried to do a contest.
00:34:22
Speaker
Oh, yeah, that was I did. What did I do? I did ah Wildcat. Yes. And then Dead Roses beat me, beat me to a pulp. And then i did Eigenlair.
00:34:35
Speaker
And that one, I just tried three LLMs against each other to try to see if there was some like some secret sauce that I was missing. And then ah nothing, nothing happened out of that either.
00:34:48
Speaker
But as far as any other contest, I haven't haven't done anything.
00:34:55
Speaker
Yes, i also I'm also very scared of DeadRose's XYZ in contests. These young guys, man. Unstoppable. Yes, and now he's like casually putting out a product at the site. like It's wild.
00:35:10
Speaker
um So I guess a short interlude to contests and how us bug bounty hunters don't really like to do those.
00:35:20
Speaker
I think right now you're publishing articles about where you're looking right now. And um I think maybe can you tease something that's coming up in the future? Where are you looking right now?
00:35:33
Speaker
Or do you want to like keep it on the back burner?
Starting a Podcast: Motivations and Goals
00:35:37
Speaker
I don't even know where I'm looking. So what I do is I'll, I made it a monthly dispatch. This is a sub stack.
00:35:44
Speaker
And I just have these notes. And sure, we all do. But I just wanted to kind of put something out there to, you know, give some guys some ideas and ah like find things that I didn't find.
00:35:57
Speaker
Because we all look at things and we all find things that other people didn't find. So I wanted to just kind of, because people come and they they ask, and especially new guys, where do I look? Where do I start?
00:36:08
Speaker
And so I just wanted to give ideas in why I'm doing what I'm doing. So I take notes throughout the month and then put something out towards the end of the month on just, you know, my analysis, what's happening on the blockchain, any bugs that I'm and i'm thinking about. And then I have like a paid part where I have,
00:36:27
Speaker
I'll try to expose some low low medium bugs that are live out there and say, hey, these are live, you know probably hasn't been reported yet, see if you can amplify this.
00:36:39
Speaker
And I don't really know my goal with It's not like it brings in any material amount of revenue. But I put it behind a paywall just to kind of, it's kind of like an experiment.
00:36:51
Speaker
I don't know what I'll do with this sub stack. It's just kind of like my idea is putting it out there, see if there's interest. And same with the podcast. I mean, I did the podcast to for a couple of reasons.
00:37:04
Speaker
One of them was I wanted to i wanted to give ah myself a voice because I don't get to talk to anyone about this stuff. So I wanted to talk with other guys doing this.
00:37:15
Speaker
And I wanted to give bounty hunters a voice. You know, they have something to say, people want to up their profile, they want their following increased, they want to maybe get side jobs, this and that. I wanted to have a platform for us, for the stuff that we do.
00:37:30
Speaker
And then ah the third thing is I wanted to kind of keep existing in this ecosystem without you know always finding a blockbuster bug because I knew that your your chances of finding you know mega bugs over and over is pretty slim.
00:37:48
Speaker
Like people have their their time where therere they're hot and then you're not going to keep finding
Balancing Outputs and Emotions in Bug Hunting
00:37:55
Speaker
multimillion dollar bugs over and over unless you've unlocked some secret we're unaware about. And then, you don't tell anyone about it. If that happens, we'll get you on.
00:38:04
Speaker
But like, you know, everyone's going have their arcs up and down. And so I wanted to be able to kind of have something consistent where I could say, you know, still be plugged in and also have like a product of work that I can show.
00:38:18
Speaker
which was a big thing because if you bounty hunt 24 seven, it just takes you to the dumps, man. When you don't find anything and you're like, you end the day and you think, fuck, I did nothing. I achieved nothing.
00:38:31
Speaker
So doing the sub stack, doing the podcast, at least I could say, Hey, look, this month I did, I had a podcast, you know, three podcasts. I had a sub stack out there. Like I'm doing something just to satisfy something in my brain. Like, look, there is completed work.
00:38:48
Speaker
It's available. People can download it. I don't care what they think. Just it's done. It's out there. And then the bounties, the bounties will come when they come. Yes. I think that's like the only way to go with this. Like you've got to be happy not finding anything for a long stretch of time.
00:39:07
Speaker
And if like writing a sub stack, doing podcasts, naming online gets you through that, you should definitely do that. um I was talking to a friend of ours, I think.
00:39:19
Speaker
And um he was like, I was asking him, what should I ask you? And he was like, absolutely amazed by your ability to like, see a contract address, and then like find who to talk to.
00:39:34
Speaker
What's your secret?
00:39:37
Speaker
Oh, that is some secret sauce, man. I can't tell you how many times I've had to do that. and And this is because I do a lot of hunting, like I told you the method, where I don't go on ImmuneFy and just look for things. or i don't really know the project. I don't know what it does. I don't know who's responsible for it.
00:39:55
Speaker
So I ran into this lot where I just have to get in touch with someone. And so you if you're in a contract, you find a bug, you try to backtrace it to the deployer.
00:40:07
Speaker
If there's any linkage there, maybe it's tied to an ENS somewhere, you got something to go off of, you could search X for that or GitHub. GitHub has a great search function if you don't already know to use that. So sometimes I'll just search for a unique piece of code, put it in GitHub search, and then maybe that guy has a repo and then maybe there's contact info there.
00:40:27
Speaker
or else it's like, ah God forbid you have to go to a Discord to find something if you can identify a project. um I do have a lot of Twitter or Telegram conversations with a bunch of different people who know a bunch of other people and a lot of the devs do multiple projects. So sometimes you can identify it through there, but I found The most effective way for me with, you know, I have like 8,000 followers is I could just put it out there and and say, hey, once I have a project name, like, hey, who's who's working on this?
00:41:03
Speaker
And it's like magic. I usually get the guy responsible. He'll message me. And whatever it is, we we get it sorted out. So, That's like my like by method.
00:41:14
Speaker
Somehow i've I've been able to pretty much identify everyone except I had a Chinese project. And it's just like some of these guys, I don't know, man. They're not on, maybe they're on WeChat, like they're on Chinese socials. But I i couldn't even, i had no luck at all. So usually it works.
00:41:35
Speaker
Yes, yes. So it's part to your large network. And what I love about you is I've messaged you before because I also had a problem. And you were like, okay, let me put you in touch with people. And it's like, boom, done.
00:41:49
Speaker
The magic of Riptide. and We have to we have to help each other with this It's just it's so stupid when you go to a project site and there's either no contract addresses No bug bounty contact.
00:42:01
Speaker
They just want to you maybe rug and leave I don't know what their plan is, but We try our best to do the right thing if you don't make it easy Well, then the people want to do the wrong thing are going to do it anyway Yes, yes seems short-sighted I always counsel like Like verify your source code and at the top, put up a contract address.
00:42:22
Speaker
That's all we need. It's all we ask for. Simple. ah humble ask. Yes, a humble ask. And like, if you don't do it, like, why are we incentivized to like climb?
00:42:34
Speaker
mountains way too much just to get to you it's it's weird yeah we're we're not going to your discord i mean actually that you know discord tickets i've had mixed results sometimes it's a great way to talk to the team but other times it's like the community moderator is handling it it's like we don't have any security bugs we're audited okay pal Yes, I have a friend, like he's a he has a substantial buck. They told him to open up a ticket and then he got like, he's not sure if it's an LLM or actually like a community moderator.
00:43:07
Speaker
And after a week, he got in touch and said, is your issue figured out yet or do you still need help? And he was like, what are you talking about? I gave you a buck report.
00:43:17
Speaker
the The contract still isn't fixed. What are you doing?
00:43:24
Speaker
I had one with ah Aladdin DAO, which I think is out of Asia. And i was I was in the Discord and the chick is just blowing me off. she's like She thinks I'm like a web two front end guy. She's talking thinking i I'm submitting something about click jacking.
00:43:41
Speaker
And she's all done. You know, we we got that sorted out. you know No more click jacking requests. I'm like, okay, I'm not. i don't know who you think i am. I'm not talking about click jacking. This is a smart contract bug. But, you know, it takes work. But in the end, hopefully it's it's worth it for the amount of cash you get paid.
00:43:58
Speaker
Yes, I think you have to like ka um come in with expectations and quickly choose to cut your losses. If like if if it seems like it's hard to get to the people and the the expected buck amount is low anyway, you've got to go and save bigger projects.
00:44:13
Speaker
um Yeah. And you just leave the bug on the blockchain sometimes. Like it's there and you can't do it. It's like, well, in the end, it's not my responsibility. It's out there.
00:44:24
Speaker
I can't reach you. Sorry. It's sitting there. Yes. I have one question. I struggle with it sometimes. When I sometimes see those bugs and I can't get in touch with people.
00:44:35
Speaker
I catch myself thinking, I wish there would be a bit more chaos on chain. right I wish that projects would take this more seriously. And I think like they are just acting according to their incentives.
00:44:49
Speaker
And sometimes I wish a little bit of more chaos would make them react faster to our messages. But I think that's not the humble chat way. Please tell me what to do.
Ethics of Bug Bounty Incentives
00:45:02
Speaker
Well, what do you mean by more chaos? Yeah, I'm not sure. i Sometimes it's just like I i feel like when there are big hacks going around, it's easier to get in touch with people. like um but let me Let me give you kind of an example.
00:45:25
Speaker
i think ah Ethereum has like a $1 trillion dollar security initiative. I'm not sure if you read about that. I did. Yes, and I opened up the report and I just did control F, searched for bug bounty, and they mentioned it's good to secure the protocol layer, but I couldn't find them increasing their 250k bug bounty that they have for Ethereum right now on mainnet. And I think that's way too low.
00:45:53
Speaker
i didn't And I don't really understand, like, why are they not changing it? There's enough money. And whenever you go and report a bug as a whitehead hacker, it's like instant value to them.
00:46:06
Speaker
and don't understand why they are not incentivizing more people by increasing the bug bounty amount. And then I catch myself, well, if there's a big bug, then maybe they update that.
00:46:20
Speaker
And that's kind of like... kind of like hoping for bad things to happen. and I don't want to do that. And I don't think you do that. So please tell me what to do.
00:46:32
Speaker
No, it's a good point. Yeah. No, it's a good point, man. And and it's true. it's Let's think about I always put myself in the shoes of the other side.
00:46:45
Speaker
So if you're the Ethereum Foundation and you want to incentivize good, honest reporting, it's still, let's be honest, all right it's a quarter million dollars. It's a lot of fucking money.
00:46:57
Speaker
I agree that, you know, if you're able to take over the chain and cause like unlimited ETHMINT or something like that, the bounty should be much higher.
00:47:08
Speaker
But let's just put ourselves in their shoes, right? Like what is the right amount at... For ETH, if you could do you know the the Holy Grail, you could do an unlimited ETH mint.
00:47:20
Speaker
I don't even know what you'd put the bounty at. It would be it would be the highest bounty out there. I mean, honestly, that's what it should be. ah Why is that not the case? Great question. I mean, it's a business decision. They're saying, hey, a quarter million dollars is a good enough incentive to have a white hat come to us and report it versus if he does an unlimited mint, right?
00:47:43
Speaker
Well, he basically ruins the network. Is he going to be able to cash that out? Maybe, maybe not. you know, there's going to be some constraints and limitations, blah, blah, blah. We could say the same thing with say, ah, they who has billions in TVL and yet they keep their bounty at 1 million versus wormhole or layer zero. Like some of these are not, you could say sized appropriately.
00:48:08
Speaker
but there's still it's still a lot of money when you kind of zoom out and just think they are willing to pay um in theory, ah but they are willing to pay. It's just like, um is is the bounty sized appropriately?
00:48:25
Speaker
is is a crazy question, man. I mean, look at, let's talk about the cork, the cork hacker, right? I love the drama about the cork hacker right Yeah, i haven't read about it. So this guy- about it Please tell me what's happening. Well, I- I don't, ah yeah, I don't have, I don't have, I didn't even look at the exploit other than it was a, apparently there's two exploits within there. So there was the Uniswap 4 hook, which was a problem.
00:48:48
Speaker
And then there was, ah there was ah another bug. And so all the, so he steals 12 million. that's a good I don't know if they had a bounty whatever.
00:48:59
Speaker
It's a good amount of money. It's a huge amount of money. And the guy is sending messages on chain in Estonian, apparently. Who knows where he's really from? And he's saying, like, you didn't find the real bug because everyone did an aftermath. And they're like, you didn't find the real bug. So he it was like his ego is coming out. It's like, look, I'm smarter than all you. None of you big firms found it.
00:49:22
Speaker
and And then the guy from one of the security firms did another post and then he he responds on chain, clowning on this guy. It's a lot of good drama. but So this guy, had he he took 12 mil and he's got that on chain and whatever he's gonna do with it.
00:49:41
Speaker
But they went through the whole audit process. they had They spent so much money on audits. People call it the audit mafia for a reason. for this specific reason, like you go through all this shit and your code is not even secure. Someone hacks you and the project's dead.
00:49:55
Speaker
You know, you' you're taking 12 million, you spent all your audit funds, the project's fucked. What could they have done differently? i mean, they're not going to offer a $12 million dollars bounty.
00:50:07
Speaker
whatever their bounty was, if they had it, I guarantee it wasn't close to this amount. So, you know, this isn't like a guarantee that that somebody's gonna report it, having a bug bounty.
00:50:20
Speaker
It's just to hope that you can incentivize, ah you know, an honest person from going into the dark side and saying, well, you know, a quarter million is not enough. I need 12 million or whatever it is.
00:50:35
Speaker
And there's pros and cons to both paths and the moral right thing to do and wrong thing to do. but It's a tricky business, man. is This is crazy. But I think to your original point with the chaos on chain, man, there's a lot of truth to that because it wakes people up and protocols are like, holy shit, especially with these centralized exchanges getting the hot wall attacked.
00:50:58
Speaker
They're like, whoa, because these will have bounties of like 10 grand and they have 100 million in these wallets. So it is, I mean, you do need it, man. You need a wake up call, but you don't hope for it, but it just happens anyway.
00:51:11
Speaker
Yes, I guess over time every vulnerability will get found. oh What's kind of like my my thing is like if I were the Ethereum Foundation, I would try to price out other people.
00:51:23
Speaker
And at least they should be higher than the projects that are built on their chain. That doesn't make sense to me.
00:51:35
Speaker
Yeah, it's tricky. the The Ethereum Foundation is very tricky with their... their operating process and, and what they're doing. I don't know. I mean, it'd be good to hear from them how they actually chose that number.
00:51:48
Speaker
Yes. Maybe they're going to update it now that we talked about it. I don't know. Um, are you going hold back on your monster crit until they update it? No, no, no, no, no. I wouldn't ever do that. Like, uh, I, uh,
00:52:01
Speaker
Last week, I had to do the trust fall, kind of like a project was holding out of me on me and giving me a number. and But I was still like hunting. like I didn't want to like just sit around and wait for them to get back to me because that's fucking with your mind, in my opinion. like Doing this for weeks, just waiting, hitting refresh, that's going to kill your vibe.
00:52:22
Speaker
So I just tried to hunt more bugs, and I found another one. And then it's like, do I give it to them? Before, they've given me my number, and then I thought about it, and it was like, nah, I just got to report it and see, like, let's hope they're doing right by me.
00:52:38
Speaker
So I did that, and I wouldn't do that to Ethereum, but the thing is, for to fifty k I wouldn't look at Ethereum if, like, Solana is offering more. that's That's basically my argument. If you want to do a trillion dollars of security, like, if you want to secure that amount, you should be like,
00:52:57
Speaker
in the same range of other chains. It's a very good argument. How many eyeballs do you want on the code? And if you want the pros on there, like, you they want you on there, hey, they got to up the number.
00:53:11
Speaker
Yes. else can you say? Yes. Yes. Also, it's like way more complex because there are so many clients or node softwares doing this. So there's complex interaction in there.
00:53:22
Speaker
I imagine that that we as bug bounty hunters should like take that into consideration when choosing targets. um like If you have a chain which has only one node software, that's different from your calculation or for your calculations in like having an expected payout.
00:53:39
Speaker
Other than Ethereum, I don't know how many clients they have right now. But it's it's not feasible for me to go into every client, ah check like how much usage do they have, what could I get from that kind of usage, how much like could I damage and degrade the chain.
00:53:58
Speaker
It's so much more complicated with this. And i then in in that case, I don't think two fifty case enough. Anyway, I don't want to like... Well, what what was the pot on Pectra?
00:54:09
Speaker
Do you remember the contest? I think was a million, maybe two. like That's cool. it would Yeah, was it was big. It was bigger than the the payout for finding a ah critical bug yes of the 250, which is weird, right? Yes, that doesn't make sense to me. You want to have like constant engagement. You want to like incentivize top talent to look at your chain constantly.
00:54:29
Speaker
Doesn't make sense to do this as a one-off.
00:54:32
Speaker
Yeah, a good point. Anyway, keeping in the spirit of chaos, today's the equinox.
Lifestyle Balance: Work and Leisure
00:54:40
Speaker
um
00:54:44
Speaker
Let's say, I'm not sure, like am I allowed to talk where ah where you live?
00:54:51
Speaker
ah yeah Everyone knows i I live in Italy, I just don't say where. Okay, that's that's fine. So do you have plans for tonight?
00:55:03
Speaker
For tonight, plans, Friday night. Today, after this podcast, I'm planning on taking my jet surfboard go to jetsurf.com, it is what's up. go It's like a 100cc motor in a surfboard.
00:55:21
Speaker
You fill it with petrol and you go like 35 miles an hour and you just, you ride it like a dirt bike on the water. So that's my plan today. For tonight, ah probably hunting some bugs.
00:55:36
Speaker
There are no days off on your way to success.
00:55:41
Speaker
I try not to, no. But I also try not to burn out. Yes. So what do you do when you feel like if you get close to burning out? Is there like a concept? Oh, man. Yeah. um it's It's happened multiple times where i just I just have to push away, man. I just can't. I have to take days where I just spend time with the family or just don't even look at the computer, phone, anything. I think...
00:56:06
Speaker
I think your mind just needs a break sometimes, even if you're on, you know, because bug hunting day to day, it's like the worst time I think in bug hunting for me is when I have no leads.
00:56:21
Speaker
Like I start out fresh and it's like, okay, initially it's cool, but you have to pull the string somewhere. Like you have to, You have to find a lead and then you get to pursue it. And that's fun. But when you're just kind of blank searching, you know, if you do it too long and you don't have a lead to pull, it's like, oh, okay.
00:56:41
Speaker
Or too many leads go to dead ends. You kind of, that'll contribute more to burnout. And I just take a break. You know, after a while, I just maybe take a day or two off. Just don't look at anything and, and just reset through some physical exercise.
00:56:57
Speaker
Yes, makes sense. Have you found like sprinkling in things that you do, like when you feel the burnout coming during your daily routine, like reduces the time till you have like till you approach that edge again?
00:57:15
Speaker
Yes. What I do now, now that it's summer and people mock me for this, the young guys who live in the cities, is i'll ah like I'll hunt bugs for a bit, and then when the sun's cranking high noon, then I'll go out there, shirt off, get on that lawnmower, and I start lawnmowing my enormous villa grounds.
00:57:38
Speaker
And I get a free workout. I run up the hills with this mower, manual mower, get a good suntan, get a good workout, and you just come back in refreshed. Maybe knock out some pull-ups, and you're good to go. So free workout.
00:57:52
Speaker
My fucking lawn is mowed, and I'm ready to get back in the books. Yes. I think that's perfect. Back bounty alpha. I do the same thing. Pro tip. Yes. Get a garden. That's the same thing, except you never get any sun over there.
00:58:08
Speaker
Come on, man. It's midsummer right now. Even we have a little bit of sun over here. You got a nice overcast, just the way you like it. No, no. It's so hot.
00:58:19
Speaker
a You know, in Europe, many people don't have ACs. I have no idea why haven't bought one. It's already so hot that I have closed down the shades, keep myself cool in here like It's going to be so hot outside in a few hours.
00:58:36
Speaker
Yeah, beautiful. Yes. Beautiful. So do you want to do another alpha drop before we leave? um Shit, I already dropped my alpha. yeah Do you have some alpha to drop?
00:58:47
Speaker
Yeah, you know my philosophy. like I don't want to really like give away actionable alpha. I don't think it's worth it for anybody if I like say there's a bug or report it. ah But I think with...
00:59:00
Speaker
best to just talk about the mindset and uh i've noted something about myself and when i was hunting with somebody else and they were like pretty awesome about saying i'm not sure i don't know yet let's look at this right and uh it's i think whenever you look at a piece of code and you catch yourself making assumptions that you didn't previously check those assumptions.
00:59:28
Speaker
You've got to go and justify that. like If you make a leap, it's fine to do sometimes, but before like you spend time coming up with the POC and stuff like this, make sure you've covered all your bases.
00:59:43
Speaker
Whenever you catch yourself, I'm not really sure, just call it out, say, I don't know yet, and then go look for it.
00:59:52
Speaker
I like that. I like that. And I'll add one thing. I'll just, just because you brought it up and I thought about this is um always, and we talk about this a lot, always assume there is a bug to be found.
01:00:08
Speaker
Do not put that doubt in your mind that there's no bug. You will give up so quick. Just always know that there's like a bug somewhere in this. You're looking at some complex protocol.
01:00:22
Speaker
You think there's nothing in there. Everyone looked at it. Get the fuck out. There's something. ah Keep that in your head and that'll keep you going. Don't give up. Yes.
01:00:32
Speaker
Yes. Look at the code first and then look what company you audited in. That way you can't fool yourself and like thinking this was audited by such and such and I can't find anything after them.
01:00:45
Speaker
Just like look at the code first and then check the audit report. That's the way to go in my opinion. I agree. There's one last alpha I want to drop.
01:00:56
Speaker
um If you listen to this on time, it's the Equinox, at least in our hemisphere, it's the summer Equinox. um I'm all for finding bugs every day But sometimes it's also like perfectly fine to call up some friends, go outside, dance the night away, come to the fucking DM during the weekend, and then come back on Monday, get into the office, sit down at the keyboard, and just find a crib.
01:01:26
Speaker
With that, I want to close pod. Goodbye. And we'll see you next time on the blockchain.