A lot of people probably wonder what my company, Pantheon Labs, actually is and what the goal is. Basically, in a couple months, once I build more of a name in the cybersecurity space, we’ll be offering full audits to blockchain companies directly. Each audit will guarantee that every bug in the codebase is found. Doesn’t matter if it’s critical or low severity, when we’re done, there won’t be a single bug or security flaw left in the protocol. Zero. It doesn’t matter how many aspects of attack there could be. It’s something that simply doesn’t exist right now and nobody else can guarantee such results. CertiK, Trail of Bits, OppenZepplin and many other similar auditing platforms are not able to do the same so there won’t be much of a competition. Each audit will cost between $500K to $1M. Now I know that sounds insane. But these companies would easily spend more than that running bug bounties just to find the same issues. Paying $500K–$1M to eliminate all bugs at once is actually cheap, might have to increase the price or make it proportional to their protocol total funds, we shall see as the company shapes. Excited to see what the future holds. I’m not very active on X these days as I get busier and busier by day, I’ll write on the progress once a week or more often if I can.

🛡️ Security first, always. ✅We've completed another security audit for the Brevis ZK Data Coprocessor with @sherlockdefi—every issue found, fixed, and signed off. Dive into the full report 👇 🔗

We are proud to announce that Sherlock will be hosting an audit contest for the @ethereum Fusaka Upgrade! We love collaborating with the @ethereumfndn, which always puts security first. Stay tuned for more details to come!

Every day that goes by it becomes increasingly clear to us that @cantinaxyz is an extractive entity and a net negative to the space. A week past @jack__sanford 's killer piece on the countless deficiencies of the Cork contest and no hint of a response soon. With the amount of attention that article received, if they could mount a defense they certainly would, aka silence is an admission of guilt. This week our Cantina bounty submission, which they agreed shows a capped loss of funds for a blockchain operator at high likelihood, resolved in mediation to Low severity. Having read 10s of Spearbit/Cantina reports and 100s of bounty writeups, monetary loss of any amount is never below Medium impact, so they are clearly relaying the sponsor's perspective in a classic "client is always right" mentality, as they always do. In fact, they don't even hide doing it. By their own docs, they Default to Client's Perspective. I guess only in the most egregious cases they reject the client's take. And what if the client simply ignores their mediation? In any other platform (e.g. @immunefi) we've worked with, not respecting the mediation is grounds for immediate removal of the client. On Cantina, client has an allowance of 5 bounty scams per year. Yes, you read that right. We've also recently found that their Fellowship program has a highly aggressive exclusivity clause. Fellows cannot submit anything to other bounty platforms, or notify projects directly, even if millions of dollars are at risk. Instead this highly-sensitive and time critical knowledge has to be shared with Cantina, who decides how to proceed. They are the boss, they call the shots, bow down or leave mentality. We have more examples of outrageous handling on Cantina, but will leave those for another day. For now, we want to raise awareness, like other leading community members, that auditors should be voting with their feet when it comes to where they spend their precious time hunting. A security platform that loses its balance and favors projects over bounty hunters undermines the entire white-hat process and encourages researchers to earn their worth through less ethical means! Let's work as a community to strengthen high-integrity, transparent and net positive organizations over industry bullies. The statement above is the personal opinion of TrustSec directorship members and should be interpreted as such.

We are proud to have chosen @sherlockdefi for our first audit. 🤝 Why Sherlock? • Glowing reviews from contacts • A track record of finding what others miss • Trusted by @MakerDAO, @aave, @Optimism, @GMX_IO, @OlympusDAO + more Starts next week 3.5 weeks. Full coverage 🧠🛡️