Return to site
Return to site

Mentorship Series #1

0xfirefirst - Starting Point

· Mentorship

Background

Hey, I’m 0xfirefist..

I discovered Web3 in 2021 during the NFT boom. I flipped a few NFTs, made some profit, and for the first time, I felt that spark — that “this is where I belong” feeling. Even though I later graduated as a Logistics & Supply Chain Management Expert (completely unrelated), my mind was already somewhere else: deep in the Web3 rabbit hole.

Web3 Security Experience

Start

In 2024, everything changed. I discovered Web3 security, and instantly knew this was the path I wanted to dedicate myself to.

Resources

I threw myself into learning with everything I had: Cyfrin Updraft’s full track, Secureum Bootcamp and Races, CodeHawks First Flights, JohnnyTime’s Course, Owen Thurm’s Youtube course, all of it. If a resource existed, I went through it.

Work & Contest Journey

In the last year and a half, I’ve spent 8 to 12 hours every single day, including weekends, doing only one thing: learning and trying to get better at security.

I entered every contest I could, but the results weren’t as expected. For almost a year now (Since January 2025, when I started doing full-time competitions), I’ve found 3H and 7M issues, which is… Let's say it wasn’t planned…

Here is my biggest result in terms of payout for the last year of full grinding. And it’s from March, which only confirms the thesis that I am not progressing...

Section image

Highest Paid Finding

Title

Underlying ERC4626 markets `maxDeposit` isn't checked. This could disturb the supply mechanism or lead to undesired function reverts.

Description

Typically, vault managers deem markets ranked highest in the queue more significant, reflecting a priority to ensure their supply caps are fully utilized. Newly added markets are placed at the bottom of the queue, just above the Idle market.

We also know that all the markets SiloVaults supply will be with the ERC4626 interface. This means that they will have eip-related functions such as maxDeposit, which can disturb the deposit logic of Silo Vaults, because maxDeposit of the underlying markets isn't checked when supplying. This will lead to loss of yield or even reverts in some cases where the _supplyERC4626 function shouldn't revert. Please, have in mind that SiloVaults are meant to work with every ERC4626 compliant protocol.

Proof of Concept

Imagine the following scenario:
When depositing:

1. supply queue has 3 markets, with the highest one being with the highest priority because it has the highest ROI
FOR THE FIRST(HIGHEST) MARKET:
2. Config's cap = 500,000 USDC
3. Supply assets = 400,000 USDC
4. toSupply = 500,000 - 400,000 = 100,000 USDC
5. Silo decides to fill and tries to deposit 100,000 USDC
6. maxDeposit of the first(highest) market is set to 20,000 USDC
7. Silently reverts and goes to the next market, which has lower ROI.

Lets say all the 3 markets have maxDeposit == 20,000 USDC set. While there is still 100,000 USDC left until the market.cap is filled, this will revert the whole transaction while it shouldn't.

Impact

Lower interest-bearing markets are picked to deposit in, leading to lower ROI for the users. That's the case when there are still markets in the supply list, in which the funds can be deposited.

Deposit function revert if the assets amount being deposited is bigger than the underlying markets maxDeposit.

Having in mind the function will revert when it shouldn't, I think the issue deserves a medium severity.

Recommended mitigation steps

One way to mitigate would be to implement a formula to make multiple deposits of maxDeposit amount of underlying market's until config.cap is filled or deposited assets are all spent.

Struggles

Here’s the honest part — the part that’s hard to admit.

After all this work…

after all these hours…

after all these contests…

I still feel like I’m missing something.

Is it effort(I mean, deep, real effort)? - Maybe.

Not motivation — that never ran out.

But I think the biggest flaw in my workflow is my methodology and the way I approach contests.

I’ve tried everything: checklists, mind maps, diagrams, AI workflows, feedback loops, copying methodologies from top auditors — nothing feels like mine. Nothing sticks in a way that feels natural or repeatable.

I see people who started after me getting private work, getting first places, getting traction. And while I’m genuinely happy for them, it hurts — because I know how hard I’ve been working, but I’m not breaking through.

Why I’m Asking for Mentorship

I’m not here to be spoon-fed.

I’m not looking for shortcuts.

I’m here because I think I’ve reached the limits of what I can figure out alone.

I’m all-in on this. I’ve proven that to myself already.

What I need now is help finding the way forward — the methodology, the mindset, the polish — so I can stop spinning my wheels and start leveling up for real.

It's 0xSimao again!

Goals

Since 0xfirefist has already achieved 4 figures, I believe with a decent to good contest landscape, getting to 5 figures is realistic. I think the foundations are mostly there, but will need some time to understand what's missing. Anyway, the path forward is just hopping on contests and spot what 0xfirefist is doing wrong, and what is missing!

Timeline

1 December 2025 - 1 March 2025

The Series

We will both be sharing throughout this adventure resources, what we found out 0xfirefist is doing wrong and milistones such as contest results!

Subscribe
Previous
Next
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save