web3-hunt-zksync-era
LIVE HUNT: ZKsync Era (Immunefi) — COMPLETED, 0 FINDINGS
Outcome: 0 submittable findings after 5+ sessions, 22+ agents, 25+ contracts, 25+ attack vectors Lesson: This file exists as a DEFENSE STUDY — what a hardened protocol looks like, and when to stop hunting.
TARGET PROFILE
| Field | Value |
|---|---|
| Protocol | ZKsync Era (L2 rollup) |
| Platform | Immunefi |
| TVL | $322M (L2BEAT Total Value Secured) |
| Bounty | $100K minimum Critical, $1.1M max |
| Codebase | 750K LOC (Solidity + Rust + Yul) |
| Audits | OpenZeppelin V29 (June 2025), multiple prior audits |
| Version | Protocol V29.4 |
| Repo | github.com/matter-labs/era-contracts |
More from shuvonsec/web3-bug-bounty-hunting-ai-skills
web3-triage-report
Bug triage validation system, Immunefi report format, and 20 real paid bounty examples dissected. Use this when validating a finding before submitting, writing an Immunefi report, checking if a bug is actually valid, or studying real examples of paid vulnerabilities.
4web3-poc-foundry
Complete Foundry PoC writing guide + all cheatcodes + DeFiHackLabs reproduction patterns. Use this when building a proof of concept exploit, setting up a fork test, using Foundry cheatcodes, or reproducing a known DeFi hack for learning.
3web3-ai-tools
AI-powered tools for Web3 bug bounty automation. Use when you want to automate recon, run autonomous audits, or use AI agents for vulnerability discovery.
3web3-start-here
Master index for the web3 smart contract security knowledge base. Use this to navigate the skill chain. Read files in order — each ends with NEXT.
3web3-bug-classes
Complete reference for all 10 DeFi smart contract bug classes. Use this when hunting for specific vulnerability types, need attack patterns for accounting desync, access control, incomplete path, off-by-one, oracle manipulation, ERC4626 vaults, reentrancy, flash loans, signature replay, or proxy/upgrade bugs.
3web3-solidity-audit-mcp
MCP server integrating Slither + Aderyn + SWC patterns into Claude Code for smart contract auditing. Use when analyzing Solidity files, running DeFi-specific detectors, or generating invariants. 10 MCP tools, 86 SWC detectors, DeFi preset pack, CI/CD workflow.
3