Kaushik Swaminathan

🚨 V4 Swap Router by z0r0z - Loss $42.6K (2026-03-03) Type: ABI Encoding / Authorization Bypass The swap(bytes,uint256) function in UniswapV4Router04 uses inline assembly with a hardcoded calldata offset (calldataload(164)) to verify that the payer in the swap data equals msg.sender. This assumes standard ABI encoding where the bytes parameter offset is always 0x40. An attacker crafted non-standard (but valid) ABI-encoded calldata with the bytes offset set to 0xc0, placing their own address at position 164 to pass the authorization check, while the actual decoded bytes data contained the victim's address as the payer. This allowed the attacker to drain 42,607 USDC from a victim wallet (an EIP-7702 delegated EOA) that had approved the router, swapping it for 21.2 ETH via Uniswap V4's ETH/USDC pool. TX: etherscan.io/tx/0xfe34c4bee… Victim: etherscan.io/address/0x65A8… Router: etherscan.io/address/0x0000… We have reached out to @z0r0zzz, but the contract is not upgradeable and cannot be paused. Revoke approvals to UniswapV4Router04!

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

Molly Mielke McCarthy is on a quest to find exceptional people before the world catches on. I talked to @mollyfmielke about the art of "peopling", playing your own game, vocation, and why great founders are often the least legible. Today, she runs @mothfund, where she backs founders at the beginning. In the past, she's worked across design, product, and editorial at @figma, @NotionHQ, @stripepress, @browsercompany, and scouted for @sequoia. Her background in film and design echoes in the people she backs and in the quality of her curation and writing. Molly is people-centric yet fiercely individual, intuitive yet pragmatic, and truth-seeking yet full of care. We discuss: - Why it takes 3 months for her to know someone well enough to invest - Why authenticity is magnetic - The difference between agency and ambition - Why commerciality is a lens you can learn - Illegibility as private confidence, not public uncertainty - How your brand is a bell in other people's heads - Vocation as "stalking your calling" and then yielding to it - Why we should focus on doing something rather than being someone Timestamps: 0:00 - Opening Highlights 1:29 - Intro to Molly 3:36 - Thanks to Notion 5:14 - Start: People, Spikeyness, and Discernment 21:36 - Agency and Ambition 34:45 - Commerciality 49:19 - Investing, Feedback Loops, and Creating a Bat Signal 59:46 - Coaching and Working with Young People 1:06:54 - Self-Knowledge, Uncertainty, "Should," Others' Acceptance, Motivations 1:16:38 - Illegibility & Legibility, Principles, Authentic Service 1:29:28 - Friends, Seeing in the Third Person, Femininity in a Masculine World, Love 1:42:07 - Grab Bag: Art, Catholicism, Gratitude, Beauty @DialecticPod Ep. 38: Molly Mielke McCarthy - The Art of Peopling - is out now, below and on all platforms.

@claudeai Impressive. Very nice. Now do this, but for smart contracts