Mimir Solutions

@BowTiedPickle @BowTiedDevil No memory based exploits.

@BowTiedDevil It Just Works While the EVM has its share of quirks it's really pretty straightforward to understand. Nothing extremely esoteric. I look forward to further implementations like zkEVMs as well

Cleaning up a contract rn, AMA for an hour or so while I curse at unit test suites and format natspec. No, I don't have any inside scoops on SBF/FTX sorry to disappoint lol

@BowTiedDevil @BowTiedPickle It makes most of the backend infrastructure of traditional designs irrelevant. We can all securely share the same DB.

@BowTiedPickle Why is EVM the best VM?

@blainemalone @OpenZeppelin @mudgen Care to tell them the wonders of your standard?

(4/4) To get a deeper understanding, I’d encourage you to play around with @OpenZeppelin’s proxy contracts on their GitHub. As always, if you like this content, drop me a follow.

(1/4) Upgradable Smart Contracts. Smart contracts are immutable, right? 📝 Yes they are. But they can be upgraded. 🏚 -> 🏡

@devtooligan Kind of irrelevant, since self-destruct doesn't work anymore. But even when it did, it wouldn't have to iterate to clear all the slots. Just dumb the state for that address.

1) He mentioned that clearing the storage is an unbounded operation which is problematic. Is there a limit to how much storage can be cleared? What if, for example, 1e20 slots held values and selfdestruct was called on that contract? Would something break? 2/3

Recently, @alexberegszaszi gave an amazing presentation on EVM to @SpearbitDAO during which he mentioned some problems with the `selfdestruct` opcode that I have a couple questions on. 1/3

@blainemalone @PatrickAlphaC Diamond dev community discord.gg/3vBz4KC6

(1/6) Proxy contracts are used all the time in @solidity_lang for many different reasons. In this post I explain the concept of ‘storage collisions’ and how to avoid them when it comes to proxy contracts. May your storage be collision resistant from this day forth 💥 🧼 🧽

@devtooligan @pcaversaccio @0xArbiter @optimizoor No, Solidity arrays are just mappings with consecutive integers as keys. Have you ever programmed before?

@pcaversaccio @0xArbiter @optimizoor thank you!! i never read the docs on `delete` before. in fact, i don't know if i've ever even used delete before at all. seems handy for deleting arrays (as long as they don't contain mappings!)

IT DOES NOT WORK AS EXPECTED GUYS! holy sh&%, i dug deeper on this and found something pretty messed up. IF YOU DELETE A STRUCT CONTAINING A MAPPING, THE MAPPING DOES NOT GET DELETED!!! 1/5

@devtooligan I wouldn't expect the EVM to delete all 2^256-1 possible records. Expecting that would be stupid. The only way you'd expect it to delete that much potential data is if you don't actually understand how computers work.

now enable a token and set a balance for someone. now what would you expect to happen if you do a `delete tokens[tkn]` ?? 🤔 me, i would expect all the token data to be deleted 4/5

@devtooligan Are you new? Do you understand how computers and math work?

@MatthijsDeVries As for how to handle code releases from the core team, it's a tough problem. Deploy packages, not protocols. The users compose protocols from the packages. We're completing a framework for on-chain packages to secure the supply chain.

@MatthijsDeVries Thanks for the measured reply. To clarify, my issue is upgradable logic in public code, like DEX pools. It violates self-sovereignty. Upgrades should be handled with migrations, or wrapping. Democracy is a compromise, not a goal. Not appropriate for changing policy(code).

The smart contracts of @allianceblock 's #DataTunnel are built according to the EIP-2535 standard, also known as the Diamond Standard. The Diamond Standard was proposed by @mudgen to allow for upgradability and work with larger contract sizes. 1/4

@MatthijsDeVries The fact that publicly available code should be immutable is obvious. There's simply no way for a governance process to upgrade code safely. It defeats the entire point of smart contacts. I'm stunned you even consider this acceptable, let alone desirable.

@MimirSolutions I love the compelling arguments you provided.

@MatthijsDeVries This is a terrible idea.

New facets will ultimately be proposed through a DAO so that the source code of new functionality can be openly studied and approved before it's added to the diamond. This way no unwanted upgrades that can hurt the ecosystem will make their way to the #DataTunnel. 4/4

@banteg Is not defi if you can turn it off.

nice to see such system go live, this idea has been discussed in security circles for a while. it’s not a panacea though, since most hacks bypass the mempool and give you no time to react.

@scupytrooples So close. But you fell for the con. Libertarian left can't exist. Leftism is entirely based on totalitarian control. You're thinking of anarchism. Left wants to take control. Anarchism wants to remove control.

@foldfinance @pcaversaccio Wait till you see the whitepaper.

@MimirSolutions @pcaversaccio My man

1/ As I reviewed the new transfer & accept ownership contract of OZ this morning I realised that there is a potential interesting attack vector if you don't treat it carefully. To be clear, OZ contracts are safe and not affected by this vector.

@pcaversaccio Contact security really comes down to Verifiable Storage Control and a chain of custody for who's had that control.

@pcaversaccio Don't use an ownable design for anything public in the first place. Don't deploy redundant code to avoid introducing errors. Immutable code needs an immutable supply chain.

@0xfbifemboy Process as punishment.