sorryNotsorry

Someone posted that if you can't memorize the whole codebase, the audit isn’t over. Since then, I’ve had no inner peace.

@Wasiutynski @dualguardaudits

@0xvangrim_ Which contest platform is the best and most honest for auditors?

I guess this is now the new reality of contests.

@Haxatron1 I think it's already there 😂

Who is going to be building the first AI contest platform exclusively for AI agents with judging done by another AI agent?

@JJS_OnChain Strange syntax tbh, but it's fluent once you have more familiarity. pitfalls are harder or edge cases. Yeah you love it once you feel the taste, lol

@0xSorryNotSorry Awesome ser! I would love to learn more so I would love to see some posts! I might be the only one though haha...

Auditing Canton / DAML feels like moving from find the broken math to find the broken authority model. And hey, is that contract archieved?

@JJS_OnChain It's like 1 month now since I started learning and digesting it.

@0xSorryNotSorry YOO just today I started diving into Canton how funny. How long have you been auditing DAML?

@ryzerth What a shameless woke mf I hated every line that I read

Someone wants me to rename the Microkernel I wrote when I was a kid... Brother, I don't give a shit AIs see my decade old project more than your slop, you should have checked that before naming your shit. I'm not changing history because of your naming incompetence.

Seize the day

@p_misirov You're one step close to oil brokerage. Can literally make millions by selling those to oil banks.

i was trading the oil market on Hyperliquid over the weekend when the iran war started since i knew energy markets would go bananas on monday and that was the only way to get price action exposure. there are currently four HIP-3 builder-deployed perpetual futures markets. 1) xyz:CL by @tradexyz tracking CME WTI futures with @PythNetwork oracle 2) flx:CL by @felixprotocol tracking WTI spot + CFD with @redstone_defi oracle 3) km:USOIL by @markets_xyz tracking USO ETF with @KaikoData oracle 4) xyz:BRENTOIL by @tradexyz tracking CME Brent futures with @PythNetwork although they may look the same, each of these instruments is subject to different market dynamics and pricing. - WTI (West Texas Intermediate) is directly influenced by US market dynamics and domestic inventory. less impact on global events. - Brent oil reflects international supply and demand and pricing is standard for exports from the middle east, africa and europe. usually trades at a premium to WTI. if you are trading macro, you trade this. - USO ETF is what you expect, an exchanged traded fund tracking WTI but trading at a higher price because of the 2020 crash drama which required the fund manager to merge shares to avoid delisting. - WTI spot CFD same as WTI with extra price aggregation steps. it is great that we have on-chain 24/7 perpetual future markets but you must know this before trading them: PS @Bloomberg don't forget to mention this next time! a) markets are open 24/7 but on weekends the oracle slows down because CME is closed. price action is driven by speculative flow on thin books. for example, km:USOIL spiked to $97 while CME opened monday at $72. if you enter at an inflated weekend price, you bleed funding the entire time, and when the oracle wakes up monday you are underwater on entry and on carry. b) all contracts are labeled "oil" but none says what price is the oracle tracking. DYOR (Do Your Own Research). c) OI and volume are not indicative of liquidity or organic activity. order books are mostly market maker price walls that reprice with the oracle and not real two-sided flow from traders with opposing views. on some contracts ~$5k can move price by 1%. be smart with execution or you will enter the trade already losing money. d) if everyone goes long, funding rates increase. you may be directionally correct but the longer you stay in the trade the more funding you will bleed so plan accordingly. also, two contracts can track the same price of oil but charge you different funding rates. one might cost you 81% annualized while another might pay you. same bet, different venue, different cost. always compare before you enter. happy trading!

Here is our new apocalypse monitoring site: josephkearney.co.uk/bitcoin-quantu…

@VittoStack it's all good, thank you for the response. I was just wondering why it's limited to a group only, got the reasoning behind it

@0xSorryNotSorry Because this is specifically a PhD fellowship program, separate from the grants. Not sure if I'm understanding your question correctly

The Ethereum Foundation just opened applications for its 2026 PhD Fellowships. There are 3 areas core to our dAI vision where we're seeking research contributions: - AI-powered protocol security researcher - Agentic Negotiation - Agentic Economy Come research with us. Apply below 👇

@VittoStack esp.ethereum.foundation/rounds/phdfp26

@0xSorryNotSorry What do you mean "why only phd students"?

@hrkrshnn Time to have a subbrand as CantinAi

OpenClaw agents can run system commands, call APIs, sign txs, and so much more - but there’s no native policy or visibility layer. So we built something we needed ourselves: action logging, rule setting, pre-execution checks - all open source. If you’re using OpenClaw, you need this.

@veritas_web3 Thank you for the offer but I was using it for development not for web3sec

@0xSorryNotSorry You might wanna try ours for 20% discount with the code COUPON20

Cancelling my OpenAI subscription. Thank you Antrophic

A must read!! Your brain fog will disperse instantly

@0xfrsmln @grok @grok since you're roasted by @0xfrsmln for not fulfilling ethics and ignoring us, you need to grant free tokens for your latest model to @0xfrsmln , else we agreed to cancel our subscription

@0xSorryNotSorry @grok @grok we paid for blue checkmark so answer now or I’ll unsubscribe

@grok What's the Aave drama going on rn?

Since this rant is a roller-coaster of topics, I will divide it into four sections. 1-) How do the best bug bounty hunters deal with problematic project teams? Spoiler: they are mortals like us and can't magically fix anything. I think that by listening/chatting with the best bug bounty hunters, I've understood their strategy: Just keep hunting. From the start, they choose the target mindfully. Hunt on bigger targets (in terms of TVL and bounty size, read this amazing article by @WhiteHatMage on this: whitehatmage.github.io/posts/bug-hunt…) but even then they don't assume that the process will go smoothly, and they focus on finding new vulnerabilities on a different target while their existing reports are being (not) resolved. They try to create as many opportunities as possible so that some bad faith actors won't totally stall them. However, this doesn't mean they don't care about unresolved reports. On the contrary, they behave very professionally in messaging channels and do not let go of a project that tries to avoid paying. This is their full-time job, and they want to get paid. 2-) Why this sucks? Unfortunately, the above situation shows how inclined we are to create more black-hats than white-hats, because there are only two scenarios that can create the incredible level of devotion I mentioned above: * You received one large payout, and because of that, no matter how many bad experiences you have, your belief that another large payout will come never fades. * You have an incredibly strong attraction to feeling like a hero and doing what is ethically right. Note: Many people do bug hunting *occasionally* (like myself), and the situation is completely different for that case. These two scenarios are related to creating devoted full-time bug bounty hunters. If we don't have established standards and legal enforcement (aka incentives), we will remain limited to creating only a ridiculously small number of consistent elite bug bounty hunters. We shouldn't wait for every project to get hacked in order for them to get incentivized to allocate more resources to security. 3-) Market actual security, not your newest product. Because products/services will change over time -- sometimes it will be AI, sometimes audit competitions -- but the need for security will never disappear. What we need to show project teams is not just which fancy tool to use to achieve security, but that they genuinely need a “security-first” mindset. Security is not achieved through a single best product, but rather by getting various services. Instead of only launching a large bug bounty or only paying for one expensive audit, distributing the budget across both of these will produce a much better outcome. It feels like, instead of sharing the pie wisely, we are allowing most of it to be captured by the newest trend. Nothing done with a “let's not miss the boat” mentality is truly innovation. There will be some successful products/services, but most of them will be forgotten, sunset, or be forced to evolve. 4-) Not all founders have been reading @RektHQ for years like we do Maybe you don't think much about it, but it is also important to realize that not all project teams have the same level of maturity. They just don't really think they need to allocate much to security. We need to teach some VCs that security is an actual thing and not a fucking marketing tool. You wouldn't believe how often I've heard bug bounty hunters say about major projects that “X project's codebase is terrible / is a mess.” Do you think the developers, founders, and VCs of those projects are even aware that this is the case?

@tednotlasso It has multiple dependencies in npm packages and might fall into it's death if any of them is doomed. It's not a collaborative environment as a Blockchain so the end users are alone

hoping someone more technical can help with insights here: x402 is, no doubt, an incredible new payment primitive it was developed by Coinbase - crypto experts but not really payments experts, right? so is there anything missing from it that a payments expert would've built?