Dewy

56 posts

Dewy

Dewy

@0xdewy_

Breaking and fixing smart contracts since 2017. smart contracts | security | machine learning Prev: @EnsoBuild, @NexusMutual, @AMINABankGlobal

Katılım Şubat 2019
784 Takip Edilen119 Takipçiler
Dewy retweetledi
Bloom
Bloom@bloom_directory·
Bloom’s vision lines up very closely with the direction @VitalikButerin is describing. In the agentic-era, the bottleneck shifts from code generation to verification, trust, and coordination.
vitalik.eth@VitalikButerin

Many people have claimed that with AI-assisted bug finding, secure code (and hence trustless anything) will be impossible. I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why: vitalik.eth.limo/general/2026/0…

English
1
4
9
401
Dewy
Dewy@0xdewy_·
This is the blooming of a new internet. A new application of the great ideas to come out of Bell Labs in 1973. arxiv.org/html/2601.1167…
English
0
0
1
49
Dewy
Dewy@0xdewy_·
This is what kills the current web. Not a better search engine. Not a smarter chatbot. A filesystem. The same abstraction that won on every computer for 50 years, applied to the whole internet.
English
1
0
1
37
Dewy
Dewy@0xdewy_·
It uses 3 different neural networks to detect prompt injections. Can download from pip and run on directories/git-repos/etc. github.com/0xdewy/prompts…
English
0
0
0
24
Dewy
Dewy@0xdewy_·
I'm handing out condoms to everyone raw dogging agents on your laptops. scan.sophastra.com
English
1
0
1
26
Dewy
Dewy@0xdewy_·
we are in it for the tech.... the tech: function printMoney() public onlyOwner { mint(msg.sender, 1e99); }
English
0
0
0
25
Jeroen
Jeroen@offerijns·
We just announced the Onchain Portfolio Manager: an onchain VM-based smart contract system for executing investment strategies across chains, with * ERC-6909 accounting tokens for onchain accounting async and bridging flows * Slippage, approval and circuit breaker guards * Dedicated UI for allocating to any asset on any chain Take the leading multi-chain tokenization & vaults infrastructure, and add integrations for any asset on any chain, with security standards that institutions expect. That's Centrifuge v3.2.
Centrifuge@centrifuge

Centrifuge v3.2 introduces the Onchain Portfolio Manager. An onchain execution engine for managers running multi-asset portfolio vaults across real-world assets and DeFi. Multi-step operations like swaps, bridging, deposits, and leveraged looping, all executed as single transactions. Unified NAV accounting across every position, including assets in transit between chains. v3.1 gave builders onchain automated accounting, modular infrastructure, and multichain distribution across 10 chains. v3.2 completes the stack with active portfolio management. Centrifuge now covers the full lifecycle of institutional assets: issuance, pricing, distribution, and operations across any of 10 supported chains. One set of audited rails, already securing over $1.9B in onchain capital.

English
11
8
68
15.9K
Dewy
Dewy@0xdewy_·
I made a Multicall contact that has basic scripting abilities. You can use return data from one call for subsequent calls with almost no extra gas costs. It uses around 50% less gas than weiroll. github.com/0xdewy/multica…
English
0
0
2
51
Dewy
Dewy@0xdewy_·
If you want to match abi.decode() you need to manually read the offset and then read 64 bytes ahead to get the 3rd variable.
Dewy tweet media
English
0
0
0
37
Dewy
Dewy@0xdewy_·
I think a good rule of thumb is to not mix abi.decode() with any offset assumptions. The assumption wasn't wrong, but the inconstancy provided room for manipulation.
Dewy tweet mediaDewy tweet media
Defimon Alerts@DefimonAlerts

🚨 V4 Swap Router by z0r0z - Loss $42.6K (2026-03-03) Type: ABI Encoding / Authorization Bypass The swap(bytes,uint256) function in UniswapV4Router04 uses inline assembly with a hardcoded calldata offset (calldataload(164)) to verify that the payer in the swap data equals msg.sender. This assumes standard ABI encoding where the bytes parameter offset is always 0x40. An attacker crafted non-standard (but valid) ABI-encoded calldata with the bytes offset set to 0xc0, placing their own address at position 164 to pass the authorization check, while the actual decoded bytes data contained the victim's address as the payer. This allowed the attacker to drain 42,607 USDC from a victim wallet (an EIP-7702 delegated EOA) that had approved the router, swapping it for 21.2 ETH via Uniswap V4's ETH/USDC pool. TX: etherscan.io/tx/0xfe34c4bee… Victim: etherscan.io/address/0x65A8… Router: etherscan.io/address/0x0000… We have reached out to @z0r0zzz, but the contract is not upgradeable and cannot be paused. Revoke approvals to UniswapV4Router04!

English
1
0
2
79
Dewy
Dewy@0xdewy_·
The next thing you do, will be the next thing you improve, and the next year of your life, you will have grown, in the measure of the things you did.
English
0
0
0
50
Dewy
Dewy@0xdewy_·
People are more comfortable gambling on games than investments into themselves.
English
0
0
1
34

Keşfet

@VitalikButerin @gregthegreek @MilosCostantini @DeanEigenmann @centrifuge @EnsoBuild @makinafi @offerijns