Farhaan

Excited to finally be a member 🧡

This is a must read for all developers building and securing smart contracts, great contribution to the space @0xasp_ !

"Vibe coded contract gets hacked" sounds good for a headline but as @moo9000 points out, the issue is easy for both humans and AI to miss without digging deeper reminds me of the infamous Nomad PR that introduced the bug that got the bridge hacked the PR lived at a higher level of abstraction, which makes the issue hard to catch in human or AI review (unless you’re explicitly hunting for it). it also lacked key integration context, just like the Nomad PR this is a process failure, not an AI/human failure: missing checks like forked integration tests that query all oracles and verify on-chain state designing the security process—deciding which checks and defenses each change or upgrade needs—is still a human job AI is just a tool, and like human-written code it needs review in critical systems use AI, but don’t assume it won’t make mistakes. build defenses that catch both human and AI error

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

Expect this one to be good, top project payout means multiple audits and reviews and still had a critical What are the implications? most projects need guard rails and design in a way to expect bugs to be present current design is not fault tolerant on this space

2025 Performance, Blue Chip DeFi + Majors: SYRUP: +64% SKY: -3% BTC: -4% ETH: -7% HYPE: -7% AAVE: -51% UNI: -54% Interested to see where this list ends up next year, and congrats to Syrup as the #1 for 2025

syrupUSDT is now live on @Aave Mainnet. Say hello to the Forever Loop.

My main takeaway from the recent rounding hacks is that every incorrect rounding needs to be considered a bug Most of them are not exploitable, or not even vulnerabilities, but they are still bugs Think of it as: bug → vulnerability → exploit. Every exploit starts from a vulnerability, and every vulnerability starts from a bug. Exploitability of rounding is often tricky because it depends on the system’s conditions, which will evolve The relation between bugs and exploitability is more common in web2, but we don’t see it as often in web3 The nuance means that: - If you develop a protocol, you need to be explicit about every rounding decision (cover all bugs) - If you do a code review, you need to flag every incorrect rounding that can have a security impact (cover all vulnerabilities) - If you do a bug bounty or contest, you need to focus on exploitable rounding (cover all exploits) For code reviews: flagging every rounding doesn’t mean creating 100 issues; you can create one issue listing similar risks. But you do need to raise awareness of the risks For bug bounties/contests: I wouldn’t be surprised to see future exploits that combine multiple rounding or other vulnerabilities (as we often see in web2). It’s something to keep in mind

Another revenue ATH: $2.159M in October and counting. Maple has achieved its year-end revenue and AUM targets with two months to spare and we're not slowing down.

Maple has reached $5B in AUM.

syrupUSDT by @maplefinance is live on the Aave @plasma market. The $150 million supply cap was reached in minutes. Higher.

Pending governance approval, two @maplefinance assets (syrupUSDT and syrupUSDC) will soon be onboarded to Aave. This introduces new institutional-grade collateral, backed by a consistent and trusted yield, to borrowers.

Maple 🤝 Aave

On October 10th, crypto saw over $19B in liquidations. Maple recorded zero losses, zero liquidations, and uninterrupted performance across all products.

@usmannk @PlasmaFDN Congrats man!

Personal announcement: I’m joining @PlasmaFDN as Head of Protocol Security. Stablecoins are the future of money. Anyone with an internet connection can use them. If stablecoins are going to form the foundation of a thriving economy, we have a lot of work to do to make sure people can use them safely and securely. Crypto has often felt like the wild west. That energy helped early builders. But now we are at the stage where eyes are on us to do things right. Security must be prioritized more than ever to bring billions of people and trillions of dollars onchain. I view security as a layered puzzle across people, infrastructure, and process. Each level is critical to reliable operations. In crypto, mistakes are measured directly in dollars and often come from customer funds. That makes security incidents existential. Traditional banking faces similar risks, but centralization and permissioned environments make clawbacks possible. In an open, permissionless financial system we don’t have that privilege. I am joining Plasma to help ensure these transparent, efficient payment rails are secure and can scale safely to bring the world onchain. Trillions.

Awesome work by the whole team, super proud of the smart contracts we’ve build here at Maple from both old and new contributors a major milestone having a contract hold more then $1B in value 🎉

Maple surpasses $9 billion in loans originated. The largest onchain asset manager continues to scale institutional lending with overcollateralized loans to accredited crypto-native firms. Market-leading capital efficiency and institutional-grade security, on Maple.

The plan has always been to bring institutional quality products and yield to the DeFi ecosystem. The integration experience just got a major upgrade enabling protocols, chains and anyone else to directly plug into and build on top of @maplefinance and $syrupUSD - this is onchain asset management.

Working inside Solidity taught me something counterintuitive about building successful products. Solidity has around 90% market share for smart contracts, effectively a monopoly. This puzzles people. How did a language modeled after JavaScript, often considered "inferior" to Rust or Haskell, become so dominant? It made no sense. I quickly learned that programming language experts, especially those on crypto Twitter, have different needs than real users. Example 1: The experts kept telling us that 'modifiers' were bad design and should be removed. We almost considered it. Then we ran our annual developer survey. Modifiers were rated the #1 most loved feature in Solidity! Shocking! Example 2: In version 0.8.0, we prevented arithmetic overflows by default. This change upset many experts, who claimed it was a bad idea. However, when I went to conferences, developers would walk up to me to say it was the best release ever, that they could finally stop worrying about arithmetic overflows and were genuinely grateful for the feature. The more opinionated the experts were, the further they were from real user needs. They can't be blamed. They weren't in the trenches with real users. Their view of an ideal user is really just themselves. One more thing Solidity did well is attracting people who might not have seen themselves as developers. Hayden had only used MATLAB and JavaScript before building Uniswap in Solidity. Today, Uniswap sometimes surpasses Nasdaq in daily trading volumes! This would never have happened if Solidity had been designed after Rust. This was an eye-opening realization for me that more crypto founders should study. Crypto has always been ignored by top traditional developers. I've had web2 friends challenge the legitimacy of the industry when they learned what I did. Solidity's accidental genius created a whole new group of developers in this new world. Hayden is one example. There are so many more. I meet people regularly whose first real programming language was Solidity. They have had life-changing experiences after that. And they do not fit the profile of a traditional developer. You need to internalize this if you're building a crypto platform that requires developers, creators, or founders to be onboard. You're better off cultivating talent from within rather than trying to onboard from outside the crypto space. This is why many failed at streaming x tokens. The Twitch streamers didn't care, and if you wanted to win, you had to cultivate talent organically from within. If I could give one advice, if you're young, join a winning team. Nothing teaches you more about winning than studying how winning teams win. You'll never be able to guess why from the outside.