Usman

I'm extremely proud and excited to share that I'm now officially SSCD+ certified by @CyfrinUpdraft Thank you @PatrickAlphaC and @CiaraNightingal for making this possible, you are the best teachers ever. #SSCD+ #CyfrinUpdraftCertified #rETHdev

Security isn't just about finding bugs in other people's code. It starts with your own habits. Take the pledge. Use the keystore. Protect your keys like the smart contract dev you are. Like and comment if you have already taken the pledge, and if you haven't, go take it now and tell us you did 👇

Cyfrin has made this pledge mintable on-chain as a soulbound NFT. Soulbound = non-transferable. It's tied to your wallet permanently, proof that YOU committed to safe key management. 👉 Go mint yours at: envpledge.eth.limo It's a small act. But it signals to every team you work with that you take security seriously from line 1.

What is that PLEDGE that Patrick keeps talking about and won't stop?? If you've gone through @CyfrinUpdraft Solidity course, you've seen it. Let me break it down and explain why every Solidity dev needs to take it seriously. 🧵

🚨Only days after Coruna, one of the first large-scale iOS exploit kits, DarkSword is already being exploited in the wild. Coruna showed the pattern: state-grade iOS exploits don’t stay in government hands. They leak, spread, and end up in broader ecosystems. One visit to a compromised site, and your phone, including your crypto, is gone. DarkSword confirms it. - Another state-grade exploit chain. - Already reused by multiple actors. - Already deployed at scale via watering-hole attacks. - Targets so far: Ukraine, Saudi Arabia, Turkey, Malaysia. - Victim model: anyone who visits a compromised but legitimate website. ⚠️No click. No warning. Full device compromise. Data exfiltration. Real-time surveillance. Total loss of control. Affected: iOS 18.4 → 18.7. This used to be rare. Targeted. Surgical. Now it’s industrialized. 👉Two major iOS exploit chains in less than a week isn’t noise, it’s a shift. From now, you should assume your phone is compromised, Stop treating it like a safe. x.com/P3b7_/status/2…

Safe is growing, and we’re hiring an Account Executive based in New York. Does this sound like you or someone you know? safe-labs.jobs.personio.com/job/2551399?la…

@CiaraNightingal Dope look ✌️

Hot girl walk and a new coat ✌️

This whole "stay up to date with AI advances/tools" is a load of engagement-farming nonsense to me (as an AI believer). Thought experiment: you go head-to-head with an experienced lawyer who is semi-decent at using AI himself. You are an AI pro but know nothing about practicing law. Who is going to win in a head-to-head court case? Not you. Thought experiment: you and an experienced contractor are tasked with building the same apartment building. You are an AI pro and the experience contractor is semi-decent at AI. Who will get the house done faster and cheaper? Not you. I think you get the point. The number one driver of success with AI is not "AI Skills" but domain expertise. A lot of software engineers nowadays got into a panic after they experienced coding with Opus 4.5. Think about it -- engineers who are good at code but not necessarily AI suddenly 10x-ed overnight. They think "this software is so powerful, now I'm useless." But this fear is misplaced -- *you* are the one who became powerful -- the tool wasn't the powerful one. Can a non-techie build an app on their own now? Yes. But could they build a *better* app than an experienced software engineer who is also using AI tools? That's extremely doubtful, especially as the code turns into slow spaghetti. Think about the Iron Man (Tony Stark) character. Without the suit, he doesn't stand a chance against the enemies he normally fights. But if someone other than Tony Stark wears the Iron Man suit, they aren't as effective as Tony Stark wearing the suit. People think "learning how to use AI" is like "learning how to operate an Iron Man suit" which is wrong. No, what makes Iron Man Iron Man is his rapid tactical thinking, fearless risk taking, and advanced engineering chops. These are not "Iron Man Skills" but rather "Tony Stark Skills." In his own words "If you're nothing without the suit, then you're nothing at all" applies to AI. If you're nothing without AI, then you are nothing with AI. The number #1 skill to for AI is domain knowledge. There is no substitute for lessons learned from getting figuratively punched in the face in the real world as you deal with real world problems. Only by actually working with subcontractors can you get a 6th sense for when projects will get delayed. Only by regularly talking to vendors can you start getting a sense that certain materials will not be available in time. AI cannot shortcut this process and generally cannot anticipate issues like this. The #2 skill is clear communication. I'd say if your communication skills are top notch and you compete with a domain expert whose communications skills suck, you might actually stand a chance against him if both of you use AI. AI can only do what you tell it to. If you can't articulate your complex goals as actionable steps, AI can't help you. Finally, #3 is the actual AI skills. Stuff like how to set up agents, prevent context from rotting, planning before acting, knowing what tools to use, managing knowledge cutoff dates, benchmarking, etc. That stuff is not hard to learn. But learning those skills without domain expertise will not help you compete against a domain expert. Some people post things like "look! I had AI run my ads and I made $50,000 in 30 days." Buddy, $50,000 is chump change. That's not enough to hire a domain expert. What you really discovered is "competing in a niche that AI unlocked for you." Once you get into the bigger leagues, good luck going head to head in ad campaigns against someone who knows what they are doing (and using AI). Same thing applies to these mostly fake posts about using AI to make profit on Polymarket. Polymarket doesn't do enough volume to get the attention of serious quant firms and there enough degenerate gamblers distorting prices to make easy profits. Again, AI isn't giving you superpowers here, you just aren't competing against that many domain experts. Try vibecoding a trading bot for US treasury interest rates (one of the most competitive financial markets out there) and let me know how that goes. What AI did is help non-techies gain "baseline competence" in a field they aren't trained in. They make a huge leap from incompetent to semi-competent. Then they think that they can extrapolate the curve -- they'll be even better in that domain if they study AI as opposed to the domain itself. That's not how it works. You can't extrapolate small-scale wins with AI when you have no competition to a larger scale. What really happened is that AI unlocked value that was previously too costly to unlock, which is great! But "learning how to use AI" can only get you relatively small wins like that. So yes. If you are a domain expert, you'd be crazy to not use/learn AI. But you'd be even crazier to try to do competitive domain specific work beyond a small scale without domain specific expertise.

Six ABI encoding functions in Solidity. Most devs use two. The wrong choice has drained real protocols. This breakdown is worth bookmarking. The abi.encodePacked collision problem alone has caused multiple audit findings across production contracts. What makes these bugs dangerous is that the code compiles fine and passes unit tests. The encoding mismatch only surfaces under specific input combinations that fuzz testing or static analysis would catch. Wake's vulnerability detectors flag several of these patterns in real time inside VS Code, built from findings across 200+ professional audits. If ABI encoding hygiene matters to a codebase, automated detection beats relying on memory alone.

Looking for a Chainlink-native smart contract developer with a security-first approach? Get in touch! contractlevel.com

@thegreatfeez Glad It helped you learn something new.

@0xusmanf Nice thread, i was only familiar with Packed, withSelector and withSignature. But i’ve only used encodePacked

Most Solidity devs know 2 or 3 ABI encoding functions. There are actually 6. And using the wrong one has caused real exploits. Let me break down all 6 using real working examples. 🧵

@SALAAR_1717 100%

@dev_lawal Glad you got to learn something new.

@0xusmanf Didn't know about abi.encodeCall before. Thank for the info