llill

« They are vectors for stealing funds beyond the smart contract. » @AliceAndB0b for Rekt Security Summit.

Aave V4 has one of the strongest security frameworks in Web3. They didn’t achieve this goal merely by increasing the number of audits. They did it by prioritizing security as the foundational stage of development. Here’s how @aave and Certora teamed up to put security first👇

Tomorrow in Cannes. Three @Certora security researchers. Three panels. AI in the exploit pipeline, blind faith in blockchain infrastructure, and the architecture of stablecoin failures. Lilian Cariou · @philbugcatcher · @0xFlint_

Cannes is better with friends. We're joining @aave's DeFi Day on March 30th at the Palais des Festivals. Talks around DeFi, RWAs and stablecoins with the leading voices in the space. See you there 👇

Read our new proposals and how we are planning Balancer's Next Era! 🙏

2/ AI is reshaping the exploit economy. The question isn't whether LLMs can find vulnerabilities. It's whether they find them before the attacker does. Riptide (@therealgregoAI) · Lilian Cariou (@Certora ) · @MitchellAmador (@immunefi) Mod: Vitto Rivabella (ETH Foundation)

0/ The Ethereum Foundation continues to explore DeFi as part of its treasury strategy. In Oct 2025, EF deployed 2,400 ETH + ~$6M in stablecoins into @Morpho Vaults V1. x.com/ethereumfndn/s… Today: another 3,400 ETH into Morpho, where 1,000 ETH in Morpho Vaults V2. Why Morpho? 👇

@tomer_ganor find less bugs so your reports are shorter 😂😂

I usually don’t write reports… but for a design review, I had no choice. Finding bugs is fun. Writing the report? By far the hardest part of my job😫

Stablecoins are starting to look a lot like bank accounts. You can earn yield, hold USD on-chain and spend them with a card anywhere. Meanwhile, most savings accounts still pay ~0.05–0.5%. So the question is: can banks catch up? 👀 We’ll discuss this in our next livestream ↓

EthCC side events… but with rackets 🎾 See you on the court in Cannes

so… who’s heading to @EthCC? 👀

Your AI agent now has access to 20k+ smart contract audit findings. claudit - one-line install, works with Claude Code & Codex CLI, searches across all @SoloditOfficial findings, open source. Huge shoutout to @Cyfrin for opening the Solodit API 🫡 Link below 🔗👇

Lido V3 Phase 3 is live! stETH minting is now permissionless for all stVaults and the minting cap for Identified Node Operators has been extended. The initial Lido V3 rollout is complete ✅ ↓

Thanks @eboadom, @andy_koz and @bgdlabs for holding providers like @Certora to high security standards over the past four years. Here are some of the things we learned and built together 🧵👇

Announcing Web3 Security Tools Seminar (W3ST) 2026 at @EthCC A discussion-driven seminar for security tooling builders Limited seats, technical depth, no marketing Looking for talks on tooling deep dives and work-in-progress ideas Details: seceureka.com/w3st/

My own @Balancer Magnificent 7 (bMAG7) pool is live! Been wanting to try this for a while. Some context: MEGA7 is a Weighted pool we found on Balancer v3 - composed of 7 @OndoFinance tokenized stocks at 10% each, with 30% Aave Boosted USDC. That's an interesting composition for attracting trading activity since the stablecoin acts as a natural counterpart. bMAG7 (mine) follows a different strategy: equal weighted, pure stocks, no stablecoins. 1:1 to the Magnificent Seven. A few things I learned along the way: 1. Getting tokens was harder than expected. Some apps advertised as live on Ondo Global Markets couldn't even quote certain pairs and I ended up relying on DefiLlama Swap. BTW Kyber and Velora consistently offered the best quotes and filled most of my trades. Available liquidity still has to improve. 2. Setting up a 7 token pool has its quirks. Pool creation on Balancer v3 is usually straightforward, but having many tokens makes it a bit annoying. Weights need to sum to exactly 100% so you're constantly rounding one up, another down. Also a bunch of approvals and signatures - though that gets easier once you've done it once. 3. Fee % when onchain liquidity is thin. Given how thin liquidity was during setup, I don't expect arbitrageurs to be very active, so I set the fee to 1% as a buffer. I would've loved to use @CoWSwap CoW AMMs for LVR-protected rebalancing but it only supports 2 tokens. 4. APR isn’t the right metric here. Current APR metrics focus on swap fees and token emissions - that makes sense for a yield product, but bMAG7 is essentially an index fund. What matters here is how the underlying assets perform and our exposure to each, not how much trading activity the pool generates. I will build some Dune dashboards to properly track this. More updates next week! h/t to the guy who created MEGA7 and sparked this idea and @Xeonusify for finding their pool!

Full Video:

Announcing: "Account Abstraction is Here – New Security Challenges with EIP‑4337 & EIP‑7702" with AliceAndBob (@AliceAndB0b) at the Security track. Account abstraction promises to revolutionize user experience, but the security implications are still being discovered and need urgent attention.

"It's much easier to steal money in crypto." @SagivMooly , Chief Scientist and Co-founder of @Certora , explains why the stakes are higher in DeFi and how formal verification is changing the game against sophisticated attackers like North Korea. Full interview 👇