dybl.base.eth

200 Million+ people play lotteries every single week. They don't care about blockchains. They care about jackpots, odds, fairness, and fun. But the tools to build something better? They exist now. Programmable yield. Verifiable randomness. Trustless execution. Web2 experience. Web3 under the hood. The user never needs to know. 🧵

"The code is the documentation." "Our devs know how it works." "We'll write docs after launch." Undocumented protocols aren't just hard to maintain. They're hard to audit, hard to monitor, and easy to exploit. Missing documentation is a security vulnerability with no CVE number.

I use AI to code everything I touch these days But the industry is doing dumber and dumber things with it AI already hardcoded ETH to $1, got prompt-injected through unopened emails, and still tells people private keys in plain text are fine Here's how to not get destroyed 🧵

@TomZschach Intent shapes the prompt, but the real shift is asking yourself first... AI builds what you already envision

A prompt is an instruction. Intent is an outcome. The entire infrastructure stack is starting to reorganize around that shift.

@CyfrinUpdraft Done ✅

The survey takes 5 minutes and directly shapes what gets prioritized in Solidity's development. Last year, 1,342 developers from 89 countries participated. Completing it also enters you for a chance to win a Devcon 8 ticket.

The annual Solidity Developer Survey went live. Even if you're still learning, this matters to you directly. Here's why, and what the Solidity roadmap means for new developers. 🧵

Learning compounds

The deeper shift isn’t about any single category. It’s about the cost of structured professional judgment falling toward zero for any domain where the reasoning can be decomposed into rules, patterns and precedent. What remains expensive is genuine novelty, relationship trust and regulatory accountability including things like someone who signs their name to the output. The firms that survive this transition are the ones that understand they’re selling accountability and trust, not analysis and documentation. The ones still pricing on hours-of-work-performed are already dead. They just haven’t noticed yet.

Fuzz test results on Crypto42's swap-and-pop pattern. Random subscriber counts with random expirations All subscribers expired (empty list edge case) Zero expirations (clean traversal) Consecutive expirations triggering chain-reaction removals Single subscriber (minimum viable case) 250 subscribers forcing 3+ batch boundary crossings Expire at position 0 (immediate swap-and-pop at cursor) 70,000 randomized scenarios. 0 failures. 101 seconds.. testing continues

Buckle up, the shitstorm is going to hit. Threat actors are going use the knowledge that you don’t want to be left behind on the AI rush to target you. Tech is being blindly trusted more and more, which means hacks are going to happen at alarming rates. Keep yourself safe, keep your enterprise safe, here are a few tips: 1. Never run an AI agent on a device with sensitive information on it 2. Private keys are NEVER to be in plaintext 3. Be skeptical of everything AI gives you, you are to blame if it misbehaves 4. People will use AI to social engineer you, always verify the person who you’re talking to is who they say they are 5. Limit the scope of your API keys as much as possible. If your tool doesn’t need it, it must not have it 6. Anyone asking you for something urgent, downloading something, running a script, clicking a link - that’s a sign they are trying to phish you 7. Smart contract AI vulnerability scanners are still shit, if a report takes more than a few hours to generate, a human is probably doing it, but they want to upcharge you 8. As always, verify your calldata. It’s trivial to create malicious transactions that look real now. (Self plug) Use the Cyfrin Wise-Signer snap with the fox wallet to help decipher transactions. Stay safe

🤖 AI agents just autonomously exploited 207 out of 405 real smart contracts in simulation — extracting $550M in mock funds. They also found 2 novel zero-day vulnerabilities in live contracts that no human had identified. This changes the threat model for every protocol. 🧵

AI is really good at convincing you that your code is good. Remember, AI is like a really smart fast-working recently graduated post-grad, and is actually still kind of an idiot. And will lose you millions of dollars.

@PatrickAlphaC Loving AI, but using a human to audit my code before launching.. just makes absolute sense!

Everybody who is vibe coding AI security tools and trying to sell them, please keep doing it. You’re making us look awesome.

A fair question. pump.fun is an instant meme coin launcher on Solana. Deploy a token in 30 seconds and most rug or die, few moon. Pure speculation casino Lettery is a yield-bearing lottery. Users pay $3 for a ticket where the losing/winning tkt keeps earning real Aave yield, as long as they keep streak Better odds than traditional lotto, 42 chars where you can have #ANDRE instead of boring numbers, unclaimed prizes + forfeited yield compound the pot (The Eternal Seed). More back to players long-term, not extractive Two different beasts: one’s meme gambling, one’s sustainable yield + chance (a Lettery) Shall I buy the ticket, Andre ;?

@DYBL77 How is this different from pump.fun

200 Million+ people play lotteries every single week. They don't care about blockchains. They care about jackpots, odds, fairness, and fun. But the tools to build something better? They exist now. Programmable yield. Verifiable randomness. Trustless execution. Web2 experience. Web3 under the hood. The user never needs to know. 🧵

"Let that sink in" because it is inevitable.

What if the most based thesis isn't a coin at all @jessepollak ? Building on Base where capital locks permanently and compounds. No token. Just a mechanism where the floor only rises. The Eternal Seed 🌱 Sometimes the best investment thesis is infrastructure, not another ticker ;)

Cycles are a normal part of the crypto industry, what is important is what those cycles reveal about how far the industry has progressed and what next stage/trends of adoption/value creation will go on to define the industry. So far this cycle reveals two key things for me: Firstly, there have been no large risk management failures leading to large institutional failures or widespread systemic risks. In the previous cycle you had FTX and multiple lenders cleaned out through large price drops, this time around I am pleasantly surprised to see none of that or at least none of it at any system wide scale. If the crypto industry and its systems are able to successfully weather large drawdowns in price and liquidity issues then it is a more reliable place to put both retail/client capital and institutional capital. This time has been much better managed than last time. Secondly, real world asset migration on-chain continues to accelerate regardless of Bitcoin/Cryptocurrency prices, signaling that having real world assets on-chain is not tightly coupled to crpytocurrency prices but provides its own unique value that can grow irrespective of market pricing of Bitcoin or other crypto assets. We have seen RWA issuance continue to grow and we've seen leading on-chain perp markets rival tradfi perp markets for very traditional commodities like silver, especially in periods when trading in permissioned traditional markets became harder or more risky vs trading in on-chain permissionless markets. As more and more RWA data goes on-chain to make perps work correctly for more asset types and as more on-chain value is generated as RWAs themselves, I expect these dynamics to only increase regardless of crypto prices. These are both very positive signals for the assumptions I have been making about three key trends I am expecting to work together to reshape our industry in the next stage of its growth into mainstream adoption. Firstly, on-chain perps about real world assets and tokenization of the assets on-chain has unique and durable long-term value which is growing regardless of any other dynamics. It is the value of 24/7/365 markets, on-chain collateral management and on-chain data. Secondly, institutional adoption of our industry will be driven by the fundamental/technology value it provides, accelerated by access to permissionless/always on markets in DeFi, which will grow massively as a result. Thirdly, the infrastructure that will make RWAs possible will be experiencing much more demand as more of the real world finds itself on-chain. As more RWAs have to go on-chain as perps via on-chan data or tokenization itself and as those RWAs are increasingly complex in how they need to work on-chain, more systems will need to interface with chains to enable those RWAs. The first two trends are inevitable market forces that are now accelerating regardless of cryptocurrency prices, that is the real insight I see from this part of the cycle. The third trend is where Chainlink is providing the key global standards/protocols/infrastructure that is needed for providing the data, connectivity and orchestration that accelerates the first two trends. Data is what allows most RWAs to exist on-chain at all. Market data for on-chain perps e.g. on-chain silver markets, Proof of Reserves for Stablecoins, NAV for Tokenized Funds to operate on-chain and many other examples touching every category of RWAs. Chainlink is the largest provider of data to the leading blockchains by far and is successfully servicing the vast majority of DeFi for all their data needs with 70%+ market share. Our new launches with leading institutional data providers like S&P, ICE and many others put Chainlink in a similar position in the growing institutional RWA world. Connectivity to both other chains and existing backend/accounting/risk management systems is key for liquidity. The ability to connect to the other chains as a system of record/source of liquidity and to the existing centralized systems of record/sources of liquidity are key for scaling RWA adoption globally. Chainlink is the leading provider of these capabilities to institutions and has been chosen by the leading security teams in Web3 to be their official bridging provider due to a superior reliability/security track record. Chainlink is also the only system that successfully pulls TradFi payments into on-chain transactions across multiple chains, integrating existing sources of liquidity and new sources of liquidity into one interoperability layer. Orchestration is the process of coordinating multiple systems into one workflow/transaction that defines the core value an application is providing to its users. Coordinating between multiple chains, multiple off-chain systems, multiple market data sources and now multiple AIs is a key function that some system needs to play for the more advanced RWAs to function properly. The Chainlink Runtime Environment seems to be the only environment in which you can currently run a workflow that can coordinate all of these key systems into a single application, already in use by enterprises and with advanced integrations into many key systems. Orchestration has an additional critical component of creating privacy, which there are now new and exciting solutions for being built on CRE. More to come on truly useful privacy as a key feature of CRE's orchestration. If these trends continue I believe what I have been saying for years will happen; on-chain RWAs will surpass cryptocurrency in the total value in our industry and what our industry is about will fundamentally change. This shift will also lead to cryptocurrency's growth as an asset class that benefits from more capital on-chain, but RWAs is how all of this goes mainstream. I have never been more excited about our industry's potential to become the way a better version of the global financial system works to benefit all of us.

Install the VS Code extension. Start writing a contract. Aderyn highlights vulnerabilities instantly: → Reentrancy risks → Missing access controls → Unsafe external calls Like a security coach watching over your shoulder.

You're learning to write secure Solidity. Aderyn shows you your mistakes in real-time, as you code. 🧵

As Web2 and Web3 merge, the primitives/infrastructure underneath need to be bulletproof. Building one now. The Eternal Seed. Cyfrin is exactly where security standards need to be.

Ongoing tests on Lettery v1.6.6 (@base Sepolia). Testing guess validation. Both rejected 👍 "ABC" rejected. Too short, need exactly 6 characters. "DYBBLL" rejected. Each character must be unique

The 1st @chainlink VRF Lettery test on @base Sepolia with @aave V3 :)