
Taylor Hornby 🛡❤️
20.6K posts

Taylor Hornby 🛡❤️
@DefuseSec
Security research (https://t.co/xrmvhFVPtv), EDM (https://t.co/Ynq2DNWQa1), & board member @ Zcash Foundation.




Note that all of our proofs are valid proofs for the statements they claim to prove. The issue lies in those statements not meaning what they were intended to mean. While our circuits were still sound and complete, the flaw in the spec for mainCost allowed us to break the larger protocol functionality – ranking circuits by cost – and place our circuit #1 on the leaderboard. We look forward to following how this competition develops, and all the cool new optimised circuits that will come out of it, once all the kinks are ironed out. Takeaway: Formally verified code is only as secure as the spec it was proved against!

You "win" zk.golf – ZKSecurity’s FV contest – by writing the most optimized formally verified circuit for cryptographic primitives. But how does the best SHA256 circuit have a cost of 0? Here's how we exploited the FV spec for the top score on all circuits.👇

Read more and find the full brief: coincenter.org/non-prosecutio…



The US Government has requested a slow staggered rollout of GPT-5.6, and OpenAI has agreed. During this phase the government will approve each user individually. This will probably be the norm for all frontier models from all labs from now on.

Patch the Planet is our effort to help open source maintainers move from security findings to merged fixes. We’re working with Trail of Bits, HackerOne, Calif, researchers, and maintainers to bring Codex Security and advanced models into the remediation process, with human review at the center.


We are investigating a potential exploit affecting a deprecated Aztec payments product from 2021. ~$2m was transferred from the immutable smart contract in transaction: etherscan.io/tx/0xab306cd21… The deprecated product is an immutable stage 2 rollup that was sunset in 2022. Aztec Labs holds no admin keys or control over the system; it cannot be paused or upgraded by us. This is a separate incident from the exploit on the depreciated Aztec Connect product that occurred on June 14, 2026. We will share further updates in due course.







