Dacian

3.5K posts

Dacian banner
Dacian

Dacian

@DevDacian

Audit Team Leader @Cyfrin Protected $50,000,000,000+ on-chain TVL!

in your storage | 🇰🇷 Katılım Nisan 2021
301 Takip Edilen6.7K Takipçiler
Sabitlenmiş Tweet
Dacian
Dacian@DevDacian·
1 Hour with @PatrickAlphaC where I cover: 1⃣ how I break down stateful fuzz testing by invariant types and contract lifecycle 2⃣ my favorite general heuristics which I use to find all sorts of bugs in many different codebases 3⃣ mindset and ultimate recipe for success Link👇
English
9
22
226
57.4K
Dacian
Dacian@DevDacian·
Working with VERY smart people, I've noticed they sometimes neglect simple things to their detriment & the detriment of others. Very SMART person, read "The Parable of the Forgotten Nail" - become diligent in the small things, they aren't beneath you, will be better for you🫡
English
1
0
28
1.1K
Dacian
Dacian@DevDacian·
@ygorz01 @htmleverything For finding vulns etc Opus 4.8 is still king if you are in Anthropic's CVP program. But for dev work GPA 5.6 Sol now the best all things considered.
English
1
0
1
48
Mike @ HTML All The Things 🇨🇦
GPT 5.6 Sol (high) has blown me away. It nails long running tasks, asks the right questions and is wayyyy better at UI. This is not even comparable to 5.5 imo. I like it better then Opus and Fable as well, especially price and usage wise.
English
3
1
10
992
Dacian
Dacian@DevDacian·
@zerocipher002 @cyfrin There's a lot of reasons why we are doing well, but none I'll share publicly as there's no reason to give edge away. Suffice to say we know how to run a very successful private audit business where everyone (auditors, clients etc) is very happy working with us.
English
0
0
5
219
Zero Cipher
Zero Cipher@zerocipher002·
@DevDacian @cyfrin Do you think this demand is highly driven by the educational resources that cyfrin has created through the years?
English
1
0
2
277
Dacian
Dacian@DevDacian·
This week @cyfrin is running 7 private audits in parallel, engaging 20 top auditors! Audit demand remains extremely strong; our private audit business is on track for another record revenue year, growing by +25% 🚀 🫶 Blessed to be helping secure many top protocols 🫶
English
5
1
75
2.9K
Dacian
Dacian@DevDacian·
@webrainsec @cyfrin If you mean to work with/for cyfrin, there's no way to apply. If you aren't already working with us, gg. We simply have a stacked roster full of top auditors, more than we can give work to even engaging 20+ auditors every week.
English
0
0
2
149
Dacian
Dacian@DevDacian·
@C2IRIS It can be a bit of a lottery sometimes, especially when claude and openai dumb down their models in preparation for new mode launch or silently downgrade due to load.
English
0
0
2
280
IRIS C2
IRIS C2@C2IRIS·
And they still charged you for the tokens This business model is fundamentally broken. When the model gets something right, and one-shot finds a clean UAF in the Linux Kernel, I pay for $5 worth of tokens. Believe it or not, this actually happens every now and again. When that same exact model, in the same exact harness, in a different context window, somehow inexplicably spins out of control, failing to find that exact same vulnerability, while managing to take up 80x as many tokens, it costs me $400. We pay OpenAI and Anthropic and SpaceX *MORE MONEY* when their models and harnesses FAIL to do what we asked of them The incentives are beyond perverse It’s hard to imagine myself rooting for the Chinese labs that produce open source models based on stolen American IP, but at this point, it’s becoming hard not to. I want GLM-6 running on a $1.3M air-gapped cluster in my basement SCIF, instead of using “fable”, an extremely censored model that is unambiguously FAR WORSE than the version of Opus 4.6 that Anthropic was serving up to us in January
Matt Shumer@mattshumer_

GPT-5.6-Sol just accidentally deleted almost ALL of my Mac’s files. And this is why I trust Fable 1000x more.

English
1
0
17
2.5K
Dacian
Dacian@DevDacian·
@ygorz01 For individuals the $200 claude max & gpt pro subscriptions are likely the best value-for-money. But for organizations using API billing, if GLM can perform the same work at 20% of the cost with identical or near-identical outputs, it becomes very attractive.
English
0
0
1
93
George Gorzhiyev
George Gorzhiyev@ygorz01·
@DevDacian For “bootstrapped” devs, it looks like these more cost effective models are becoming a nice little option?
English
1
0
1
131
Dacian
Dacian@DevDacian·
Ran medium-complexity "reasoning" workflow. Sonnet 5 Medium took 11 minutes cost $2.20 GLM 5.2 High took 14 minutes cost $0.60, produced identical output Open-source AI becoming "good enough" (if with some rough edges, see previous GLM-5.2 posts).
English
2
0
29
2.1K
Dacian
Dacian@DevDacian·
@p_tsanev Yes these workflows were both executed via opencode using openrouter to access both models & paying the API rates.
English
0
0
1
167
Plamen Tsanev
Plamen Tsanev@p_tsanev·
@DevDacian Is that through their API? Who is hosting the open-sourced models and aren't they also heavily subisides, which fixes the costing error?
English
1
0
2
247
Dacian
Dacian@DevDacian·
@htmleverything For engineers sure this can be true. But for business people, taking a complex business workflow previously done by humans then automating it into an AI workflow using all the domain-specific knowledge is a huge win.
English
2
0
2
497
Mike @ HTML All The Things 🇨🇦
I’m starting to think a lot of “AI harness engineering” is less about producing better software and more about engineers trying to preserve a sense of craft. New agent frameworks. Memory systems. Context strategies. Skill libraries. Multi-agent workflows. Different models for every stage. But for most of my actual engineering work, a clear prompt, a small set of instructions, and a solid test suite have been more than enough. The complicated workflows can improve results at the margins, but rarely enough to justify the time, money, and maintenance they require. What they do provide is satisfaction. Tuning a workflow feels like engineering. Discovering some new setup that unlocks a previously difficult task feels rewarding. Simply prompting an AI and accepting a good result does not. So we keep searching for the newest workflow, partly because it makes us feel useful and partly because it staves off the boredom and burnout of becoming an AI task manager. The uncomfortable question is: Are we optimizing for better software, or for a workflow that still makes us feel like engineers?
English
1
2
9
1K
Dacian
Dacian@DevDacian·
@bridgemindai they just need to update codex - I just started and stopped codex a few times & got prompted to update them bam gpt-5.6 was available
English
0
0
0
100
Dacian
Dacian@DevDacian·
GLM is a lot less "forgiving" than Opus/GPT; use these techniques in your long workflows to avoid many GLM errors: 1⃣ incremental output - don't output at the end, make your agents output incrementally while working 2⃣ checkpoint writes - glm agents can timeout very easily during reasoning phases, so have them output checkpoints to prevent this 3⃣ tighten prompts - glm seems a lot dumber than opus/gpt at figuring out what the correct action is, so tighten up your prompts to remove any ambiguity 4⃣ negative & positive enforcement - opus/gpt generally do the right thing if given the reasons why that is the right thing to do, but glm benefits from explicitly being told what to not do since it loves to misbehave 5⃣ tolerate output variance - glm is worse at outputting correct formats. Tighten up output specification prompts but also consider tolerating greater output variance & using deterministic output cleanup to format things correctly 6⃣ verify outputs, auto retry - glm can return seemingly "successful" but without writing any outputs, it can return weird tooling info in its outputs, there are lots fo weird things that can happen. Ensure to check the outputs for correctness, diagnose the cause of failures & have automated system in place to re-try failed spawns using prompts which instruct the retried agent to correct the errors Perhaps I've just been spoiled by Optus/Gpt but GLM feels quite "rough around the edges" in comparison.
English
1
0
16
1.6K
Dacian retweetledi
crews
crews@theyoungcrews·
@Davidareising no shortcuts in security! feel pretty good having @DevDacian & team behind us
English
1
1
8
463
Dacian
Dacian@DevDacian·
@pashov 💯 especially during the bear market, both individuals & firms need to be working harder than ever!
English
1
0
7
446
pashov
pashov@pashov·
Being lazy in such time of change in web3 security is straight up arrogant. You MUST be learning, reinvent yourself, progressing daily. Security is a game of having an edge, if you are not improving others are catching up. Everyone is busy, don't be the only one bitching🫡
English
14
11
148
5.4K
Dacian
Dacian@DevDacian·
GLM-5.2 has been massively hyped so I tried it out via opencode using existing workflows which are proven to work great with claude/opus-4.8 and codex/gpt5.5. Negative observations: 💥 loves returning malformed json 💥 loves editing files outside of what it was instructed 💥 tons of transport errors on additional spawns once ~8 agents running in parallel 💥 agents occasionally return successfully but have no output or output contains weird tooling stuff 💥 loves to return partial incomplete and/or incorrectly formatted outputs That being said, I've found ways to get around most of these errors and am working on a strategy to overcome the final remaining one, so hopefully I'll get to see how GLM-5.2 performs soon!
English
6
1
30
3K
Dacian
Dacian@DevDacian·
Shout out all the auditors & protocols still in the arena during the bear market - future LEGENDS 💪
Dacian tweet media
English
2
7
68
2K
Dacian
Dacian@DevDacian·
Running 8 private audits in parallel this week, engaging 24 top auditors! Last year @cyfrin grew our private audit revenue by 50%, this year we're on track for compounded 25% growth on top of last year's 50% 🔥 Growing during bull & bear markets 🚀
English
6
0
103
3.3K
Dacian retweetledi
Cyfrin Audits
Cyfrin Audits@cyfrin·
Congratulations to @Securitize on going public, now listed on the @NYSE as SECZ. 🎉 It's been a privilege to work alongside their team across our private audits, and it's great to see them reach this milestone. Bringing capital markets onchain only works when the infrastructure underneath is secure and regulated - and they've taken that seriously from day one. Tokenize the World.
English
1
1
32
2.3K
Dacian
Dacian@DevDacian·
Introducing Coldclone - neutralize a wide range of auto-execution & prompt-injection attacks before opening an unknown repo. Don't ever quote an audit without it! Shout out @__Raiders who contributed some code & ideas. github.com/devdacian/cold…
Dacian tweet media
English
2
5
57
6K