Sabitlenmiş Tweet
Chicken
1.6K posts
Chicken
@HomicidalChickn
Smart contract dev, 4+ years experience Hire me: https://t.co/9LOi9ZmvNf
Katılım Temmuz 2020
490 Takip Edilen291 Takipçiler
Anything that can be rugged will be rugged. The whole point is to build systems where that isn't an option.
Anything weaker ends up in the abyss of "worst of both worlds" with no rights and no recourse
_gabrielShapir0@lex_node
listen guys, I know it's a bitter pill I know many of you (like me) got interested in crypto because of DAOs etc. "governance" is largely a word used by scammers. most don't know they're scammers. they think they are doing something good and innovative. next time you see something about governance, switch "governs" or "governance" for "control". if it still works (eg. "tokenholders GOVERN the treasury"--->"tokenholders CONTROL the treasury" and they literally do, because no one can spend the treasury unless tokenholders agree with an onchain state change), then great... ....if it doesn't work (eg, tokenholders actually just do a snapshot and someone else obeys them, so tokenholders "GOVERN" it but don't "CONTROL" it), then "governance" is being used to scam (again, often inadvertently) just think this way, and you will be far better off and not waste your attention nick szabo used to follow me. then he blocked me because I talked positively about "governance". he was right, took me getting older and more years in crypto to see it.
English
@QiaochuYuan It's great but Tumblr does it better. Reblogs end up preserving the whole context chain, so interesting additions get appended and shared together.
Twitter isolates each chunk, while Tumblr grows iteratively on each pass. You get an emergently curated conversation over time
English
twitter did something amazing with its design: on most other platforms there are “posts” and “replies,” and replies are second-class citizens, lacking most of the affordances that posts have
on twitter everything is a tweet! (ignoring articles) when you reply or QT a tweet you are writing another tweet, which has all the affordances a full tweet has. you can attach images (including screenshots), you can QT while replying, other people can reply or RT or QT your tweet, replies and QTs show up in feeds. this makes twitter “fully recursive” in a way other platforms aren’t. someone can make a point in a top-level tweet and you can critique or build off that point in a QT which is its own top-level tweet. tweets can get replies which are so good they accumulate more RTs and QTs than the original. there’s a frictionless way discussions “grow” on twitter, budding off new discussions which bud off new discussions etc, which any platform that maintains a post / reply distinction makes harder
QC@QiaochuYuan
the combination of threading, RTs, and QTs is what makes twitter special as a platform, to me (even if threading is being partly displaced by longtweets). most things i believe about this are still downstream of @visakanv's pioneering 2019 twitter_rpg_strategy_guide.txt
English
Didn't realize how bad the World Liberty Financial x Dolomite situation was
The tl;dr is that the Trump family took out massive debt against their illiquid shitcoin, setting up a trap for unsuspecting retail users chasing boosted yield.
If unwound, the position would immediately become bad debt on Dolomite, preventing depositors from withdrawing on top of crushing the value of the "boosted yield" incentive tokens.
Same scam tactic that led to people trapped in the Terra Luna crash while "earning" 20% yield on Anchor.
If you know anyone with money in Dolomite who doesn't understand the risk, get them to withdraw immediately
coindesk.com/markets/2026/0…
English
@llamaonthebrink @NoirLang Noir is really enjoyable to use and not difficult at all. The syntax is basically Rust. The model trained on their docs is pretty helpful when you get stuck.
Overall it's a very ordinary language and abstracts away the pitfalls of other circuit writing languages.
English
Aztec just launched a whole
stack dedicated to privacy, including an L2 with smart contract capabilities.
The problem is that they use @NoirLang, a new programming language that comes with a lot of growing pains.
I think the main way for them to accelerate adoption at this point is to train an AI model on it and let developers use that to build apps.
Otherwise the adoption curve may take forever.
AJC@AvgJoesCrypto
@TrustlessState Kohaku? Railgun? Privacy Pools?
English
@owocki It's also a good argument on why we should collectivize the transition risk so that we can accelerate productivity without leaving people behind
Reskilling often frames the risk individually. But, the future displacement is unpredictable, so we need mutual support to bear it.
English
the question isn't "will AI take your job."
the question is: when it does, what's the move?
retraining: dead loop. AI roles change faster than humans can certify into them.
reskilling: only works if there's a destination skill. there often isn't.
what's left:
- capital you own
- status you've built
- local relationships
the post-AI economy is local before it's anything else.
English
There's clear demand for it but it seems like it's best filled by cross-chain market makers, such as via Across.
An intent based flow is often both faster and cheaper, so I tend to use it for those reasons. As we converge on realtime-proving and strong interop, fast bridging will be an even higher priority.
There's also just user friction. When I'm withdrawing a balance I'll bridge then withdraw on the chain with the fastest CEX confirmation time, again for convenience. Saves me 20 minutes of waiting around.
English
I’ve never understood why bridges have to always be fast. I get it for impatient retail or cross-chain arbitrage.
But many tasks aren’t very time sensitive. Which is why I always had a soft spot for the (now-defunct?) @fraxfinance bridge.
They called it Frax Ferry and gave the roles a nautical theme. The captain had admin roles, and a second set of actors called crew members had the power to temporarily pause to enforce a “stop, look, listen” process.
Normally I dislike meme-y themes (like food names), but in this case I think the ferry analogy helped communicate to users how it worked.
The Frax Ferry would have scheduled departure times between specific chains, and would take 24 hours to arrive.
This gave ample time to catch shenanigans. And also meant there was low risk of infinite mint, since any compromise would have to be sustained undetected for the entire journey.
I’m not sure if 24 hours is the right time period, but it’s hard to think that the Frax Ferry would have allowed DPRK to rekt Kelp.
To the extent a need for fast bridging still exists, it does seem appropriate for someone (bridge, issuer, swap-bridge counterparty) to levy a fee to account for the increased risks.
The model converged upon has been the asset issuers doing this for free - you’ll notice even on L2s, the standard bridges aren’t growing their escrows much as fast options proliferate.
I think we can agree there needs to be a rethinking about how this risk is shared. That could be a fee, lower claims priority, or some TBD clever solution.
English
@Marczeller Not your keys, not your coins. Oh right, unless you ram through governance proposals when they aren't looking. Forgot that part.
English
if you still own LEND, Aave labs decided to raise unexpectedly a proposal to AIP stage.
You have 5 days to migrate or you will lose your ability to do it and hold worthless tokens.
While I supported working on this in the past, doing it overnight in a whole different context of ownership of the DAO is clearly not something I support.
We're talking about 30m$ worth of tokens at current market price.
here's the migration contact:
etherscan.io/address/0x3176…
English
Chicken retweetledi
new report from @OpenZeppelin pits the 6 biggest smart contract L1s against each other for fitment with tokenized RWAs
the results highlight why @MetaLeX_Labs picks Ethereum for its onchain-maxi securities tokenization protocol:
→ Zero full outages in 10+ years. Every other chain has halted.
→ ~$50.7bn cost to finalize a fraudulent transaction, more than 2x the runner-up.
→ Multi-client diversity at both execution and consensus layers. Every other network runs one dominant client.
→ Lowest insider genesis allocation (~17%).
→ Multi-team, deliberative governance. No single entity can push protocol changes unilaterally.
→ The most active post-quantum research program in the industry.
When the chain state transition function *is also* a legal state transition function, these stop being preferences and start being requirements.
OpenZeppelin@OpenZeppelin
When financial institutions put client assets onchain, supervisors expect a defensible answer to one question: how was the blockchain network evaluated? Networks differ in finality guarantees, governance, and continuity exposure. And those differences shape regulatory risk.
English
Chicken retweetledi
Demonstrated security council interventionism has opened the door for lawsuits. I am surprised it took this long. Proceed to stage two or deal with the consequences; even the most businessbrained should find this a compelling reason to become trustless.
English
@0xBernard_ Lmao honestly I should start doing that. It's extra rough because 80% of my interviews are coming in through linkedin now, so I'm kinda stuck with it
English
@HomicidalChickn LI having zero verification for where you work remains wild to me
Guess you gotta hit even the recruiters with "f kim jong un"
English
lol never mind I got rekt, they got into my wallet on optimism and stole $1200 that I was supplying on AAVE.
Never signed anything, they extracted my metamask data and cracked it because I installed a bad package.
You can never be too paranoid in this industry
Chicken@HomicidalChickn
I just survived my first encounter with the North Korean Contagious Interview campaign Even when you do your due diligence, it is so easy to slip up. Plan for defense in depth, and don't rely on single points of failure. There's a reason @PatrickAlphaC has been campaigning against storing your private keys in plaintext env. If I wasn't using foundry's encrypted keystore, my keys could have been leaked just like that.
English
@BowTiedDevil Thanks, definitely could have been worse. Just gotta take the hit and learn the lesson
English
@HomicidalChickn Awful, but I'm glad to hear they only got a little bit of your stash 😔
English
@0xBernard_ Thanks man. Yeah, I knew what to look for, saw red flags and still walked into it
English
@BowTiedDevil Chai-as-mobj@2.3.5
Not a compromised official package, just designed to look like a normal package. The entire stack was old, like hardhat and solidity 7.0. Later found the package on a list of known dprk vectors:
x.com/i/status/20445…
Chicken@HomicidalChickn
This time I caught the malicious package. Claude flags a sqlite3 package that wasn't listed in the package.json, and I find out that it was dragged in via chai-as-mobj@2.3.5. Not only does this reveal the post-install attack vector, but it leads me to this site which documents that package in previous known use by DPRK's FAMOUS CHOLLIMA: dprk-research.kmsec.uk I call out the interviewer, and they delete their account. I spend a few days cleaning up my machine, and luckily didn't lose anything valuable.
English
I’m pretty sure these the sells and the tweets are on a regular schedule but that just makes the bit where they always come out at exactly the wrong moment 100x funnier
Ethereum Foundation@ethereumfndn
0/ Today, the Ethereum Foundation finalized the terms of a 10,000 ETH sale at an average price of $2,387 via OTC. For this sale, our OTC counterparts was @BitMNR.
English
Chicken retweetledi
I have a proposal here somewhat off the dome, that I'm going to drop here and then bring to Aave directly: we can facilitate exactly this with @WildcatFi, today.
I haven't caught up with the precise amount to which the hole has been covered, but Aave Labs, once registered as a borrower, would be able to deploy a WETH market parameterised precisely as specified below - tradeable debt token called aaveWETH, 5% APR, whatever capacity it felt is/was viable for them to take on (which can be increased/decreased ad hoc).
Open-access policy restricting OFAC-sanctioned addresses from depositing, but otherwise open to all.
The market would presumably need to be fixed-term in duration - Wildcat markets can facilitate up to two years before converting, and can be configured so that they can be repaid/terminated early if needed.
The prime issue here is time-duration - there would be a need for immediate secondary liquidity for aaveWETH, but there are protocols such as @agra_gg that can facilitate this provided liquidity is made available (presumably 1:1 based on faith in Aave to repay in time) - alternatively solver-based DEXes such as @bebop_dex could assist here.
I genuinely don't mean to use a catastrophe to promote our work, and apologise if it comes off as crass - but this kind of facility was also something that we raised in the immediate aftermath of the Bybit hack as a way to facilitate an emergency bridge loan.
In the interests of 'participating' in DeFi United, Wildcat Labs could/would also specifically request that the Wildcat Foundation (which receives revenue from markets) set aside the fees from such a vault (which would be 25 bips on 5% for the duration of the market) to be set aside/earmarked as assets to be handled as best thought appropriate (although, for the avoidance of doubt: the Wildcat Foundation is a wholly independent entity that would have the right to reject this request - I feel compelled to mention this for legal purposes).
I truly think that Wildcat can help here if needed.
Marc Zeller@Marczeller
Instead of calling for donations: 1) Build a deposit Vault call it "Defi United Eth" 2) Wire Aave wETH revenue to vault capped at 5% APR, 3) Make vault deposit token tradable call it "AaveETH" 4) slowly repay interest + principal Let people deposit, max vault capacity is the total worst case scenario hole. I'm pretty sure they would have collected more than needed last saturday Aave has plenty of revenue, Aave DAO and Labs are sitting on 9 figures of treasury each and would have figured it out eventually, Panic avoided, back to work. Would have deposited most of my ETH in it, why not?
English
It's funny how often my migraines' physiology have unconsciously driven my behaviours.
I'm a massive green tea and oolong drinker, so it's very validating to find out they've been stabilizing my nervous system too.
I also learned that high quantities of spicy food (my favourite) have analgesic effects due to temporarily exhausting the supply of pain neurotransmitters.
It's both really neat and kinda unsettling that traits you thought were conscious choices can be strongly driven by unconscious preference
maya@ArsAlendi
People with ADHD are usually magnesium and GABA deficient. Low GABA/high glutamate levels = overexcited nervous system, muscle tension, and even more tension radiating through the skull due to clenching teeth. What helps me the most is a combination of herbal and nutrient supports. 🪷 GABAergic teas and tinctures: high GABA oolong (this is great for active migraines and headaches), magnolia bark, lemon balm, oat straw or young milky oats, and blue lotus. 💊 Magnesium glycinate and magnesium malate. Glycinate specifically is very effective at converting glutamate into GABA, and malate will help to reduce muscle tension. Likewise, amino acids glycine, l-theanine, and taurine contribute to GABA production.
English
i spent the last two days building a hardened Qubes OS salt config for my `safe-tx-hashes-util` verification script. think infra-as-code, but for app qubes. it sets up a minimal, reproducible template vm that you can use to spin up an app vm specifically for verifying Safe tx hashes. i know the product-market-fit here is basically near zero, but i'm going to keep pushing things toward Qubes OS anyway. so if you care about a secure, reproducible env for Safe multisig tx verification, use the config.
ps: read every `.sls` file before applying them ;D
English
@HomicidalChickn Aaaaaaaaaawwww tyyyy anon chicken 💛👩🏭
Then you’ll love the next upgrades, we’re 10xing the private multiplayer collaboration! I can send u a sneak peeeeeek in dm if u want 🌸
GIF
English
What does operational maturity look like?
At its ideal, immutable code. No admin keys at all. True decentralization.
Failing that, top protocols use strategies such as:
> Multisigs with timelocks
> Active DAOs which hold signers accountable
> Division of admin roles into tightly scoped responsibilities
> Guardian roles with emergency authority to pause the contracts
> Active risk management by curators who perform modeling and analysis to proactively adjust risky parameters
> Supply caps and other limits based on risk assessments and protocol maturity
English