Hrik
8.4K posts
Sending several @veefriends series 2 NFT’s for free to serious collectors here on crypto twitter - not looking for new wallets or people clearly flipping, this giveaway and karma play is to give an nft to a serious nft collector, one that would clearly appreciate it and hold it long term and maybe explore our echo system deeper because of the kindness of this gesture - pls please your wallet address in reply to this post
English
the most interesting projects i heard about from @EthPrague ;
1. A way to defeat the freeze function on centralized stablecoins
dafuq? didnt know this was even possible tbh, all i got on the technical details was it had something to do with wormhole
2. the german government released an identity database that businesses and customers can query for verification
one hacker was building a zkproof solution on top of it
honestly, the conference had real renewal of the mission vibes. motivation levels back up to full after it got over
English
Hrik retweetledi
ur probs not gonna like this take,
but what the arb sec council did was correct and good
yes, m/n multisigs at the defi core is a bad thing
yes, this expands scary precedent
yes, we should have more robust systems
but the council just took harm reductionist action
if you want to be upset about the issues above (to be clear, i still am) then be upset at:
1. corps that choose speed over security
2. vc's that fund competitors to force speed
3. teams that stiff bug hunters and auditors
4. founder bros that swear this shit dont matter
5. the shear absurdity that the life savings of countless real people sit behind a predicate which is:
- documented poorly, if at all
- written w wildly unnecessary indirection
- tested w/o coverage
- compiled w a half-baked compiler
but do not put that on a council which just recovered ~70m usd of real peoples' money that was otherwise gone
---
we do have to transition to systems more geographically, socially, and jurisdictionally distributed
but we also have to do the best with what we have now
every single protocol and l2 behind an upgradeable proxy has a moral obligation to thwart such an attack. anything less is feeding cats to coyotes.
and in the meantime, every user should ask every team before depositing:
- what does the chain of authority look like?
- which contracts owns which contracts?
- which accounts are at the top of the hierarchy?
- how distributed is the top of the hierarchy?
- how is risk & harm mitigated?
and for the long game, it's on us developers to:
- do actual, real threat modeling
- design risk-mitigations
- clearly map authority chains
- overdocument the fuck out of everything
- stop abusing contract inheritance
- choose abstractions which empower users to read and understand our systems over quirky compiler edge cases that 6 devs on the planet know about and that exactly 1 dev (you) cares about
Arbitrum@arbitrum
The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.
English
Hrik retweetledi
Introducing Edge, a high level, strongly statically typed, multi-paradigm domain specific language for the Ethereum Virtual Machine (EVM).
github.com/refcell/edge-rs
English
solved! ggwp @yum1n__
solution writeup coming soon
kaden.eth@0xKaden
ONCHAIN CTF: Exploit the contract, keep the ETH I've loaded up this vulnerable contract (linked in reply) with 0.1 ETH. If you can find the solution to take the ETH from the contract, it's yours to keep No, there's no source code. Good luck Note: Be careful to ensure you don't get frontrun
English
English
2 hours in, still unsolved
if not solved in the first 24 hours i'll double the prize pool 🫡
kaden.eth@0xKaden
ONCHAIN CTF: Exploit the contract, keep the ETH I've loaded up this vulnerable contract (linked in reply) with 0.1 ETH. If you can find the solution to take the ETH from the contract, it's yours to keep No, there's no source code. Good luck Note: Be careful to ensure you don't get frontrun
English
Foundry has a new release candidate: v1.4.0-rc3!
Highlights include: backtraces, configuration inheritance & multi-chain configuration, forge fmt powered by Solar🌞, enhanced coverage guided fuzzing, custom precompiles & many performance improvements!
$ foundryup -i v1.4.0-rc3
English
@HrikBho Yes, I was initially thinking what would happen if there are two qualified jumpdests
English
I was quietly auditing when the following thought entered my mind:
1. There is a contract with a senETH(address,uint) function. It works by allowing only the current contract to call it and sends ETH to whatever address specified.
2. The contract uses this.senEth() to send ETH to recipients
3. The contract also calls this.bakePizza(bytes) with arbitrary bytes provided by the user
You, as an auditor, suggest renaming senETH() to sendETH() to fix the typo. Because you are always the unluckiest person in the world, sendETH() and bakePizza() end up having the same function selector. Now the protocol deploys and a few years later a bad actor drains all of its ETH balance because of you.
But wait, how would the EVM know which of the two functions to call? There are no interfaces in the EVM and I would guess any logic which reads the calldata after the first 4 bytes would be executed once the dispatcher does it work.
Then I thought "Solidity is cool, it probably wouldn't let us do such a stupid thing". With the help of ChatGPT then I created a contract with two colliding functions - burn(uint256) and collate_propagate_storage(bytes16). Testing it in Remix resulted in an error as I suspected and I couldn't even compile it.
But, still, what if we wrote the bytecode manually and we deployed a code with matching selectors, will they be chosen randomly or maybe it's a FCFS, does it depend on client implementation? Well, I haven't gone that deep to answer these questions, so if you know feel free to comment 😄
English
Is there any API that takes an Ethereum tx hash and returns the ERC-20 tokens transferred in that transaction?
English
Pro tip: In Bomber Mode, 12% power will land you right on the edge of your own blast zone. 💥
Just far enough to stay safe and keep the ice under you a little longer.
English
Love this - @veefriends continues to play the long game, doubling down on storytelling and collectibles.
And, @garyvee says VeeFriends are, “the biggest endeavor of my career.”
It feels like he’s having a ton of fun developing this IP brick by brick.
English
as a dev, i need more @pudgypenguins github gifs, like variations of LGTM & ship it 🚢
i'm gonna spread pudgy culture at @Meta's Superintelligence Labs
English
Hrik retweetledi
Slowly, then all at once.
Billions will huddle.
Pop Punk@PopPunkOnChain
Pudgy Penguins has won the distribution game. This car next to me on the highway driven by an old woman has a pudgy plushie on her dashboard.
English
We just heard back from the Ninth Circuit Court of Appeals on the RR BAYC case.
The Ninth Circuit confirmed: BAYC NFTs are protectable trademarks, which is an important win for every NFT holder.
We'll now finish the fight in the district court, where the judge already fined the RR BAYC founders $9m+ in damages.
We'll win in the district just like we won before.
Onward.
English