Deviation

1.9K posts

Deviation banner
Deviation

Deviation

@JackDeviation

Investor | Markets; Macro, Metals & Crypto | Always learning, always questioning. I love asymmetric investments like ICP. Mainly buy & hold

Utah Katılım Temmuz 2023
1.4K Takip Edilen455 Takipçiler
Deviation retweetledi
Alex (BCP)
Alex (BCP)@BlockchainPill·
People underestimate how fast the $ICP can grow. At a $1B market cap, it's just getting started and could easily surpass $10-$20 targets. Many will look back and regret being scared when ICP was $2, similar to early Ethereum. #ICP
English
3
21
108
2.6K
Deviation retweetledi
Internet Computer Today
Internet Computer Today@DfinityToday·
"For enterprises that want to put AI at their heart, $ICP will be the new stack they seek." —@dominic_w 🔥
Internet Computer Today tweet mediaInternet Computer Today tweet media
English
4
21
220
4.9K
Deviation
Deviation@JackDeviation·
The biggest test for DeFi hasn't happened yet...... but what if it's about to on The Internet Computer! Can the U.S. regulate a truly decentralized DEX? The Multi/DEX on the $ICP is powerful and ground breaking in many ways, but it may become the clearest test yet of whether the U.S. is ready to embrace truly decentralized financial infrastructure. What if the first unstoppable DEX is finally here? The next crypto battle isn't about technology. It's going to be about freedom! DFINITY is trying to build a DEX whose protocol operates without a centralized operator controlling users or their assets. How do you regulate software that no one really controls? Can a government stop a DEX that has no owner? The real test of decentralization is about to begin. What if the first DEX that can't realistically exclude U.S. users is one that's truly decentralized? A truly decentralized DEX that U.S. regulators permit American citizens to use. That's the value and potential that I see in the Multi/DEX and ICP! Image millions of new users allowed to use their crypto however they want to! No centralized operator. No custody. Just code running on-chain and users controlling their own assets. If regulation ultimately recognizes that distinction, it could mark a major shift—from permissioned finance to genuinely open financial infrastructure
Deviation tweet media
English
2
9
72
1.2K
Deviation retweetledi
Passion Planet Ghana
Passion Planet Ghana@GhanaPassion·
Standing among countless choices, I choose innovation over hype. My choice is $ICP — built for speed, scalability, and a truly on-chain future. The future belongs to those who choose wisely. 🚀 #ICP #DFINITY #Web3 #Blockchain #Crypto #ChooseICP
Passion Planet Ghana tweet media
English
2
7
48
1.1K
Deviation retweetledi
Alex (BCP)
Alex (BCP)@BlockchainPill·
"If I were 'them', I'd be watching for signs that people are figuring out the game with ICP. When governments adopt it, the burn rate will skyrocket." - @jerrybanfield They're accumulating $ICP now, waiting for their 1000x moment, using influencers and exchanges to pump it. #ICP
English
2
12
86
2.4K
Deviation
Deviation@JackDeviation·
LFG! I'm excited for the new Dex!
Deviation tweet media
xld@xldmotokovip

MULTI/DEX is a decentralized exchange (DEX) platform designed for the Internet Computer (ICP) blockchain. Unlike many other DeFi platforms that rely on traditional web servers for their front-end interfaces, MULTI/DEX operates entirely on-chain, with its entire stack—including the matching engine, order books, and front-end—running as canister code on the Internet Computer network. Key Features of MULTI/DEX Fully On-Chain: Because the front-end is hosted directly on the blockchain, it is decentralized and censorship-resistant. This contrasts with many Ethereum-based DEXs, where the smart contracts are on-chain but the interface is often served via centralized web servers. AI-Powered Interface: The platform integrates AI, allowing users to interact with the exchange using natural language. This includes receiving assistance with trading strategies, portfolio management, and the automation of approved actions. Non-Custodial: Users maintain full control over their assets while using the platform. Cross-Chain Capability: It is built to support cross-chain asset swaps, leveraging the Internet Computer’s native ability to interact with other blockchains (like Bitcoin and Ethereum) without the need for traditional "bridges" that are often security vulnerabilities. Performance: By running directly on the Internet Computer, it aims to achieve high transaction speeds and low latency, targeting a performance level comparable to centralized exchanges while maintaining the transparency and security of a decentralized protocol internet-computer:native #internetcomputer #ICP

English
0
2
29
1.2K
Deviation retweetledi
Mike_ICP
Mike_ICP@Mike_icp·
$ICP If not zero, $1000.
Mike_ICP tweet media
English
3
6
52
888
Gigi 🇻🇪
Gigi 🇻🇪@itsthatgigi·
BITCOIN SOLANA HYPERLIQUID ETHEREUM What else should we add?
English
296
42
334
28.5K
Deviation retweetledi
IC Forums
IC Forums@icpforums·
IC Forums is independently owned. That means no DFINITY staff nor influence. However, there is a subforum for DFINITY should you want to discuss it.
IC Forums tweet media
English
1
6
37
1.1K
Deviation
Deviation@JackDeviation·
LFG! $ICP - The World Computer!!
Deviation tweet media
Snassy.icp@SnassyIcp

Since @dfinity has decided to build in public - commendable - and since the DEX is in play mode, I will post here about issues I find, since they form excellent and rare examples-in-the-wild but with no money on the line, perfect discussion material for those who are interested in software security. There are many categories of security bug. From really deep ones, where something is wrong in some cryptographic primitive we rely on (catastrophe, loads of apps go down) to some bug in app code that only impacts that app. There are far more of the latter, plus it’s the kind you might be involved in both causing and fixing, so it’s the kind to pay attention to. The bug in the quoted post is not a security bug, it’s just a broken method that will fail to present a report. So far I haven’t found any security bugs in the app code…but to be fair, at this time the source code has not been published (github link is dead) so all I have been able to do so far is inspect the API of their backend canister to see what pops up. That’s how I found the bug below, but also how I found something potentially more nefarious. Don’t worry, your fake funds are safu! And furthermore, one might disagree on if what I found is a security issue at all. It’s even possible that once the source code is published it turns out I was completely wrong, because my analysis is based entirely on guessing what a method might do from its name. The method name is setAnthropicApiKey(text) As mentioned there are many categories of security bug, and one evergreen category is “placing a secret where you think it’s safe but it isn’t”. The question before us is whether putting your Anthropic API key in a canister is safe. As it happens, this very topic has been the subject of heated debate between me and ChatGPT (and Claude, who agrees with ChatGPT) for many months. I have posted about it before. I have done my utmost to steelman the resistance but in the end I have been forced on grounds of reason and logic to yield to the very stern AIs. The verdict is clear: You should NOT put your important/valuable secrets in a canister! This is an important subject, and while I do agree with my very uncompromising (on this issue) AIs, rather than decree what “thou shallst nawt dothe” I prefer to explain the situation and let you draw your own conclusions. I see this as an opportunity to clarify an important architectural concern when building on ICP that you should definitely take the time to understand even as a vibe coder. Here’s the basic deal: You’ll have heard of Chain Key and Chain Fusion, and you know that when your ICP smart contract calls BTC, the BTC keys are split up among the node operators so nobody ever sees a full key. Beautiful and secure. You also know that for node operators to be able to tamper with your smart contracts several of them need to collude. Again, nice and secure. Then you have also heard that ICP supports private data in smart contracts. It does. But the conclusion you should be careful NOT to jump to, is thinking it would require colluding node providers to see your private data. Each node provider can see your private data. It only takes 1 corrupt node provider in a subnet to steal your secrets, no collusion necessary. If you upload your API keys, or BTC keys to a canister, they will NOT be broken into pieces where every node provider only sees a piece. Thus it is a terrible idea to store data that is sensitive to node providers seeing it in a canister. An Enterprise AI API key could potentially be worth more than a node operator profits in a year. It would be almost impossible to figure out which node op stole it, too. Dfinity is of course well aware of this and has drawn attention to it in documentation and have often discouraged storing important secrets in canisters. They also have roadmap items, delivered and future, to deal with this. But before going further, to show that this is not some unsolvable problem in general (only hard on-chain), what would be the recommended approach instead of storing, say, your Anthropic API key in a canister? Simple: you build a web2 server that has access to your key (stored in a safe vault) and calls Anthropic. Your canister makes a HTTPS outcall to your web2 server with the prompt, the web2 server uses its key to call Claude with your prompt and returns the result. This is what both ChatGPT and Claude recommends every time. Now let’s look at some ICP features that might look promising, if you don’t want the web2 server. VetKeys might seem interesting at first, but are not for this use case. They save data in encrypted form so node operators can’t read it, which is great, but the data will only be decrypted for the users with access - not for the code in your smart contract. Great for sending messages safely, but doesn’t work when your canister code needs to see the secret key to attach it to a call to Anthropic. The next thing that seems relevant is TEE/SEV-SNP subnets. Here we get much stronger protections against node operators seeing your data, so this is definitely a step in the right direction for our use case of storing expensive API keys. Some may even hold that it is enough. Going into what circumstances can cause SEV to break is too deep for this post, but the gist is that your data is no longer plaintext to node operators, and they’d have to work hard to see it. How hard? “Not hard enough!!” chorus ChatGPT and Claude who seem to share a thing for protecting AI API keys religiously. I think the important thing to remember at a high level is that to hack their own node and see your data, again the corrupt node op would not have to collude with other node ops - one evil node op with a zero day is enough. But even if you trust SEV, there’s another wrinkle. If you want to do HTTPS outcalls to Anthropic or OpenAI with your key, the replicas that will make the call for you need to see your key in plaintext. Oops. Back to the web2 server. So, my AIs aren’t pleased with SEV subnets either due to the HTTPS outcall issue - what would please them, other than the web2 server? It turns out the upcoming Internet Intelligence Gateway might fit the bill. If that can split up AI keys with Chain Key so node providers really have to collude to steal them, then my AIs are finally happy. But it still doesn’t mean you can put valuable secrets in canisters. You can’t. If you plan on using them in HTTPS outcalls, not even SEV subnets will help. The IIG would basically be a way to take the web2 proxy server and make it part of the protocol. NB: I only speculate the IIG will even work like this, I am not sure it will. But if it does, then there’s a solution my AIs will like. So, back to the setAnthropicApiKey method. Maybe it does nothing and this post is moot - except it isn’t because a general discussion on why not to store API keys in canisters is well due! But what if that method does store an expensive, enterprise AI API keys? Currently multidex isn’t even on a SEV subnet - any node operator would have been able to steal Dfinity’s high volume AI API keys! And even if they move the DEX to a SEV subnet, as we have seen that doesn’t help when they leak the key via HTTPS outcalls. Only the IIG, if it works as I speculate, could save this approach, otherwise the right solution is to put in a web2 proxy server. And as far as I understand, the IIG is a specialized solution for calling AIs, not a new general purpose vault for secrets. Still, perhaps that’s the plan, to use the IIG, this is after all only the play version of the DEX? Perhaps this is too soon to raise flags? Sure, that might be it. But then we scroll a bit further down the list of method names and stumble upon setGoogleApiKey… Bottom line: the way this DEX is built really does seem to contradict Dfinity’s own recommendations on how to handle secrets, unless the methods do something totally different than the names suggest. @dfinity please do take a look. Especially since this DEX will become a de facto reference for best practices on ICP.

English
0
4
39
1.5K
Crypto_Beard
Crypto_Beard@NFT_Collector13·
On $ICP’s MULTI/DEX you can now Send a text chat prompt: “Long $ICP with 30% of my portfolio.” And the exchange does the rest. CT spent years pretending DeFi UX had to feel like filing taxes. Now the order ticket is a chat box. multidex.ai
Crypto_Beard tweet media
English
4
17
91
1.9K
Internet Computer Today
Internet Computer Today@DfinityToday·
MULTI/DEX is officially live in Play Mode 🔥 The world’s most advanced DeFi is now open for the community to test, trade, and break. This is DeFi 3.0 — true, autonomous, on-chain trading with AI-native tech under the hood. Start trading → multidex.ai $ICP 🚀
Internet Computer Today tweet media
English
8
68
338
6.7K
dom | icp
dom | icp@dominic_w·
MULTI/DEX is live on multidex.ai in Play Mode. The community eval process has begun... Trade to win prizes!! Send bugs and exploits to multidex@dfinity.org for bounties!! GitHub link to follow. 100% onchain. Owned by the world. DeFi 3.0. NNS autonomy for safety 🔥📈
dom | icp@dominic_w

MULTI/DEX — the world's most advanced DeFi — will be released in game mode later this week, together with source code for ICP community eval. Players to get $100k dummy assets to compete. Will be offered to the NNS for autonomous/ownerless execution. *True* DeFi that mimics CEXs.

English
114
396
922
70.4K
BeInCrypto
BeInCrypto@beincrypto·
$ICP Multi/DEX is now live in Play Mode. It already saw over $162M in volume on day one, with more than $129K in fees. @dfinity founder Dominic Williams says it's the most advanced DeFi platform ever built. 👀 Anyone here given it a try yet? What's your first impression?
BeInCrypto tweet media
English
17
45
252
17.1K