조 마마

@Ehsan1579 @0xCharlesWang Do you think this guy has schizophrenia? clearly delusions.

I haven’t been in the gym in a while, and it’s not because I don’t value it. When I’m working nonstop every day, the gym is the first thing that disappears. Deep focus takes time to build, and breaking it to go work out completely kills momentum. You lose time getting there, time coming back, and when you finally sit down again you’re tired and your focus is worse than before. Even at night, when I know I should sleep, I don’t. I keep working because the workload never really ends, there’s always something else that needs attention. I can't fall asleep knowing there's something that needs to be done or discovered. It feels like suffocating in an ocean of work where stopping, even briefly, makes everything harder. During these intense periods, the gym honestly feels unproductive. I don’t think this is just a “me” problem either, I think it’s pretty universal for people who are genuinely working nonstop. That’s why I struggle to believe the whole locked in and hitting the gym every day thing. If you’re truly in deep, uninterrupted focus, there’s no clean way to pause it, go lift, and come back like nothing happened.

@ZeroK_____ cool but you have 2k rewards from bugs and 6k from allstars, which would make your real rank 12

Another win on the @immunefi Alchemix contest, secured second place 🥈 Shining like a STAR ✨

Been doing some big stuff lately. Working non-stop day and night these days, it’s too exciting I can’t sleep.

@trungore 😂😂😂😂😂

@KimJoeMin @immunefi love language 🤣🤣🤣

Not a big one but it's my first confirmed non-solidity bug @immunefi #immunefitribe immunefi.com/s/ss/?severity…

@__Raiders Proof or it didnt happen, same as sherlock ai, they find non true crits

Thanks for the amazing response yesterday! Found 2 medium, 1 high, and 4 low bugs in 2/5 PRs we scanned. Recently shipped Solidity code? >>> DM me your public PR link.

@sherlockdefi @pashov I gotchu 🤝

@sherlockdefi @40acresFinance ChatGpt can do it for free and better

Sherlock AI reported a Critical vulnerability in the @40acresFinance protocol. The 40acres team generously allowed us to share the details publicly so others can learn from the finding. Here’s how the vulnerability worked: First, veNFTs are a special type of vote-escrowed ERC721 tokens that earn weekly rewards. 40acres gives veNFT holders instant access to loans based on their veNFT’s future revenue. Each borrower’s veNFT sits inside a personal PortfolioAccount that routes functionality through modular “facets” using the diamond proxy pattern. The exploit allows an attacker to reclaim their collateral (veNFT) from their PortfolioAccount without repaying the loan. Check out the aerodromeVote() function below. 40acres has a very cool feature that allows borrowers to vote with their veNFTs held as collateral in 40acres. The function has the following problem: The loanContract address is not validated, allowing a malicious user to specify an arbitrary contract. This contract could be approved to control the veNFT in the PortfolioAccount, enabling its transfer during the vote() call in the malicious loanContract. Attack Steps 1) Attacker deploys a malicious contract that implements ILoan.vote(uint256) to call transferFrom/safeTransferFrom to transfer the approved veNFT. 2) Attacker calls portfolioAccount.aerodromeVote(maliciousContract, tokenId). The portfolio fallback delegates to the facet, which lacks input validation and calls maliciousContract.vote(tokenId) and transfers the veNFT back to the attacker, even though the loan has not been repaid. Note: The repetition of the bug causes the lending pool to be drained - doing it once is just taking a loan & stealing your veNFT back. Impact Unbacked loans across the system. Any borrower can reclaim their own collateral mid-loan, leading to full insolvency of the lending pool. Acknowledgements Thank you to @defsec_, @vinica_boy, and @onthehunt11_ for helping with this writeup. Important to know: The 40acres team discovered the bug and applied a fix prior to launch Detected by Sherlock AI You can see the original issue as generated by Sherlock AI in the next tweet. The run took 3 hours 59 minutes from start to finish. Sherlock AI brings security to the development process, scanning commits and call paths early, surfacing high-impact flaws fast, and giving auditors clearer visibility into complex systems. In practice, that means issues like this can be caught and resolved long before audits, bounties, or deployment. Try Sherlock AI for your protocol today.