Sabitlenmiş Tweet
Lots of Alpha in my talk on MEV and block production from @EthereumZurich this weekend.
Check it out!
youtube.com/watch?v=mZYDqS…
YouTube
English
Torgin (not your keys not your coins)
5.1K posts
Torgin (not your keys not your coins)
@MTorgin
Auditor at @chain_security. Opinions are my own.
Katılım Şubat 2021
1.5K Takip Edilen2.2K Takipçiler
Torgin (not your keys not your coins) retweetledi
We made people eat bugs at Devconnect Buenos Aires. Check the first comment to see who’s in the video & vote for the best reaction.
🏆 Winner gets a lifetime bug supply + a printed copy of the EF mandate.
PS: This is not an April's fools, we're completely serious.
English
Looking forward to it!
Stake Capital Group@StakeCapital
Ship Fast, Get Rekt. Tomorrow at @EthCC, @JulienBouteloup joins the panel on what happens when speed beats security. With @MTorgin (@chain_security), @PabloSabbatella (@opsek_io) @0xFlint_ (@Certora), and Debra Nita Ravindran (@YAPGlobalTeam). 14:15 - Hepburn Stage.
English
The llamas have the best swap interface ❤️❤️
0xngmi@0xngmi
someone just swapped $50m for $36k on cowswap through aave's frontend, effectively losing 50m if you try to make this swap on llamaswap the UI won't let you at all, buttons get locked we've spent years building a price API with the highest coverage of defi tokens to avoid this
English
My public address for TheDAO researcher application is torgin.eth
English
Google Ads scams are on the rise again. Here's what to do if you see one:
Klara Kovačević@klarakova
9/13 What to do if you find a malicious ad: - Report via adstransparency.google.com - Collect screenshots + landing URL - Escalate through Google’s abuse form with your official domain via support.google.com/ads/troublesho… - Warn your community
English
@markgadala @MTorgin were you trying to get spies in my house??
English
This story is actually insane:
• dude drops $2000 on a DJI robot vacuum like a lunatic
• refuses to use the normal app like a peasant
• Sammy Azdoufal fires up Claude to crack the API so he can drive it with an xbox controller
• Claude delivers the goods
• pulls an auth token from their servers, connects successfully
• except the system thinks he controls 7000 vacuums
• checks again
• yep, seven thousand
• DJI built authentication with zero device ownership verification
• any valid token works for any unit on the planet
• Sammy now has eyes inside homes across 24 countries
• live vacuum camera feeds everywhere
• full floor plans from the mapping data
• some guy in germany eating cereal at 3am, unaware his roomba is snitching
• one API call away from being the most informed burglar in history
• all he wanted was to steer his vacuum with a joystick
• does the right thing and reports it
• DJI fixes it in two days
• back to normal life with his stupidly expensive floor cleaner
• IoT companies stay undefeated at shipping garbage security
English
Torgin (not your keys not your coins) retweetledi
Aave V4's third security audit has been published by @chain_security.
Review their findings below.
English
DeFi composability is the future of Finance.
@CurveFinance and @frankencoinzchf, both audited by @chain_security 😎
Michael Egorov@newmichwill
🇨🇭Just discovered that the fastest crypto-native way of paying CHF bills is this: - Buying ZCHF on @CurveFinance; - Sending those to @mtpelerin; - Paying CHF from there, conversion is 1:1! Powered by our FX pools apparently
English
Did not know this before!
ChainSecurity@chain_security
Inaccurate gas estimates on @ton_blockchain can lead to critical security issues. 🛡️ Today, our TON specialists share the knowledge gained from vulnerabilities uncovered during recent DeFi audits. Dive into the technical details: chainsecurity.com/blog/ton-gas-e…
English
@EmilieRaffo Love the shirt @EmilieRaffo!
English
Surprinsingly unhinged panel today at Global Blockchain Show.
We disrespected:
- nobel prize winners
- banks
- L1s
- topic and duration of the panel
I want more of this pls 😂
United Arab Emirates 🇦🇪 English
Torgin (not your keys not your coins) retweetledi
Briefly checked this one. Still not everything clear to me, and @yearnfi team told that the official post-mortem is still to be made only after they understand everything.
But two takeaways for buidlers:
- Be careful with unsafe math. It's unsafe unless you proved it is safe;
- Fuzz, fuzz, fuzz. Don't trust yourself and fuzz again.
banteg@banteg
yeth exploit post mortem github.com/banteg/yeth-ex…
English
English
@sarahxmary @chain_security I must admit ... I delegated this mission to an engineer 😃. The worst thing about being a @chain_security engineer is probably having to deal with my shenanigans haha
English
People complained about our old boring bugs.
Well ... @chain_security landed in Argentina with some new bugs, and you're going to fall off your seat when you open these 😀
Ciudad Autónoma de Buenos Aires, Argentina 🇦🇷 English
Torgin (not your keys not your coins) retweetledi
🧵Hola Buenos Aires! ChainSecurity is in town for @EFDevcon & @partyactionppl 🇦🇷
From talks, panels, MC duties, and community events,
here’s your full chronological guide to where you can catch our team 👇
English
So important and often missed these days.
If you don't fully understand what this means, I highly recommend looking into it.
vitalik.eth@VitalikButerin
Regular reminder: A key property of a blockchain is that even a 51% attack *cannot make an invalid block valid*. This means even 51% of validators colluding (or hit by a software bug) cannot steal your assets. However, this property does not carry over if you start trusting your validator set to do other things, that the chain does not have control over - at that point, 51% of validators can collude and give a wrong answer, and you don't have any recourse.
English
@functi0nZer0 Afaik you'll want to split the dose, 10g morning 10g evening.
But also I expect you need to take it consistently, not just one day, to have even a theoretical effect? 🤔
English
Good morning, chat, today we find out if the science behind 20g of creatine waking you up after a bad nights sleep is accurate
I figure I either get some mental clarity from on high or I’ve just speedran downing magnesium citrate: both count as focus
English
@Thealphacruze @vinibarbosabr @KamBenbrik @NEARProtocol Sounds like they just couldn't be bothered to redo the failed vote and decided to use this as an alternative voting mechanism.
Kind of makes sense if it's hard to mobilize enough votes to pass a quorum, but would still be cleaner to follow the standard process imo.
English
@MTorgin @vinibarbosabr @KamBenbrik @NEARProtocol So unless 80% of validators do this upgrade they'll scrap it and the next upgrade won't be an improvement on this one?
so it will have no relation to the 50% token inflation cut?
then why push the upgrade in the first place when it was rejected?
English
The situation on @NEARProtocol:
- There was a governance proposal to reduce the inflation rate by 50%
- The proposal didn’t get enough votes from validators and failed because it didn’t reach the threshold
- The NEAR team still decided to implement this change in the next upgrade
- Now, if validators upgrade, they’re forced to accept this change in inflation even though the proposal initially failed due to a lack of votes!!
Governance is broken, @ChorusOne decided not to upgrade to prevent bad behaviors like this from happening.
Chorus One@ChorusOne
NEAR Governance Proposal 🚨 We would like to publicly share our concerns regarding a serious governance issue currently happening on the @NEARProtocol blockchain.
English
@Thealphacruze @vinibarbosabr @KamBenbrik @NEARProtocol Sounds like the idea is to only build further on the current upgrade in case 80% of validators upgrade to it.
English
@vinibarbosabr @KamBenbrik @NEARProtocol Okay but then what happens with the upgrade after that?
Or when something important that could be detrimental to validators who don't upgrade comes?
At that point it IS forced
This comes off as wholly disingenuous
English