Robert Chen

400 posts

Robert Chen

@NotDeGhost

founder @osec_io | web/pwn with @redpwnctf + @dicegangctf | prev @dfsec_com

Katılım Eylül 2018

636 Takip Edilen6.5K Takipçiler

Robert Chen retweetledi

OtterSec@osec_io·2d

We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled. Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓

English

108

520

39.8K

Robert Chen retweetledi

Michael Debono@_mixy1·7 Mar

ctfs are dead PLEASE PLEASE PLEASE stop making jeopardy ctfs. This is not fun at all to put effort into. Lets try and find a new format or something cause I'm gonna [redacted] if I see another ctf get half its challenges cleared in the first 30 minutes.

English

330

31K

Robert Chen retweetledi

OtterSec@osec_io·3 Mar

We found the same Fiat-Shamir bug in six independent zkVMs. The result: an attacker can bypass the cryptography entirely and prove mathematically impossible statements (like minting $1M out of thin air). Full breakdown ↓

English

135

833

101K

Robert Chen@NotDeGhost·18 Şub

@paradigm @OpenAI see @0xalpo's tweet for more details: x.com/0xalpo/status/…

Alpin Yukseloglu@0xalpo

new collab from @paradigm and @OpenAI: evmbench is a benchmark and agent harness for exploiting smart contract bugs a few months ago, the best models found <20% of critical, fund-draining @Code4rena bugs in our benchmark. today they find > 70%

English

1.3K

Robert Chen@NotDeGhost·18 Şub

There's been a lot of closed-source AI auditors recently, hopefully the future will be more open Happy to contribute to @paradigm and @OpenAI's work on EVMbench, to raise the baseline in EVM security for everyone

OpenAI@OpenAI

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

English

9.2K

Robert Chen retweetledi

OtterSec@osec_io·18 Şub

Huge congrats to OpenAI and @paradigm on the EVMbench release! OtterSec was glad to contribute to this effort.

OpenAI@OpenAI

Introducing EVMbench—a new benchmark that measures how well AI agents can detect, exploit, and patch high-severity smart contract vulnerabilities. openai.com/index/introduc…

English

7.4K

Robert Chen@NotDeGhost·13 Şub

@r0bre @osec_io x.com/osec_io/status…

OtterSec@osec_io

osec.io/careers/intern

QME

181

r0bre | Accretion.xyz@r0bre·13 Şub

@osec_io Where do i apply @NotDeGhost

English

903

OtterSec@osec_io·12 Şub

Spend the summer in NYC (we cover rent). Work alongside our team on audits and tooling, learn how we actually do security research, and get support for your own projects. Apply below ↓

English

246

37.1K

Robert Chen retweetledi

OtterSec@osec_io·8 Ara

We’re excited to announce a shared leadership structure with @asymmetric_re! Teams today face risks that span audits, research, engineering, and incident response, and clear coordination is important.

English

9.4K

Robert Chen retweetledi

Asgard Finance@asgardfi·3 Ara

There’s never been a better time to take the right position For those Fearless enough to act Forged on Solana

English

248

41.6K

Robert Chen retweetledi

Harrison Green@hgarrereyn·24 Kas

Some thoughts on a recent trend I've been seeing with academic research on applied LLM systems c.mov/academic-arbit…

English

1.8K

Robert Chen@NotDeGhost·17 Kas

Excited to speak at Breakpoint this year with @jacobvcreech to talk about Anchor v2 (and why you should not write your own framework)

English

138

21.2K

Robert Chen retweetledi

OtterSec@osec_io·12 Kas

Our research team achieved client RCE on Minecraft Bedrock Edition via a heap overflow to bypass ASLR and sidestep CFG. Writeup to come.

English

277

3.1K

221.2K

Robert Chen retweetledi

ryaagard@ryaagard·12 Kas

Writing this exploit was quite hard 🫠

OtterSec@osec_io

Our research team achieved client RCE on Minecraft Bedrock Edition via a heap overflow to bypass ASLR and sidestep CFG. Writeup to come.

English

630

39K

Robert Chen retweetledi

OtterSec@osec_io·16 Eki

NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers. Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits. osec.io/blog/2025-10-1…

English

Robert Chen@NotDeGhost·10 Eki

@y2kappa 🦦🤝 @kamino

QME

389

Marius | Kamino@y2kappa·10 Eki

This is our second formal verification for Kamino Lend, but an extremely critical one. A completely different methodology, same results (solvency), therefore validating the outcome of the first verification. No need to preach the virtues of formal verification again. This is simply about holding ourselves to the highest standard. Always a pleasure working with @NotDeGhost 🫡

Kamino@kamino

1/ Excited to announce that Kamino Lend has been formally verified by @osec_io — bringing our total formal verifications to 4 This further establishes Kamino as the gold standard for safety and security in @solana DeFi Open source. 18x audits. 4x formal verifications.

English

153

43.4K

Robert Chen@NotDeGhost·1 Eyl

Fewer than 28 remaining…

Brian Long | Devil's Advocate@brianlong

Fewer than 29 remaining…

English

2.1K

Robert Chen retweetledi

OtterSec@osec_io·30 Ağu

NEW: Proof of Reserves you can verify yourself. We teamed up with @Backpack to build PoRv2, a zero-knowledge system for fast, transparent solvency checks. More on how we designed it ↓ osec.io/blog/2025-08-2…

English

144

29.2K

Robert Chen@NotDeGhost·28 Ağu

@theprivacycash @toly we'll take a look, can you message me on TG @notdeghost

English

202

Privacy Cash@theprivacycash·28 Ağu

@toly We also opened an issue on Osec github 5 days ago, and haven't heard back: github.com/otter-sec/sola… But for now anyone can manually verify the code hashes match for full code integrity. (The verification command is on github)

English

819

toly 🇺🇸@toly·28 Ağu

Immutability, formal verification and verified builds pls. If you want to win in this space you need to compete on aum at rest in the state root. Thats only gonna happen if the implementation is risk free.

Privacy Cash@theprivacycash

Transfer SOL. Privately. Privacy Cash lets you transfer funds to a clean wallet without linking past addresses or transaction history. Why Privacy Cash?

English

205

64.6K

Robert Chen@NotDeGhost·26 Ağu

Excited to speak at @StellarOrg Meridian this September :)

English

14.2K

Robert Chen@NotDeGhost·25 Ağu

@cavemanloverboy @trentdotsol which market is more liquid tho?

English

299

wavey cavey ∿@cavemanloverboy·25 Ağu

@trentdotsol can you actually buy all those solanas at that price today tho?

English

493

wavey cavey ∿@cavemanloverboy·25 Ağu

if my math is right, hardware to execute 51% attack on btc is cheaper than 33% of sol stake 1ZH / (200 TH/ S21) * ($4K/S21) = $20b 1/3 of SOL mc = $40b

English

3.1K

Keşfet

@paradigm @OpenAI @0xalpo @r0bre @osec_io @asymmetric_re @jacobvcreech @y2kappa