Patrick Collins

33.4K posts

Patrick Collins banner
Patrick Collins

Patrick Collins

@PatrickAlphaC

Co-founder of 🛡️@cyfrin | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft | ⚔️ @battlechain

Level up Web3 Katılım Eylül 2019
4.7K Takip Edilen112.9K Takipçiler
Sabitlenmiş Tweet
Patrick Collins
Patrick Collins@PatrickAlphaC·
The @battlechain testnet is now LIVE. Come enter the ultimate red-team platform. Give us feedback so we can launch mainnet very soon, and fix web3 security.
English
52
80
575
72.1K
Securitize
Securitize@Securitize·
Securitize is now officially a public company, listed on the @NYSE under the ticker SECZ. Our focus is unchanged: building the regulated infrastructure for the next generation of capital markets. To everyone who helped us get here, thank you. Tokenize the World.
English
156
221
1.2K
304K
Patrick Collins retweetledi
Cyfrin Audits
Cyfrin Audits@cyfrin·
Every protocol we've audited faces the same gap. Code goes from audit to mainnet with real money and nothing in between. No staging. No adversarial testing. Just hope. We built something to fix that. Introducing BattleChain. Trial by Fire. 🧵
English
8
12
44
4.5K
Patrick Collins retweetledi
Cyfrin CodeHawks
Cyfrin CodeHawks@CodeHawks·
Gm, Web3. Did you miss us? To mark the launch of BattleChain Mainnet, CodeHawks is hosting its first audit in over a year! New competition announced: BattleChain Confidence Pools nSLOC: 589 Start date: July 9th, 2026 Noon UTC Duration: 1 Week Total rewards: 7.25 ETH 💰 Check it out! 👇
Cyfrin CodeHawks tweet media
English
32
44
315
25.1K
Jess
Jess@0xjesstech·
Sometimes building the product isn't enough. A good GTM strategy is critical. Join the Arbitrum Foundation for three days of: -> Refining product direction -> Getting real feedback -> Connecting in one of the best places to build Last year, in New York, we saw the @BondCredit team win Robinhood's $50k innovation award. This year, we're running the same program in London. Founder House London: 10 - 12 July, 2026 Apply here: luma.com/openhouse-lond…
English
12
12
53
8.1K
banteg
banteg@banteg·
fwiw i "probed" argot by trying to contribute and had a pleasant experience with sourcify maintainers. so maybe spin-outs are not that bad.
Ethereum Foundation@ethereumfndn

4/ @argotorg, incorporated in 2025, is a self-governed collective of engineers and researchers that maintains Solidity and open-source compiler tooling the Ethereum ecosystem depends on. Alongside that core maintenance work, it's a research home for more experimental work on programming languages and developer tools. Since formation, Argot has shipped releases, maintained compiler infrastructure, and supported research & tooling. x.com/argotorg/statu…

English
7
1
80
11.4K
EncodeWithSignature()🔥🔥
EncodeWithSignature()🔥🔥@uptown_crypto·
I am supposed to start Advance foundry early this month but my brother had a Car accident i am with him for Two weeks. Alhmdulillah i am now back fully loaded and Ready to Advance. The Gap between your vision and @PatrickAlphaC vision is where the deepest learning happens. 💯
EncodeWithSignature()🔥🔥 tweet media
English
4
0
10
271
Shushant ▵ | Definitive
Shushant ▵ | Definitive@Shushant·
Don't worry, EIP-8213 now supported :) cc @PatrickAlphaC github.com/WardenJakx/new…
Shushant ▵ | Definitive@Shushant

This project is in early alpha, with the following features on the roadmap: - Built in swapping with @DefinitiveFi flash API - Built in privacy with kohaku sdk - Clear signing support (ERC-7730) - Built in safe multisig support - Ability to use wallets in hardhat + foundry scripts - cli / mcp for agents Follow the progression of newframe here -> github.com/wardenjakx/new…

English
1
0
5
1.3K
Charles Guillemet
Charles Guillemet@P3b7_·
🚨Taiko drained for ~$1.7M. Root cause: a private key committed to a public GitHub repo. enclave-key.pem, the RSA key used to sign all of Taiko's SGX enclaves, sat in the public taikoxyz/raiko repo. That key is the whole trust model. The attacker derived MrSigner from the public key, signed their own malicious enclave with the leaked key, and registered as a trusted prover. The L1 contracts trust any enclave whose MrSigner matches. It matched. From there: forged SGX attestations on fake L2 blocks, processMessage() sets the message to RETRIABLE, retryMessage() does zero proof verification, funds leave. No key theft. No social engineering. No SGX exploit. Just a .pem in a public repo. Good opportunity to recall that SGX is broken. But here, nobody even had to break it. It's just yet another key management failure. The whole system was only ever as strong as the secrecy of one RSA key, and that secrecy depended on a human not running git add . on the wrong folder. AI greps every commit of every public repo at machine speed. Assume that is already happening. The only real exit: a verifier that checks a succinct validity proof of the L2 state transition. It trusts no enclave, no MrSigner, no operator discipline. It checks the math. In that world this exact attack becomes cryptographically impossible rather than operationally unlikely, because there is no privileged key whose leak forges the entire system. There is just a proof. Stay safe.
Charles Guillemet tweet media
English
39
50
354
185.7K
Patrick Collins
Patrick Collins@PatrickAlphaC·
whoops-a-daisy
Charles Guillemet@P3b7_

🚨Taiko drained for ~$1.7M. Root cause: a private key committed to a public GitHub repo. enclave-key.pem, the RSA key used to sign all of Taiko's SGX enclaves, sat in the public taikoxyz/raiko repo. That key is the whole trust model. The attacker derived MrSigner from the public key, signed their own malicious enclave with the leaked key, and registered as a trusted prover. The L1 contracts trust any enclave whose MrSigner matches. It matched. From there: forged SGX attestations on fake L2 blocks, processMessage() sets the message to RETRIABLE, retryMessage() does zero proof verification, funds leave. No key theft. No social engineering. No SGX exploit. Just a .pem in a public repo. Good opportunity to recall that SGX is broken. But here, nobody even had to break it. It's just yet another key management failure. The whole system was only ever as strong as the secrecy of one RSA key, and that secrecy depended on a human not running git add . on the wrong folder. AI greps every commit of every public repo at machine speed. Assume that is already happening. The only real exit: a verifier that checks a succinct validity proof of the L2 state transition. It trusts no enclave, no MrSigner, no operator discipline. It checks the math. In that world this exact attack becomes cryptographically impossible rather than operationally unlikely, because there is no privileged key whose leak forges the entire system. There is just a proof. Stay safe.

English
12
8
75
13.4K
Patrick Collins retweetledi
Vesko210
Vesko210@Vesko_210·
My first Web3 security audit payout! Could have been a lot better, but right now I'm actually one of the happiest men alive.🎉 Watched 4/5 @PatrickAlphaC 12/24 hour long videos, learned from past contest results, did a ton of reading and finally got some results.
Vesko210 tweet media
English
33
9
359
15.3K
Dhanyosmi
Dhanyosmi@thedhanyosmi·
@PatrickAlphaC where you man ? I haven't seen your any tweet recently ? Is everything fine at your end 👀?
English
1
0
1
46
The Centurion
The Centurion@_the_centurion·
@PatrickAlphaC Please remind them to never use the .env for private keys. You'll fail them in the audit. I am becoming a bad ass, just deployed one on the test net
The Centurion tweet media
English
1
0
1
28
Patrick Collins retweetledi
Ethereum Foundation
Ethereum Foundation@ethereumfndn·
1/ ICYMI: Clear signing is now live. Hear how the Ethereum ecosystem is coming together to make transactions readable.
English
70
183
763
122.4K
Cyfrin Updraft 🟩
Cyfrin Updraft 🟩@CyfrinUpdraft·
An unused internal function sitting in your contract isn't just dead code. It's a gas waste and a sign that something was planned but never wired up. During a security review, these small details matter. 🧵
English
2
0
15
848
0xaudron
0xaudron@0xaudron·
This one resource changed the trajectory for so many people. Some built their own audit firms, making millions by protecting billions, and many started making six figures a year. Either they watched this, or recommend it anyway - youtube.com/watch?v=pUWmJ8… Gotta appreciate @PatrickAlphaC👏
YouTube video
YouTube
English
9
9
91
9.4K