🐸Smart🐸Contract🐸Programmer🐸

2.7K posts

🐸Smart🐸Contract🐸Programmer🐸

🐸Smart🐸Contract🐸Programmer🐸

@ProgrammerSmart

https://t.co/1QN0tguH9c https://t.co/9Is13KVO2c https://t.co/k6t3JMxZen https://t.co/LLkIeiANtk

Katılım Nisan 2019
260 Takip Edilen26.8K Takipçiler
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
merkleplant.eth
merkleplant.eth@merkleplant_eth·
@ProgrammerSmart Feel free to reach out if you have questions 🤝 It's a quite beautiful scheme to implement in EVM
English
2
1
1
319
🐸Smart🐸Contract🐸Programmer🐸
Math of WstETH stETH is rebasing WstETH is not how does WstETH accounting work? X = _getShareRateNumerator()) / _getShareRateDenominator() Notes github.com/t4sk/notes/blo… WstETH #code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x7f39… stETH #code" target="_blank" rel="nofollow noopener">etherscan.io/address/0xae7a…
🐸Smart🐸Contract🐸Programmer🐸 tweet media🐸Smart🐸Contract🐸Programmer🐸 tweet media🐸Smart🐸Contract🐸Programmer🐸 tweet media
English
1
2
28
1.7K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
Sigma Prime
Sigma Prime@sigp_io·
In addition to our Technical Account Manager role, we’re also hiring a Business Development & Growth Manager. More details below
Sigma Prime tweet media
English
9
8
120
10.5K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
InfiniteSec
InfiniteSec@infsec_io·
🛡️ Looking for part-time audit engagements — hire me. I'm InfiniteSec, an independent security researcher focused on L1/L2 and smart contract security. Available for private audits, contest support, or ongoing part-time engagements. Track record: • HackenProof: #4 all-time, $500k+ in bounties • Immunefi: $70k+ this year • Cantina: $60k+ this year • Ethereum: Top 10 on the consensus-layer bounty leaderboard • TON: multiple high-severity bugs, credited in official releases • Filecoin: #12 all-time github.com/link-infsec DMs open 👇 — reach out if your team needs an extra pair of eyes.
English
2
3
52
2.9K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
Pyro
Pyro@0x3b33·
On 11th of July Bonzo Lend (@bonzo_finance) got hacked for 9M The attacker deposited 3$ of collateral and walked out with $9M, without forging a single signature. Here is how 🧵 1⃣ Project summary Bonzo Lend is Hedera's (@hedera) largest lender. It reads asset prices from Supra's oracle. Every price Supra writes on-chain is supposed to carry a valid BLS signature from its committee, and the feed contract verifies that signature before storing the price. That check is the only thing standing between "a price" and "the price". 2⃣ The bug Wallet A submitted a price update where the BLS signature field was [0,0]. A zeroed signature. No real committee ever signs a zero. To verify a BLS signature you run a pairing check, roughly `e(signature, G) == e(H(message), pubkey)`. Supra's verifier built that check and handed it to Hedera's alt_bn128 pairing precompile (system contract 0.0.8). The problem: both the submitted signature AND the referenced committee public key were the point at infinity (zero). Pair anything with the identity and you get the identity back, so the equation held trivially and the precompile returned 1 (true). Under EIP-197 that is the correct answer for that input. The precompile did its job. The verifier did not. 3⃣ The attack path 1. Deposit 250 SAUCE (worth ~$3) into Bonzo Lend as collateral. 2. Push a price update to Supra's pull oracle with a [0,0] signature. The raw price field was 1 followed by 30 zeros, roughly 12 orders of magnitude above SAUCE's real ~0.2 HBAR. 3. The verifier accepts the blank signature and the fake price is written on-chain. 4. 8 seconds later, borrow against the now absurdly valuable collateral: - 6,634,528.20 USDC - 34,518,389.36 WHBAR ~$9.05M total. 5. Swap the loot into WETH and WBTC and bridge ~$5.25M to Ethereum via LayerZero (per PeckShield: ~2.36K ETH and ~15.58 WBTC). No flash loan. None needed. Write the price in one tx, borrow against it in the next.
English
3
17
101
11.7K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
theBugLifestyle
theBugLifestyle@botdidy·
After 5months +, i got a reply under my tweet and now under the @dopplerprotocol report. TRIAGED->ACKNOWLEGED->REJECTED Like just forget bout it man… Also I wonder who budkayo is 😂. LESSON LEARNT! 😂 You shouldn’t have moved to another chain 😂
theBugLifestyle tweet mediatheBugLifestyle tweet media
theBugLifestyle@botdidy

I submitted a high severity vulnerability on @dopplerprotocol by Whetstone since February 2nd which was triaged by @cantinasecurity. Today is the 1st of July and I’ve not received a single response from the Team (Zero response). Guess what else?

English
2
2
10
2.5K
🐸Smart🐸Contract🐸Programmer🐸
@josephdelong I don't know the exact mechanics of signature verification for ETH nodes. But I presume that nonce is part of the message that you are signing. Therefore if the nonce changes then so does the message.
English
0
0
3
265
joseph.eth
joseph.eth@josephdelong·
@ProgrammerSmart So every time someone bumped their nonce on a slow transaction with Metamask they exposed their private key!?
English
2
0
2
789
文文
文文@wen21447219·
@ProgrammerSmart 面对这种可能性的威胁,普通用户的最佳实践是什么
中文
2
0
0
380
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
Essential
Essential@only01Essential·
Found a bug in @NibiruChain and they are posting me in a branch product. I found and reported a serious chain halt bug in nibiru, which they fixed, then they claimed it was a cosmos bug and thus not going to pay for it, I have never seen a more pathetic excuse than this: github.com/NibiruChain/ni…
Essential tweet media
Sai@SaiDotFun

Shoutout to @only01essential for being an active member in the Sai community. From finding bugs to helping strengthen the platform, your contributions don't go unnoticed!

English
9
3
65
10.3K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
usmann
usmann@usmannk·
I also found and reported a bug last week that would have compromised the entirety of all funds on @NibiruChain. While they have read the report and since fixed the bug, they haven't done so much as respond to a single message of mine -- not even the report itself.
Essential@only01Essential

Found a bug in @NibiruChain and they are posting me in a branch product. I found and reported a serious chain halt bug in nibiru, which they fixed, then they claimed it was a cosmos bug and thus not going to pay for it, I have never seen a more pathetic excuse than this: github.com/NibiruChain/ni…

English
5
3
50
5.4K
Aldric
Aldric@0xaldric·
@ProgrammerSmart even with a chainlink wrapper, the heartbeat/deviation gap is where a fast move slips through
English
1
0
1
29
🐸Smart🐸Contract🐸Programmer🐸
Dollar cost average vault Sell token = X Buy token = Y - User deposits X - X earns yield from external DeFi - X can be swapped to Y, rate limited by time and amount - Oracle checks swap price Code (not tested) github.com/t4sk/notes/blo… Math based on Liquity stability pool
🐸Smart🐸Contract🐸Programmer🐸 tweet media
English
5
1
37
2.8K
🐸Smart🐸Contract🐸Programmer🐸 retweetledi
Immunefi
Immunefi@immunefi·
This Security Researcher has earned $1,764,402 on Immunefi. $519,991 in 2026 alone (so far). Now @__nnez is coming on The Immunefi Show to break down his hunting process, how he chooses targets, and how to use AI to actually find bugs. What should we ask him?
Immunefi tweet media
English
20
11
203
11.8K