Noah 🎈

@trentdotsol Wow first you took @toly’s GitHub permissions and now you’re coming after technical gibberish? Unreal

periodic reminder that "zero day" means that the vendor has had zero days to patch the vuln. it says nothing about the nature of the vuln. don't get confused by technobabble

Macros are fun

@longtilwrong @toly Lawd I don’t think I ever looked closely at the org

@redacted_noah @toly github.com/near/borsh

Solana if we had never started using Borsh

@longtilwrong @toly Wait what I never knew that

@redacted_noah @toly Craziest part of this lore is that borsh was created by the NEAR core team

@iamknownasfesal @ikadotxyz wen unified cross-chain signing standard

@redacted_noah @ikadotxyz clear signing itself is an amazing idea 🫡 i'm just putting it one step further, for all chains, in a zero trust way

i agree, you can just build things clear signing, not only in solana, but in every chain, no need for unsecure multisigs when you have solana programs 🫡 the example in the video shows a sepolia eth transfer tx built with @ikadotxyz pre alpha, bridgeless capital markets

Quasar devs ship my feedback faster than Amazon prime. I don’t know what Leo’s X handle is, but holy GOATed github.com/blueshift-gg/q… github.com/blueshift-gg/q…

@therealchaseeb I actually wouldn’t be surprised if there’s no more big cycles. Just a slow grind up from here. Institutional money acts as a dampener. Keeps prices higher in a bear, lower in a bull. Shame we have adults in the room with us now 😂

@redacted_noah Yeah. Any day you could hit a 100x. Now we’re happy with +2% And half of us are trading equities 😭

This is my 3rd bear market. It is the worst one I’ve experienced. In past years prices went down a lot and 50 of us just made memes and prayed for coins to go up for 2 years. This bear market feels much more brutal even though prices didn’t drop as far for majors (yet). Vibes are horrible. Much more toxicity. And the geopolitical stuff isn’t helping and AI stole a lot of mindshare from a lot of really strong crypto talent. Maybe it’s recency bias, but I don’t think so. I have memories of having a lot of fun during prior bear markets, even with my bags down 99%. It wasn’t fun every day, and it was still painful, but had its moments and memes. Anyways, I guess the silver lining is that crypto is gaining adoption and when we make it out of this, it’s probably gonna be really fucking cool.

@quantmilkman Spoofed how? The message on the ledger is what gets returned signed to the computer which gets relayed to the contract. Contract will only execute the transaction specified if the message is an exact match. So computer can’t send a fake message to the Ledger or it won’t execute.

@redacted_noah can’t this just be spoofed?

You can just build things. No more blind signing. No need for a dedicated signing device when you can just trust your Ledger.

Spoofed in what way? What you’re signing on the ledger is what will happen on chain (if that signature is used, worst a compromised computer could do is not send that message). A compromised computer could send the wrong message to the ledger, but then the signature wouldn’t be valid against the proposal on chain.

@redacted_noah @zen_llama @fordudesake how do you know the message is not being spoofed tho

@WhankFrite @jsontsx Damnit. Notification clipped the top comment 😂 My point stands.

@redacted_noah @jsontsx i wasn’t talking to you lol

@SimkinStepan @ansel_sol @BasedOrion_ LETS GIVE IT UP FOR V6 lol

@redacted_noah @ansel_sol really cooked on this one v5 (the smart account program) is live already and formally verified, lets see how we can incorporate this @BasedOrion_

@WhankFrite @jsontsx Well I already knew that. It’s basically in my x handle

@jsontsx @redacted_noah maybe it’s not crypto that’s retarded, it’s you

@connan_james I’m pretty excited. To me it’s a way to eliminate the attack vector that North Korea took on drift with virtually no additional operational overhead compared to what they were already doing.

@redacted_noah I'm retarded but this seems awesome

@zen_llama @fordudesake Oh there's no need to update ledger. It's a novel solution I built using signMessage support. You just signMessage and on-chain verifies the message and executes a templated tx

@redacted_noah @fordudesake Is this being pushed to ledger’s updates? Or just poc rn?

I did a *lot* of magic using the super clever zero copy logic they put into quasar. Vecs on Vecs on Vecs inside a zero copy account. Def possible to port but it'd be a lot more code, and a lot more error prone. @deanmlittle and Leo really cooked on this one, now I'm dependent 😂 Either that or Borsh it and Anchor. But you'd spend a lot of CU's and heap on something that needs to CPI. Which isn't great. I guess the question would be, what's the timeline on getting Quasar stable and audited, and do we want this clear msig live before that? Keep in mind this multisig also probably needs to be live with an upgrade authority for a while to address bugs and super necessary features I didn't think of. Remember squads v4 was live for a while before everyone switched.

@redacted_noah @levicook Pinocchio?

I guess I should say, the only way in which the solflare hardware key makes you more secure than a normal solflare hot wallet is that you can't sign txs at will once the device is compromised. You have to wait until the user presents the card to do something naughty. But imo that's not much better than a hot wallet.

@solflare Yeah, I think the problem is that if your software (where solflare exists) is compromised it doesn't matter whether you have the hardware wallet card.