Shane

237 posts

Shane

@ShaneRunquist

@Certora

Katılım Aralık 2013

214 Takip Edilen99 Takipçiler

Shane retweetledi

Mooly Sagiv@SagivMooly·6 May

Rounding errors have drained millions from DeFi protocols. Certora is building an open source static analysis tool for Solidity to prevent them, and we're participating in the @ethereum Security QF Round from @thedaofund. Your donation helps us go further ↓

English

7.3K

Shane@ShaneRunquist·5 May

certora.com/blog/prover_v8…

ZXX

Shane@ShaneRunquist·5 May

And added support for the --multi_assert_check feature for Soroban smart contracts.

English

Shane@ShaneRunquist·5 May

🎉Certora Prover v8.13.0 released - enhancements for EVM, Solana, and Stellar/Soroban The @Certora Prover is an open-source formal verification engine that proves smart contracts can only behave as intended ... & finds real bugs, otherwise. And it keeps getting better 👇

English

748

Shane retweetledi

Certora@Certora·23 Nis

This week the @arbitrumdao_gov Security Council froze 30,766 ETH (~$71M) connected to the @KelpDAO exploit, taking it out of reach of the Lazarus Group (a hacking collective with ties to the DPRK). Certora's VP of Security Labs Elad Erdheim was one of the signers protecting the funds. Before it all happened, our team flagged two critical edge cases that hadn't been identified yet: 1. If the recovery process wasn't atomic, it would open a window for anyone to drain @arbitrum user funds. Billions of dollars would have been exposed. 2. If the exploiter reduced their balance by even a small amount, the proposed tx would fail, giving them time to move funds before the council could regroup and sign a new one. Both issues were mitigated before the transaction was finalized: the sequencer could be paused in either scenario, giving the council a 24-hour window to respond. The tx went through. $71M was protected thanks to smart, thoughtful, and security-first responders. Certora supports decentralization. And we support the failsafes, circuit breakers, and redundancies that will help the industry mature.

Arbitrum@arbitrum

The Arbitrum Security Council has taken emergency action to freeze the 30,766 ETH being held in the address on Arbitrum One that is connected to the KelpDAO exploit. The Security Council acted with input from law enforcement as to the exploiter’s identity, and, at all times, weighed its commitment to the security and integrity of the Arbitrum community without impacting any Arbitrum users or applications. After significant technical diligence and deliberation, the Security Council identified and executed a technical approach to move funds to safety without affecting any other chain state or Arbitrum users. As of April 20 11:26pm ET the funds have been successfully transferred to an intermediary frozen wallet. They are no longer accessible to the address that originally held the funds, and can only be moved by further action by Arbitrum governance, which will be coordinated with relevant parties.

English

5.1K

Shane@ShaneRunquist·21 Nis

📖 More details, docs, & examples: certora.com/blog/prover_v8…

English

Shane@ShaneRunquist·21 Nis

New Review Comment Features in Our Github App • gh-review indicates when to add a review comment to the PR. • gh-review-jobs - indicates which jobs to include in the GitHub review comment.

English

Shane@ShaneRunquist·21 Nis

Certora Prover v8.11.3 released 🎉 The @Certora Prover is an open-source formal verification engine that proves smart contracts can only behave as intended ... & finds real bugs, otherwise. And it keeps getting better. Here’s what’s new 👇

English

1.7K

Shane@ShaneRunquist·9 Nis

Excellent work 💪 - Plamen is an amazing contribution to the security community 👏👏👏

Plamen Tsanev@p_tsanev

x.com/i/article/2041…

English

102

Shane retweetledi

Martin Marchev@MartinMarchev·5 Mar

Your AI agent now has access to 20k+ smart contract audit findings. claudit - one-line install, works with Claude Code & Codex CLI, searches across all @SoloditOfficial findings, open source. Huge shoutout to @Cyfrin for opening the Solodit API 🫡 Link below 🔗👇

English

509

22.4K

Shane retweetledi

Apyx@apyx_fi·3 Mar

Apyx has successfully completed a smart contract audit conducted by @Certora, marking our second independent smart contract security review. Security is not optional.

English

3.7K

Shane@ShaneRunquist·27 Şub

@DoD4uFN @Certora Remember, ... you can only win the Capture the Funds prize one time. But, learning the Prover is a great investment that will pay off in other projects!

English

DoD4uFN@DoD4uFN·27 Şub

@Certora Thanks for the shotout ! I'm currently deploying Certora's prover to uncover even more edge cases 👀

English

Certora@Certora·26 Şub

Announcing the first winner of Capture the Funds - Endless CTF! To win, someone needed to beat our target score by at least 25 points. @DoD4uFN beat it by 45 and set the new target score for everyone else 👀 Can you beat it and win the next $1,000 prize? 👇

DoD4uFN@DoD4uFN

Hey @Certora, there is a new #1 on Endless CTF leaderboard 👀 Smashed through the initial 347 target score, straight to 367 🔥 Higher 🚀

English

940

Shane retweetledi

ETHDenver 🏔🦬🦄@EthereumDenver·18 Şub

Safe Smart Contract Vibe Coding by @SagivMooly Chief Scientist of @Certora “Vibe coding” in web3 often fails due to missing guardrails. Full video below 👇🧵

English

2.7K

Shane retweetledi

Certora@Certora·18 Şub

Today @SagivMooly is taking the stage at @EthereumDenver to present: “Safe Smart Contract Vibe Coding” If you vibe code, this one’s for you 👀 📅 12:40 PM 📌 Futurllama Stage

ETHDenver 🏔🦬🦄@EthereumDenver

We’re thrilled to announce @SagivMooly, Chief Scientist at @Certora, as a speaker for ETHDenver 2026! Mooly Sagiv is a leading researcher in formal verification, applying mathematical rigor to smart contract security. In New BUIDL City, leaders like Mooly help show there’s somETHing for everyone to build and explore.

English

947

Shane retweetledi

Mooly Sagiv@SagivMooly·18 Şub

Similar bugs already occur in web2, like the Cloudflare one: news.ycombinator.com/item?id=467815… This is a perfect introduction to my @EthereumDenver talk today, 'Safe Smart Contract Vibe Coding'

pashov@pashov

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?

English

963

Keşfet

@ethereum @thedaofund @Certora @arbitrumdao_gov @KelpDAO @arbitrum @SoloditOfficial @cyfrin