TaylorWebb.eth

Three weeks ago KyberSwap was hacked for $50M due to a rounding error vulnerability 💸💸💸 This is a bug class that is often overlooked or misunderstood by developers and auditors, so I’ve created the following mini-course to explain how to correctly handle rounding, using @trailofbits new tool roundme. Time commitment: ~60 minutes -------- First, watch this ~30m video by @0xOwenThurm that gives a great overview of this class of bugs: youtube.com/watch?v=6rmLP-… Next, to illustrate a rounding error in an actual contract, let’s imagine that we’re building a simple xy=k AMM for swapping two ERC-20 tokens; token x and token y. To accentuate the potential impact of a rounding error, let’s assume these tokens both have 0 decimals, so we can deal with small integers where rounding errors are the most unforgiving. From the constant product equation xy=k, we can derive the equation for how many of token y a user will receive for swapping a given amount of token x: Where: x ⇒ Amount of token x reserves in the AMM y ⇒ Amount of token y reserves in the AMM xIn ⇒ Amount of token x the user is swapping yOut ⇒ Amount of token y user will receive So in our AMM smart contract we'll write the function calcSwapXForY which implements the above equation. We’ll also utilize a helper function mulDivDown, which multiplies two numbers and divides by a third number, and rounds down. Let's assume the AMM currently holds 10 of token x, 8 of token y, and the user is swapping 5 of token x for token y, so we call calcSwapXForY with the following values: xReserves = 10 yReserves = 8 xIn = 5 We get the result: yOut = 3 However, if we were to do this same calculation outside the context of the EVM, without any integer rounding or precision loss, we would get the result: yOut = 2.66667 So due to the rounding precision loss, the user is receiving 12.5% more tokens than they nominally should be. This hypothetical AMM could clearly be exploited. This is where roundme can be helpful for determining whether we should round up or down at each relevant operation in the equation. Let’s get it setup. Clone the roundme repo and follow the installation procedure in the readme: github.com/crytic/roundme Now in the terminal we can run: roundme config Next roundme asks for the formula to analyze, so we input our equation: yReserves - ((xReserves * yReserves) / (xReserves + xIn)) Roundme then asks if we would like the output of the equation to round up. We want yOut to round down, so the user receives fewer tokens, favoring the protocol instead of the user. So we input: no This generates our config.yaml file: We can now run: roundme analyze And we receive the analysis (yreserves - ((xreserves *↑ yreserves) /↑ (xreserves + xin))) Roundme has added two arrows to our formula that indicate the direction that operation should be rounded. The first up arrow is next to our multiplication operation, but since we aren’t doing fixed point arithmetic, this multiplication won’t cause any precision loss and we can ignore it. The second up arrow is next to our division operation, which does result in precision loss, so we want to pay attention to this one. So we want our division to round up, for our final result yOut to round down. That’s a key takeaway from this course: ✍️ If the result of the entire equation should round in a certain direction, that doesn’t necessarily mean intermediate operations within the equation should round in that same direction. In this case, since we are subtracting our rounded amount from yReserves, this flips 🔄the required rounding direction. The roundme repo does a good job of explaining the affect different math operations have on overall rounding direction: -------- rounding() is the expected rounding direction for the result (up or down) A + B => rounding(A), rounding(B) (addition does not change the rounding direction) A - B => rounding(A), ! rounding(B) (the rounding direction of the subtracted element is inverse of the expected rounding) A * B => rounding(A), rounding(B), rounding(*) (multiplication does not change the rounding direction) A / B => rounding(A), ! rounding(B), rounding(/) (the rounding direction of the denominator is the inverse of the expected rounding) -------- Let’s rewrite our swapping function, with our newfound knowledge that we should round up on our division. We are using a helper function mulDivUp, that multiplies two numbers, and divides by a third number, and rounds up. Let's call safeCalcSwapXForY with the same values as before: xReserves = 10 yReserves = 8 xIn = 5 And we now get the result: yOut = 2 Now the user is receiving fewer tokens than the nominal (no precision loss) result we calculated earlier. So our new function favors the protocol, not the user, and can’t be exploited! This was a relatively simple example, and you may have intuitively known we should round up on our division operation. However with much larger equations this intuition will likely fail you, and roundme will prove to be invaluable. I hope this helps with understanding rounding errors in EVM smart contracts, and sheds some light on this great new tool we have at our disposal. Special thanks to @Montyly for answering a roundme question I had, and to the rest of ToB for making open source tools to share with the Web3 security community. Stay tuned for more content like this 🤟

@SommerChase @BagsHackathon done! congrats ser

I just got accepted into the $4M @BagsHackathon with SANDS OF SUMAII You can help by going to this link and upvoting the project ❤️❤️ bags.fm/apps/ccf23ca0-…

@ethereanbull @EFprotocol Done 🫡

If you are in #Ethereum. The @EFprotocol account needs more followers.

It’s actually true that virtually no one cares about decentralization. This important for those in crypto to internalize. We’re building a secure, decentralized financial system that will succeed and proliferate *despite* the fact that no one cares. The pitch to users must not be about decentralization. It must be how their lives will improve: sending/receiving money more quickly, outpacing inflation, transacting freely and privately, and so on. Decentralization is an abstract concept of the system as a whole, not a value proposition for a participant. We must assume that nobody cares about it except us.

@shawmakesmagic Would love an invite!

We’ve been accumulating a crew of cracked degen devs who care about having a seat at the table and impacting the future for good. If you want to join the Discord, drop a comment and I’ll send you a link. Builders only, even if you’re just vibe coding your first thing. We build Milady there but anyone doing future tech or dream tech is welcome

@SommerChase Wow the LinkedIn reply 5 years later is wild! Great story though bro, hope you're doing well

I have never been more bullish on crypto. Because the rules-based order is collapsing and the code-based order is rising. So the short term price doesn’t matter. As international law breaks down, we will need not just onchain currencies, but onchain companies. As the post-war order breaks down, we’ll similarly need the post-internet order. States will fail, and the network will take their place. We need internet capitalism, we need internet democracy, and we need internet privacy. So we need cryptocurrency.

@trainface How was it?

Just decommissioned my clawdbot ama

In 2014, there was a vision: you can have permissionless, decentralized applications that could support finance, social media, ride sharing, governing organizations, crowdfunding, potentially create an entire alternative web, all on the backs of a suite of technologies. Ethereum: the blockchain. The world computer that could give any application its shared memory. Whisper: the data layer. Messages too expensive for a blockchain, that do no need consensus. Swarm: the storage layer. Store files for long-term access. Over the last five years, this core vision has at times become obscured, with various "metas" and "narratives" at various times taking center stage. But the core vision has never died. And in fact, the core technologies behind it are only growing stronger. Ethereum is now proof of stake. Ethereum is now scaling, it is now cheap, and it is on track to get more scalable and cheaper thanks to the power of ZK-EVMs. Thanks to ZK-EVM + PeerDAS, the "sharding" vision is effectively being realized. And L2s can give additional and different kinds of gains in speed on top. Whisper is now Waku ( docs.waku.org ), and already powers many applications (eg. railway.xyz, status.app just to name two I use). Even outside of Waku, the quality of decentralized messaging has increased. Fileverse (decentralized Google Docs and Sheets alternative: fileverse.io ) has seen massive gains in usability over the past year. IPFS is now highly performant and robust as a decentralized way of retrieving files, though IPFS alone does not solve the storage problem. Hence, there is still room to improve there. All of the prerequisites for the original web3 vision are here, in full force, and are continuing to get stronger over the next few years. Hence, it's time to buidl, and buidl decentralized. Fileverse is an excellent example of the right way to do things: * It uses Ethereum and Gnosis Chain for what they are good for: names, accounts and permissioning, document registration * It uses decentralized messaging and file storage to store documents and propagate changes to documents * The application passes the walkaway test: github.com/fileverse/walk… (even if Fileverse disappears, you can still retrieve them and even keep editing them with the open source UI) This is what we mean by "build a hammer that is a tool you buy once and it's yours, not a corposlop AI dishwasher that requires you to register for a google account and charges a subscription fee per month for extra washing modes, and probably spies on you and stops working if you get politically disfavored by a foreign country". If you think this criticism of corposlop is hyperbolic, well turns out, it's literally a concatenation of these three: * mein-mmo.de/en/user-buys-n… * theguardian.com/technology/202… * irishtimes.com/world/us/2025/… In 2014, decentralized applications were toys, hundreds of times more difficult to use in web2. In 2026, fileverse is now usable enough that I regularly write documents in it and send them to other people to collaborate. The decentralized renaissance is coming, and you can be part of making it happen.

Ethereum itself must pass the walkaway test. Ethereum is meant to be a home for trustless and trust-minimized applications, whether in finance, governance or elsewhere. It must support applications that are more like tools - the hammer that once you buy it's yours - than like services that lose all functionality once the vendor loses interest in maintaining them (or worse, gets hacked or becomes value-extractive). Even when applications do have functionality that depends on a vendor, Ethereum can help reduce those dependencies as much as possible, and protect the user as much as possible in those cases where the dependencies fail. But building such applications is not possible on a base layer which itself depends on ongoing updates from a vendor in order to continue being usable - even if that "vendor" is the all core devs process. Ethereum the blockchain must have the traits that we strive for in Ethereum's applications. Hence, Ethereum itself must pass the walkaway test. This means that Ethereum must get to a place where we _can ossify if we want to_. We do not have to stop making changes to the protocol, but we must get to a place where Ethereum's value proposition does not strictly depend on any features that are not in the protocol already. This includes the following: * Full quantum-resistance. We should resist the trap of saying "let's delay quantum-resistance until the last possible moment in the name of ekeing out more efficiencies for a while longer". Individual users have that right, but the protocol should not. Being able to say "Ethereum's protocol, as it stands today, is cryptographically safe for a hundred years" is something we should strive to get to as soon as possible, and insist on as a point of pride. * An architecture that can expand to sufficient scalability. The protocol needs to have the properties that allow it to expand to many thousands of TPS over time, most notably ZK-EVM validation and data sampling through PeerDAS. Ideally, we get to a point where further scaling is done through "parameter only" changes - and ideally _those_ changes are not BPO-style forks, but rather are made with the same validator voting mechanism we use for the gas limit. * A state architecture that can last decades. This means deciding, and implementing, whatever form of partial statelessness and state expiry will let us feel comfortable letting Ethereum run with thousands of TPS for decades, without breaking sync or hard disk or I/O requirements. It also means future-proofing the tree and storage types to work well with this long-term environment. * An account model that is general-purpose (this is "full account abstraction": move away from enshrined ECDSA for signature validation) * A gas schedule that we are confident is free of DoS vulnerabilities, both for execution and for ZK-proving * A PoS economic model that, with all we have learned over the past half decade of proof of stake in Ethereum and full decade beyond, we are confident can last and remain decentralized for decades, and supports the usefulness of ETH as trustless collateral (eg. in governance-minimized ETH-backed stablecoins) * A block building model that we are confident will resist centralization pressure and guarantee censorship resistance even in unknown future environments Ideally, we do the hard work over the next few years, to get to a point where in the future almost all future innovation can happen through client optimization, and get reflected in the protocol through parameter changes. Every year, we should tick off at least one of these boxes, and ideally multiple. Do the right thing once, based on knowledge of what is truly the right thing (and not compromise halfway fixes), and maximize Ethereum's technological and social robustness for the long term. Ethereum goes hard. This is the gwei.

One metaphor for Ethereum is BitTorrent, and how that p2p network combines decentralization and mass scale. Ethereum's goal is to do the same thing but with consensus. Another metaphor for Ethereum is Linux. * Linux is free and open source software, and does not compromise on this * Linux is quietly depended on by billions of people and enterprises worldwide. Governments regularly use it. * There are many operating systems based on Linux that pursue mass adoption * There are Linux distributions (eg. Arch) that are highly purist, minimalistic and technologically beautiful, and focus on making the user feel powerful, not comfortable (Actually, BitTorrent is depended on by enterprises too: many businesses and even governments (!!) use it to distribute large files to their users makeuseof.com/tag/8-legal-us… ) We must make sure that Ethereum L1 works as the financial (and ultimately identity, social, governance...) home for individuals and organizations who want the higher level of autonomy, and give them access to the full power of the network without dependence on intermediaries. At the same time, what Linux shows is that this is fully compatible with providing value to very large numbers of people, and even being loved and trusted by enterprises worldwide. Many enterprises in fact desperately want to build on an open and resilient ecosystem - what we call trustlessness, they call prudent counterparty risk minimization. This is the gwei.

@VitalikButerin Milady

Welcome to 2026! Milady is back. Ethereum did a lot in 2025: gas limits increased, blob count increased, node software quality improved, zkEVMs blasted through their performance milestones, and with zkEVMs and PeerDAS ethereum made its largest step toward being a fundamentally new and more powerful kind of blockchain (more on this later) But we have a challenge: Ethereum needs to do more to meet its own stated goals. Not the quest of "winning the next meta" regardless of whether it's tokenized dollars or political memecoins, not arbitrarily convincing people to help us fill up blockspace to make ETH ultrasound again, but the mission: To build the world computer that serves as a central infrastructure piece of a more free and open internet. We're building decentralized applications. Applications that run without fraud, censorship or third-party interference. Applications that pass the walkaway test: they keep running even if the original developers disappear. Applications where if you're a user, you don't even notice if Cloudflare goes down - or even if all of Cloudflare gets hacked by North Korea. Applications whose stability transcends the rise and fall of companies, ideologies and political parties. And applications that protect your privacy. All this - for finance, and also for identity, governance and whatever other civilizational infrastructure people want to build. These properties sound radical, but we must remember that a generation ago any wallet, kitchen appliance, book or car would fulfill every single one of them. Today, all of the above are by default becoming subscription services, consigning you to permanent dependence on some centralized overlord. Ethereum is the rebellion against this. To achieve this, it needs to be (i) usable, and usable at scale, and (ii) actually decentralized. This needs to happen at both (a) the blockchain layer, including the software we use to run and talk to the blockchain, and (b) the application layer. All of these pieces must be improved - they are already being improved, but they must be improved more. Fortunately, we have powerful tools on our side - but we need to apply them, and we will. Wishing everyone an exciting 2026. Milady.

2,230,801 thats the number of transactions Ethereum L1 processed yesterday (12/29) the highest single day in ethereum's 10-year history build it, scale it, and they will come🏗️⚖️🌐 return to mainnet the ticker is $eth

Across is proud to be #33 in the Calyptus Web3's Top 100 Employer Awards.

@Kalshi serious question: what's going happen when the odds of a market conflict with the mainstream media narrative?

Just fyi but the last time ETH had a major update which was in May, with the Pectra upgrade, ETH went from $1,800 to a new all time high of $4,950. Let’s see what the Fusaka upgrade is going to do. Big.

Also all-time high DAU day (more than frames / Degen era).

all-time high DAU day

do you feel it?

What happens when the top token deployment framework joins forces with the leading crypto-native social network? @clankeronbase 🤝 @farcaster_xyz