Timelock

The Resolv USR exploit wasn't a bug - it was a feature working exactly as designed. And that's the problem. How USR minting works: you deposit USDC, then an off-chain service with a privileged key decides how much USR to mint for you. The contract checks the minimum but has no maximum. No cap. No ratio to collateral. Whatever the key holder says - gets minted. You could deposit $1 and mint billions. This design was live since day one. It wasn't a code bug. The threat model was simply: "the key won't leak." It did. Attacker got the key. Deposited $200K across two txs, minted 80M unbacked USR. Dumped on DEXes, walked away with ~$23M in ETH. Single point of failure: one private key, no on-chain sanity checks. No max mint ratio, no multisig, no timelock. One compromised key = unlimited money printer. The contract worked perfectly. That's the scariest part.

In a world of constant noise, silence can be your greatest ally.  NERO has used that silence to move with precision — building, integrating, and preparing what comes next. While the market was noisy, we were integrating with the biggest giants. While many partnership announcements in this industry lack substance, we have secured a Validator that powers a country. We have opened the Gateway that connects the people. 🔹 Validator: Locked.  🔹 Gateway: Integrated.  🔹 Tech: Scaled. The floodgates open later. Are you ready?

🚨Claude Opus 4.6 wrote vulnerable code, leading to a smart contract exploit with $1.78M loss cbETH asset's price was set to $1.12 instead of ~$2,200. The PRs of the project show commits were co-authored by Claude - Is this the first hack of vibe-coded Solidity code?