Guy

We wonder why there are so few women in tech. We need more diversity in AI. @elizaOS @ai16zdao github.com/elizaOS/eliza/…

🧵 Sophisticated Cosmos DeFi attack hits @Levana_protocol built on Osmosis - let's break down what happened👇 There are two kinds of oracles: 1⃣ Enshrined oracles (built into block production) 2⃣ Smart contract oracles (on-chain tx updates state) In the case of 2⃣ off-chain services submit a tx every X number of blocks to update the oracle price of an underlying asset. Once updated, pricing is no longer stale; reducing the delta (difference between actual prices & oracle prices). Protocols have a problem when using 2⃣ - the higher the frequency of updates, the greater the gas cost that is incurred to maintain accurate pricing. In Levana's case, non attacking txs actually trigger a oracle update: this adds in nice defensive entropy as normal users are helping update the pricing for everyone. However, the clever attacker found a way around this via a congestion attack... ------------------------------------------------------ The Attack ------------------------------------------------------ 1⃣ Spam txs such that no oracle update txs can get through (from either users or Levana infra) 2⃣ DDoS backend infra tied to regularly scheduled oracle update txs 3⃣ Have an intelligent system tracking the delta🔺between the stale data and the actual market pricing that is ready to get pushed 4⃣ Use a multiexecute tx to go long or short + update the stale data to market pricing - guaranteeing profit for the attacker as they know exactly what the stale price of the oracle is about to get updated to within their multiexecute tx while also comboing it with a long or short guaranteed to be directionally correct. 5⃣ Because the attacker was the source of congestion, they knew precisely where to submit txs such that they would get accepted by the nodes ------------------------------------------------------ Saving Graces ------------------------------------------------------ ✅ Delta neutrality limitations of Levana made it so that the size the attacker was able to leverage was limited (resulting in only ~10% drained) ✅ Appears the logic for positions already opened was decoupled from new positions (I'm still figuring out this one, was briefly mentioned in the blog) ------------------------------------------------------ This is BY FAR (in my opinion) the most complex attack on a DeFi protocol in Cosmos to date. The Levana team responded rapidly, and are updating the protocol to be safe from this attack by decoupling the placement of orders from the execution of orders using a queue that awaits the next oracle pricing update before executing txs. This unfortunately creates a worse UX, but guarantees better security. Overall, I think advances in L1 enshrined oracle services that are not on the smart contract level (but rather a part of regular block production) is going to be key to the long term DeFi security success of Cosmos. My heart goes out to the @Levana_protocol team - this was a complicated & targeted attack. Looking forward to the protocol continuing to become more resilient. Building DeFi is not easy folks. Apologies in advance if I mistated or missed anything. $LVN $OSMO #Cosmos blog.levana.finance/levana-exploit…

@Kryptic_io @ArchX_Wallet I can't wait to reveal what we're working on 👀

Join us in welcoming Guy Garcia of @atlabs_ 👋 to the @Kryptic_io team! Formerly of Shade Protocol, Guy brings invaluable smart contract experience as we work to improve @ArchX_Wallet. His expertise will be key as we expand our innovative product offerings in the ecosystem! 🤝🚀

The week isn't over yet... there's still time for someone to one-up the rest 💀

@secretnodes @Figment_io The loading is so fast I didn't get to see the cool new loading screen!

@DigilineIO @scrt_labs @SecretNetwork @scrt_foundation I'd love to try it out, even if its a beta

🚨Attn. Smart Contract Developers🚨 Welcome the Secret IDE, funded by @scrt_labs, this will elevate the @SecretNetwork experience It’s going to make developing contracts much easier, and we have more planned for the future! blog.digiline.io/secret-ide-bet… @scrt_foundation $SCRT

@Melch18_ @V_IRL_DROPS @Shade_Protocol @House_of_Shade @l_woetzel @CryptoChem0000 @AustinCrypto3 @Red_eyed_Bear @SandlotBambino You're 100% right, I need these for work ASAP

@atlabs_ @V_IRL_DROPS @Shade_Protocol @House_of_Shade @l_woetzel @CryptoChem0000 @AustinCrypto3 @Red_eyed_Bear These are like the "PF Flyers" shoes from @SandlotBambino but instead of making you run faster these $SHD kicks help you code faster 💨💻 Exactly what a Dev like yourself needs 😂

🚨The Lord of Artisan has been summoned! 🚨 🎨Lets see your skills in creating a shoe that most represents you or a project you love! 🎁Best shoe will get a WL and become Lord of Artisan in V-IRL discord! 👇Post your shoe below or in Discord! ⭐️Have fun and stay V-IRL!

@Melch18_ @V_IRL_DROPS @Shade_Protocol @House_of_Shade @l_woetzel @CryptoChem0000 @AustinCrypto3 @Red_eyed_Bear

@V_IRL_DROPS @V_IRL_DROPS check out this @Shade_Protocol design I made! Special QR code edition to $SHD linktree🪩 Shade community will know the "OG Airdrop" & Spartan 🛡️🛡️🛡️ Worthy of an IRL creation? 🙏 $SHD $SILK $SCRT

@AnonsNFT Shut up and take my money

Fun to see this in action. There will be some Anon sneakers too👀👀

@DaveCosmonaut Still proudly staking $SCRT and $ATOM

@DaveCosmonaut $SHD

@73lV_ Sold last night for $ATOM and $SCRT. Maybe ill buy some back if the DEX works in the long term.

Who else sold all his $CRE I can’t be the only one on this table 🥺 I actually didn’t do much research on the project plus I didn’t get enough drop from it

@heyNvN @Mudit__Gupta @alpeh_v There isn't a problem with public burning... Can't say the same for minting 😅

Pro tip from a solidity auditor: if you launch a token but never launch a protocol you can never get hacked

@l_woetzel @Shade_Protocol @Sutera_Duniya Are USD "stables" really stable if their underlying currency isn't? 🤔

Maybe we should stop valuing DeFi in terms of an inflated and centralized currency known as "USD" 🧐 Have some courage Web3. Perhaps the world is finally ready for Silk. $SHD $SILK @Shade_Protocol @Sutera_Duniya

@assafmo @CosmWasm @JunoNetwork Its fascinating how a seemingly small oversight can bring a halt to the network

Attackers used a known @CosmWasm bug to halt @JunoNetwork just a few hours before they deployed a patched version. Here's a mini-breakdown of how it went down 👇

@iberoam_xyz @Shade_Protocol @igcscrtnetwork @SecretNetwork @Web3Familia Can't wait to talk all about what makes @Shade_Protocol so special!

Privacy is a human right so we are happy to announce that Guy Garcia (@atlabs_) from @Shade_Protocol will enlight us at #IberoAm talking about "The future of Web3 and private DeFi with Shade Protocol" 🤫 iberoam.xyz/program/ @igcscrtnetwork @SecretNetwork @Web3Familia

@SecretNetwork @LegendaoNFT What's stopping me from creating fake accounts for the airdrop? Seems like a way to avoid doing the effort to grow their socials.

Earlier we helped share details from @legendaonft's airdrop for $SCRT stakers. Many $SCRT community members have made it clear they will only participate if their privacy is preserved - a very understandable demand. We spoke to the @legendaonft team - here's what will change:

@House_of_Shade @Shade_Protocol @House_of_Shade and @Shade_Protocol round tables have been leaking alot of alpha lately 👀

If you aren't at the @Shade_Protocol LIVE Developer Roundtable than you just missed some serious ALPHA about 2⃣ NEW products launching very soon 🤫 Don't miss out on anymore ALPHA by tuning in to the live panel⤵️ $SHD | $SILK | @House_of_Shade youtube.com/watch?v=trl1T2…

@sissonj_shade Wen 30k$

WHAT’S HAPPENING!!!!!! 👀👀👀