@bytes032.xyz

6.2K posts

@bytes032.xyz banner
@bytes032.xyz

@bytes032.xyz

@bytes032

chief smart contract security cook @zenith256

Need a security audit? → Katılım Nisan 2020
1.5K Takip Edilen20.1K Takipçiler
David Nobel
David Nobel@dnobel22·
@bytes032 have you changed the maximum number of agents running simultaneously given you use the ultra setting? the model should be much cheaper than fable 5 soo yeah
English
1
0
0
116
@bytes032.xyz
@bytes032.xyz@bytes032·
using gpt 5.6 sol ultra on fast i burn the 5 hour limit in ~1 hour of actual work one session = 16% of the weekly cap meaning each account is 6.25 hours of real work per week a normal 9h day, 5 days a week = 8 accounts and that's before the free resets. pretty good deal tbh
English
4
0
11
2.6K
Rookmate
Rookmate@0xRookmate·
@bytes032 Do you really need ultra for all the tasks though? I find high and medium good for most tasks
English
1
0
1
197
@bytes032.xyz
@bytes032.xyz@bytes032·
@blchead @MeteoraAG > If the issue was already known, why does it remain exploitable on production? Plenty of unncessary FUD here. The answer is pretty evident. It is called acceptable risk.
English
0
0
0
460
blchead | Felipe
blchead | Felipe@blchead·
I recently submitted a CVSS 7.7 (High) authorization vulnerability affecting @MeteoraAG Before sharing fully transparent (BUT removing critical info) I spoke with team and as I don't agree with that, I want to know CT opinion. The issue allows a configured shareholder to divert one side of dual-token fee claims, resulting in DIRECT THEFT of protocol/partner fee revenue. - A shareholder with even a 1-unit share can steal 100% of one token side. - The attack is repeatable on every fee accrual. - The theft is silent (the diverted fees never appear in the vault or events). It undermines the fundamental guarantee that fees are distributed according to shareholder allocations. The report was classified as DUPLICATE. After I followed up with additional evidence, including: - an end-to-end PoC reproduced on a local fork, transaction hashes, - proof that the issue remained exploitable on deployed binaries, - blast-radius analysis covering thousands of affected vaults, Meteora responded that: - the issue is still exploitable on the deployed DFS integration; - the duplicate status is only about bounty eligibility, not the validity of the finding; - that my PoC and exposure analysis are useful for prioritization. This raises a question I'd like to discuss with the bug bounty community. If the issue was already known, why does it remain exploitable on production? And more broadly: How is a researcher supposed to know whether a live vulnerability is already known internally? From the outside, there is no distinction between: - a brand-new vulnerability, - one that has already been privately reported, - one that is internally tracked, - one awaiting a future fix. Every one of those requires the same audit effort, reverse engineering, code review, exploit development, and responsible disclosure. I'm not questioning the duplicate policy itself bc most bug bounty programs have one. I'm questioning the lack of transparency around known-but-unpatched vulnerabilities. Should protocols provide more visibility when a CVSS 7.7 (High) issue capable of silently diverting protocol fees remains live? Or is it simply accepted that researchers may spend days producing original analysis and PoCs for vulnerabilities that have zero possibility of a reward because that information is impossible to know beforehand? I'd be interested in hearing how both protocol security teams and other researchers think this should be handled.
blchead | Felipe tweet mediablchead | Felipe tweet mediablchead | Felipe tweet mediablchead | Felipe tweet media
English
13
0
34
4.5K
UBERSOY
UBERSOY@UBERSOY1·
The best pronunciation of “tea” is “Tay,” which is the original 17th-century English pronunciation of the word.
UBERSOY tweet media
English
11
2
90
8.3K
Adrien BA
Adrien BA@Adrien_B_A·
I hate Paris I spent the last 4 days there, but I also lived there for around 2 years in total, so this is not a tourist opinion Every time I go back, I have the same question: Why do so many people accept living like this? No air conditioning, too much insecurity, public transport that sucks, tiny overpriced apartments, noise, stress, dirt, and the feeling that the city is slowly eating your nervous system Also, the two usual excuses don’t hold 1. If you are an entrepreneur, you say: “I need to be close to the ecosystem” Nah, if you want a real global tech ecosystem, go to San Francisco or Shenzhen Don’t stick to the BPI-subsidized environment If you want to build in France with a better life, go to Nice: sea, mountains, airport, security, food, light, Italy next door, Monaco nearby 2. If you are an employee, you say: “Salaries and jobs are better in Paris” Sometimes, yes But €2,500 net per month in Paris is not a good salary It is survival with a dedicated path to becoming the kind of guy who runs during the week and takes drugs in techno clubs on weekends to escape his 9 to 5 You pay insane rent, sweat in the metro, sleep badly, queue for everything, and live surrounded by communists and wokists I don’t buy it Please explain to me
Adrien BA tweet media
English
670
249
2.5K
626.7K
@bytes032.xyz retweetledi
V12
V12@v12sec·
We reported a critical loss of funds bug to @Thorchain (32M TVL, 150M FDV) They silently patched it and told us their bug bounty program is permanently retired. We have more Thorchain chain halt DoS vulns. We intend to release them (open disclosure) in the coming few days
V12 tweet mediaV12 tweet media
English
98
127
1.3K
401.6K
@bytes032.xyz
@bytes032.xyz@bytes032·
@limitlesstack It fucks your sleep badly bro like real bad but otherwise its good if you're pushing for something but daily yeah its cooked
English
1
0
18
24.6K
@bytes032.xyz retweetledi
@levelsio
@levelsio@levelsio·
I don't write code anymore I haven't written code in I think 6 months? I think everyone is like this no?
English
168
80
2.9K
1.6M
Lucero HIERARCH OF HONGYUAN 2026 🌼🎉
It dosent matter if you’re 🇸🇮 gay 🇧🇦 an amputee 🇲🇪 ??? 🇷🇸 genocidal 🇭🇷 genocidal 2 🇦🇱 a cocaine dealer 🇲🇰 bulgarian 🇷🇴 a thief 🇬🇷 brown 🇽🇰 poor 🇧🇬 mongolian 🇭🇺 mongolian 2 🇹🇷 all of the above Together we are the BALKANS
English
349
2.4K
33K
832.2K
banteg
banteg@banteg·
situation: all three ef protocol leads have left
banteg tweet media
English
79
62
868
182.8K
@bytes032.xyz
@bytes032.xyz@bytes032·
raycast command to trigger a skill who's doing this
English
1
0
5
1.3K