🕯️codeislight.eth 🕯️

692 posts

🕯️codeislight.eth 🕯️ banner
🕯️codeislight.eth 🕯️

🕯️codeislight.eth 🕯️

@codeislight

Founding Engineer at ❓ | also @SwapXfi ⚡️| old account @codeislightEth ⏮️

Stratosphere Katılım Aralık 2023
564 Takip Edilen111 Takipçiler
Sabitlenmiş Tweet
🕯️codeislight.eth 🕯️
🧵+12M in "stuck" crypto might be recoverable. As long as the deployer nonce on another chain is not burnt and the private key is still around. The recovery mechanism is based on CREATE opcode in the EVM. Special thanks to @pcaversaccio for help validating this finding. 1/9
🕯️codeislight.eth 🕯️ tweet media
English
9
13
110
27.1K
Rikisp | ....
Rikisp | ....@RikispRikisp·
I was about to write a whole essay about why most AI audit tools are just bs and why BailSec’s is different but the tldr is that it actually understands the protocol context, finds real issues and helped my devs improve the code a lot before the audit commit it is also run by pro auditors rather than by the same devs who wrote the code and may be naturally biased when reviewing their own work from a founder’s pov, tho, i think one of the metric that really matters is that it has already saved us roughly $250k and significantly improved security i don’t think i need to add anything else
BailSec@bailsecurity

Genuine question for security engineers: What percentage of critical vulnerabilities in your codebase do you think your current tooling is actually catching? We asked many devs and security engineers this question. The answers were eye-opening. (Data dropping soon.)

English
2
2
12
5K
CharlesWang
CharlesWang@0xCharlesWang·
Notably is that this has been the very very first iteration. Now it’s around 5-10x better
🕯️codeislight.eth 🕯️@codeislight

SC-AI assessment by @bailsecurity has been incredible. ahead of our main audit it spotted serious issues, and the act of resolving them made us reflect on and revise key design decisions and simplify modules that could have otherwise been problematic. By far it's the best AI auditing tool out there I have experienced so far thanks to the extent and depth it can analyze that a manual review might miss. We ran it over multiple rounds, roughly a day per module and it kept surfacing findings worth fixing. Running it recursively is what really paid off, audit a module, fix it, run it again, with fewer findings each pass until they came back clean. I believe it's a must-have as a preflight assessment before any serious audit engagement.

English
1
0
6
1.6K
🕯️codeislight.eth 🕯️
SC-AI assessment by @bailsecurity has been incredible. ahead of our main audit it spotted serious issues, and the act of resolving them made us reflect on and revise key design decisions and simplify modules that could have otherwise been problematic. By far it's the best AI auditing tool out there I have experienced so far thanks to the extent and depth it can analyze that a manual review might miss. We ran it over multiple rounds, roughly a day per module and it kept surfacing findings worth fixing. Running it recursively is what really paid off, audit a module, fix it, run it again, with fewer findings each pass until they came back clean. I believe it's a must-have as a preflight assessment before any serious audit engagement.
BailSec@bailsecurity

Some of our partners ran their codebases through every major AI auditing tool available. Then they tried ours. The delta was... uncomfortable. All our partners and us will share the results very soon.

English
1
1
4
1.9K
apoorv.gwei
apoorv.gwei@apoorveth·
> someone deployed a contract on blockchain > didn't advertise it to any users > a random mev bot starts interacting with it > gets drained > looking for legal action whose fault is it though?
apoorv.gwei tweet media
English
53
19
976
137.5K
🐸Smart🐸Contract🐸Programmer🐸
Clever way to reverse 32 bytes simple method -> 32 iterations clever method -> 5 iterations # input A B C D E F G H # swap 1 byte B A D C F E H G # swap 2 bytes D C B A H G F E # swap 4 bytes H G F E D C B A Code #L23-L44" target="_blank" rel="nofollow noopener">github.com/risc0/risc0-et…
🐸Smart🐸Contract🐸Programmer🐸 tweet media
HT
4
2
33
1.4K
0xngmi
0xngmi@0xngmi·
someone just swapped $50m for $36k on cowswap through aave's frontend, effectively losing 50m if you try to make this swap on llamaswap the UI won't let you at all, buttons get locked we've spent years building a price API with the highest coverage of defi tokens to avoid this
0xngmi tweet media
English
184
128
1.8K
273.9K
apoorv.gwei
apoorv.gwei@apoorveth·
⚠️ Duplicate events on Tempo when transferring tokens
apoorv.gwei tweet media
English
34
4
234
34.2K
🕯️codeislight.eth 🕯️ retweetledi
Avi Chawla
Avi Chawla@_avichawla·
AWS did it again! They have introduced a novel way for developers to build Agents. Today, when you build an Agent, you start with a simple goal, then end up juggling prompts, routing logic, error handling, tool orchestration, and fallback flows. One unexpected user input and the whole thing collapses. Strands Agents framework by AWS approaches Agent building differently. It takes a model-driven approach that lets the LLM decide how to plan, choose tools, and adapt to edge cases on its own. You provide the capabilities and guardrails, and the model handles the workflow, which is different from the brittle agent frameworks we typically use. Here are the highlights. - TypeScript SDK > You can build Strands agents in both Python and TypeScript. The TS SDK gives a modern async-friendly workflow and works with any provider. Amazon Bedrock, OpenAI, Anthropic, you name it. Swap models or providers without touching your agent code. - Edge device SDK > You can run agents directly on small devices using local models, with bi-directional streaming. - Strands steering > Instead of writing massive prompt blocks to force an agent into a workflow, Steering lets you guide it toward a desired outcome. The model handles the steps dynamically, which keeps agents flexible and reduces token use. - Strands evals > A practical evaluation suite that lets you test agent behavior, compare versions, catch regressions, and validate correctness or safety before deploying. This is critical as agents move from demos to production. Everything is fully open-source! One particularly interesting thing is that Strands pairs with AgentCore, AWS’s secure platform for running agents at scale. So you can prototype with Strands in a few lines of code, then deploy in AgentCore with built-in policies, monitoring, and real-world evaluations. This is important because: - You build workflows that adapt rather than break. - You choose the models and providers you want, without rewrites. - You can run agents on cloud, on device, or inside your own network. - You can evaluate, refine, and trust them before putting them in front of users. You can find the Strands Agents GitHub repo in the replies! If you want a hands-on demo showing how to build a Strands agent and deploy it to AgentCore, tell me, and I’ll record one. Thanks to AWS for building this and working with me today!
Avi Chawla tweet media
English
30
54
435
43.3K
storm
storm@notnotstorm·
found a pretty major data bug it turns out almost every major dashboard has been double-counting Polymarket volume (not related to wash trading) this is because Polymarket's onchain data contains redundant representations of each trade. receipts ⬇️⬇️
storm tweet mediastorm tweet media
English
159
83
1.1K
623.4K
curiousapple
curiousapple@0xcuriousapple·
going to small codebase which compiles in secs after humongous via-ir one is such a relief here I am speed
GIF
English
2
0
6
463
CZ 🔶 BNB
CZ 🔶 BNB@cz_binance·
More than 300,000,000 users trust @Binance. 🙏🙏🙏
CZ 🔶 BNB tweet media
English
1.4K
573
5.9K
609.6K