forefy

@hasante_ Yes, we have Socket Firewall socket.dev/blog/introduci…

Agent Harness Engineering Pattern #8 Steering 🪂 (and I bet you didn't know you cared) Ever thought how it affects your chat when you're interrupting claude code mid-turn? Partial turn still in transcript >> Hi >> [interrupted] >> I mean bye All remains in context Good because: - Model can push back - "was 90% done, should I finish first?" - Can reference the cut itself e.g. "when I stopped you.." Bad because: - Many interruptions is filling the context window with junk - Late interrupt mean all prior tool calls still in window, still cost tokens‼️ 😱

I gave @VitalikButerin "A shallow dive into formal verification" article to the caveman skill haha You gotta love gen z knowledge consumption 👇🪨 🪨What it is Formal verification = math proofs machine can check. Lean language. AI writes proofs now. Paradigm shift happening in Ethereum + broader computing. 🪨Why care (this one is my favorite 😂😂) Bugs scary. Bugs in smart contracts → North Korea drain funds. Bugs in ZK proofs → steal silently, no trace. Powerful AI models automate bug discovery. Need stronger guarantees. 🪨Core idea Program is math object. Prove it behaves correctly = math theorem. Example: - Signal's X3DH key exchange proven as hard as DDH assumption - AES impl proven correct - Together → Signal encryption secure vs passive attackers End-to-end FV means: not just "protocol is secure in theory" - specific user code proven secure in practice. User checks statement claimed, not entire codebase. 🪨Key insight Safe programming = express intent multiple ways, verify all consistent. FV extends this infinitely: optimized impl + readable impl → verify match. 10 friends each write property list → check all pass. AI does all of it fast. 🪨 How to use today Don't write proofs by hand - too hard. Instead: - Ask AI write program in Lean (or assembly) - AI proves desired properties along way - Task self-verifying → let AI run hours unsupervised - You only check: final theorem statement matches what you wanted Best models for Lean proofs: Claude, Deepseek 4 Pro, Leanstral (119B, 6B active, runs locally ~15 tok/sec). 🪨 Limits - Easy forget to prove what actually matters - Easy sneak false assumptions into proofs - Unverified code parts still bite you - Even Lean itself can have bugs - Only value = clarity of theorem statement you check at end 🪨 Bottom line FV = "final form of software development" (Yoichi Hirai). AI makes it viable now. Write spec, AI proves code matches spec. Check statement, trust code.

Many people have claimed that with AI-assisted bug finding, secure code (and hence trustless anything) will be impossible. I have a much more optimistic take, and AI-assisted formal verification is a major part of the reason why: vitalik.eth.limo/general/2026/0…

🚨🚨 DAILYWARDEN IS DOWN 🚨🚨 DAILYWARDEN IS DOWN 🚨🚨 DAILYWARDEN IS DOWN!!! I guess we are all officially transitioning back to bounties now 😈😈 dailywarden.com Here's where I'd go to next 👇 hackenproof.com/programs?langu… immunefi.com/bug-bounty/?fi…

For all the auditors getting scared by this contests market shift - let me walk you through bugonomics history 🐛🪨⏬ 1⃣9⃣9⃣5⃣ Netscape (old browser) paid researchers for bugs which was radical at the time 2⃣0⃣1⃣2⃣ @Hacker0x01 and @Bugcrowd dominated the bounty space and no notion of contests they had private invite-only events which is close, but a contest model didn't fit large web2 companies e.g. Uber Airbnb etc - don't want 500 hackers hammering their servers at a single week 2⃣0⃣2⃣1⃣ @code4rena realized that contests are of different nature: - Smart contracts store loads of money directly, and get hacked like crazy - Smart contracts are "immutable" - once deployed must find bugs before launch - Open source means auditor can fully understand logic, not just probe blindly - More auditor attention, better results For protocols - contests costs more than bounty Let's think like a protocol for a second 🤔 contest = coverage, more eyes, pre-launch safety net - Pay $200k pool upfront - Runs 1-4 weeks - Payout regardless of findings quality (money still gone) bounty = sparse coverage, reactive not proactive - Pay $0 until valid bug reported - Only pay on confirmed severity - Treasury preserved until hit in bull markets - protocols don't want to get hacked, they spend what they can (contests + bounty after) in bear markets - same, but now protocols have no funds - bounty is cheaper 2⃣0⃣2⃣5⃣ bear market gets worse, AI spamming submissions left and right making triaging costs increase exponentially 2⃣0⃣2⃣6⃣ even worse - still bear market, MORE (way more) AI and there are less new protocols on top of it all That's why today we are back to web2-style bounties. The protocols that make real money, real impact. In 2015 people made a living of web2 bounties, this ain't different @immunefi @HackenProof @xyz_remedy all are live and kicking, and there's money on the table for you to take, harder than before, true - but since when hard stopped us?

🚨🚨 C4 SHUTS DOWN (and what does it mean) > since June last year @zellic_io did not take any profit to themselves for keeping @code4rena alive despite platform obvious costs > why? we can defer that Zellic's customers enjoyed the services there, and that its hell of a business lead-gen to be this middleman, even for free > bear market + AI submission spam is a bad combo, but even worse that it continues overtime without breathing air to many the OG stepping down might signal "contests are dead" (which was already the vibe with thedailywarden homepage) but to me it just says that it's a hard business running a contest platform nowadays if you're an auditor, don't use it as an excuse to give up - but take the lesson here that "easy" wins are no longer valuable - contests that pay need real criticals, real impact, hard research, niche focus areas and strengths its your time to shine ☀️ thanks @code4rena for reimagining crowdsourced security

After careful consideration, we’ve made the decision to wind down @code4rena. This community has meant a great deal to everyone who has been part of building it, and sharing this news is not easy.