hack3r-0m

tired of winning at @spearbit

Here’s the PR they reviewed → github.com/WalletConnect/… Complex upgrade, new staking logic and their handling of it set a new bar for what “good” looks like in audits. Live next week! Big shoutout to @hack3r_0m and @slowfinanc3. Real pros.

@hrkrshnn - larger durations (1.2 to 1.4x) for all parallel contests - additional incentives for participants performing better than fellows to make it more PvP - reputation increase should be proportional to pot size * uniqueness * parallel_contests_factor instead of fixed value.

If we were to have, say, 10 competitions in parallel, what would be the best way to ensure high participation for all of them? Fixed pots for a few security researchers (mostly Cantina fellows) seem to be one way. I'm open to hearing more ideas.

@hrkrshnn this! also there is no way to quantify and gauge actual on-ground client diveristy. all trackers rely on heuristics, latencies, graffiti, attestation diff, etc. which can be gamed or muted easily. at the end, ethereum is dark forest.

Client diversity on Ethereum was a mistake. It forced Ethereum to become ossified. Every change today involves multiple stakeholders, each competing for the scarce resource of what goes into the next hard fork. The governance process ultimately has no way to resolve tiebreaks. Shipping a hard fork, say, every month looks impossible; even every quarter seems unrealistic. Having five-year plans starts looking reasonable because that's how long it takes to ship changes to mainnet. It also introduced a bizarre culture. Geth suddenly became a villain overnight for being the most popular client. Why would you turn your most successful team and client into a scapegoat? What's funnier is when a minority client has a bug, people bring up the "geth supermajority issue"—asking, "What if this bug was in Geth?" There's a reason why Geth became so successful: it avoided issues that were more common in minority clients. Geth remains the best client to run if you want reliability and fewer headaches. It just works. Client diversity was ultimately a purity test. It was designed to argue why Ethereum is purer than Bitcoin, which still relies on Bitcoin Core (the original client built by Satoshi) for 98% of its clients. Despite this, the Bitcoin network functions perfectly well, securing significantly more value.

@hrkrshnn flashloan IRL🫡

Any country can solve its national debt with one simple trick. Here's the foolproof strategy: - First, assume the country controls its currency and has at least one casino. - Let's say the national debt is $1 billion, and the casino offers a coin-toss game. The game: you bet an amount; if it lands on heads, you double your money; if it lands on tails, you get nothing. - The specific numbers don’t matter; the strategy can be adjusted for any amount or game, such as roulette. - To solve your country's debt, temporarily mint $1 billion (since you control the currency) and keep playing the coin-toss game until you win. If you lose, double the amount minted previously and continue playing until you get heads. - The probability of eventually getting heads in an infinite series of coin tosses is 100%. When you win, you have enough to repay (burn) all your previous mints and clear the debt. - Example: If the coin toss results are tails, tails, tails, and then heads, the sequence would be: mint $1B -> mint $2B -> mint $4B -> win $8B. The total minted amount is $7B, resulting in a profit of $8B - $7B = $1B, just enough to pay off your national debt.

@offbeatblog_eth should be only reported in bear market🤫

Should centralization risks be reported during a security review? If so, how should they be reported? 📋 As a finding? Or in a separate section on the 📃 report? 🤔

@offbeatblog_eth question the assumptions critically 🫡, should've started doing it way early.

🚨Announcing our first ever TREE FIDDY FRIDAY🚨 This week's question: If you could go ⏪⏱️ back in time and give yourself one piece of advice about web3 security, what would it be? Reply or QT with your answer Best answer wins 💵 $350 This one's opened to devs and SR's!

@hrkrshnn but is formal verification scalable🤔?

In the last 2 weeks, I was on 4 different panels and my team organized 2 private panels. We need to rethink how panels are done at conferences: - Panels need to be longer (a minimum of 75 minutes). 30-minute panels are a no-go. - Get into controversial topics immediately. Give your audience a reason to show up. Panels are for entertainment. - Leave plenty of time for audience Q&A. - We did two internal panels, one with security researchers and the other with customers of Cantina and Spearbit. The panelists were very transparent because the sessions were private. Unrecorded, honest panels with a lot of audience Q&A are the way to go.

@m4rio_eth onwards and upwards ser🫡

I've been working with Spearbit for about two years, and it made sense to commit to a long-term collaboration. I'm excited to continue battling bugs, exploits, and more.

7. CosmoAVS from @hack3r_0m enables the transformation of Cosmos Apps as AVSs using the eigen-sdk github.com/hack3r-0m/cosm…

experimenting with cosmos based AVS using eigen-sdk for hackathon: github.com/hack3r-0m/cosm…

@devtooligan 🫡

Today was my last day with Trail of Bits. 🥹 What an amazing experience it's been working at such an exceptional company. Great clients, cool projects, interesting work, but most of all I'll miss the kind and brilliant people I had the honor of working with. 🥰🥰🥰