Jonatascm 🪐

this tbh, any team affected by this feel free to reach out to me in DMs if you are NOT sure if you are safe! Supply chain attacks are tough...

Status: High-severity vulnerability found by Cantina’s AI Code Analyzer in @OpenClaw (CVE-2026-26325). Our AI engine detected an allowlist bypass in OpenClaw's npm package. The flaw allows a mismatch between checked commands and executed commands. Full breakdown below:

We just dropped "The Lobster’s Armor", a security practical guide for the @openclaw era. It covers everything from Docker isolation to our new ClawdStrike.ai security skill (which you can install for free). Secure your shell before you molt.

@cantinaxyz @openclaw This is great! 🦞

AI bots like @openclaw's Clawdbot surface 1000s of vulnerabilities every day. So we had to act. 🦞 Introducing ClawdStrike.ai: a free terminal skill to analyze any ClawdBot build, derived from our AI security expertise protecting the most complex production systems. See how it works:

Don't force yourself to understand/studying you don't need them. When auditing a protocol integrating with UniV3, you don't need to fully understand the entire UniV3 protocol. You can see Auditors ask about some things that are not really in the scope of the Codebase they are reviewing, and are core concepts in UniV3, and are unrelated to this scope. The idea is to know which parts for the integrated protocol you should know and will help you in your audit. Most of the time, you will audit Codebases that integrate with a protocol you don't know. Although understanding all the integrated protocols is better, this will not happen all the time. You have a fixed period of time; this can only occur for popular protocols like Uniswap and Chainlink. But sometimes you can see integration with a protocol you first see. Always focus on the points you need and will help you in your audit, without opening unnecessary doors for yourself

We're excited to initiate @Zippel_Labs audits, a cryptography security led by I. ZKP's security is extremely important to build secure pillars of Privacy. *Currently most zkVMs are not fully audited, & for them offering subsidized audits.

This video is insane, very hyped for the next

One interesting thing here is seeing how much has changed in 5 years. 5+ yr old iEarn code on left, OZ ERC4626 on the right. Do you see the difference in share calculation?

Cantina's Managed Detection and Response exists for one reason: turning a validated signal into containment before value leaves the system. In Web3, the hardest step is not executing a pause. It is authorizing it quickly, with evidence. Details below.

This was legendary, it was a real pleasure participating in team america! 🔥

We’ve been working behind-the-scenes on something groundbreaking. If you want early access to the only Web3 AI security tool that truly focuses on signal over noise, you can now join the waitlist.

a couple days ago I ran a survey to understand how is AI used by smart contract auditors. here are the results 👇🧵

Ultimate Security Games will begin live streaming 5:15 pm EST today (November 20th). You can watch the stream on the dedicated channel in the reply.

Tomorrow, you will have the chance to learn security from the best mentors in this space @Mudit__Gupta , @0xRajeev , @tinchoabbate , @Montyly , @RareSkills_io , @PabloSabbatella, @alexzoid not miss

Let's go 🔥

New in Cantina MDR: Spin up a live war room the moment an incident hits. What happens if your team takes five minutes to respond, and the exploit only needs one? That’s exactly what we solve. Instant coordination & zero friction.

Excited to share that I’ve joined @spearbit as a Full-time Security Researcher! My journey in smart contract security began here, so this step truly feels like coming full circle. Can’t wait to see what the future brings! 🔥

Looking forward to meet everyone IRL and have some fun!