Maroua.eth

Something is being announced at Paris Blockchain Week 2026, and it's coming from @okx. @EraldOnChain, CEO of @okx EEA, takes the Master Stage to make it official, and to lay out exactly how OKX is moving beyond exchange into the full infrastructure layer Europe's digital asset market has been waiting for. "From Exchange to Infrastructure: Europe's Digital Asset Stack, Complete" Wednesday, April 15 · 12:20 PM – 12:40 PM at the Master Stage Be in the room, you don’t wanna miss this. Secure your spot at PBW26 parisblockchainweek.com/tickets

is there a per-transaction or per-period rate limit on the mint function to prevent infinite mint exploits? we tested this across two protocols. RUSD fails this check. Steth passes. --- RUSD: THE FAILURE the mint() function in RUSD's Stablecoin.sol has zero rate limiting. the code is bare: function mint(address account, uint256 amount) external onlyRole(MINTER) { _mint(account, amount); } that's it. the function accepts arbitrary address and uint256 parameters. the only guard is onlyRole(MINTER) — a simple access control check. there is no per-transaction cap. no per-period cap. no supply ceiling. no cooldown. no sanity check on magnitude. if a MINTER address is compromised — through a leaked private key, a social engineering attack on a multisig participant, or a vulnerability in a contract holding minting privileges — an attacker can mint unlimited tokens in a single transaction. they can mint the entire supply cap in one block if they want. they can send it all to a DEX, dump it against paired assets (USDC, ETH, whatever), and drain liquidity pools before governance can even convene. this is the exact failure mode that destroyed PAID Network in 2021. an attacker gained control of the mint function and minted 47 billion tokens in seconds. the token went to zero. holders lost everything. the attack was over before anyone could respond. RUSD has the same structural vulnerability. --- STETH: THE PASS Lido's steth implements multiple layers of rate limiting. this is the right approach. first: the StakeLimitUtils library enforces per-block rate limits on deposits. the setStakingLimit function caps maxStakeLimit at uint96(-1)/2 and requires a stakeLimitIncreasePerBlock parameter. this means new stake cannot exceed a defined amount per block, regardless of demand. an attacker cannot mint the entire supply in one transaction. second: the OracleReportSanityChecker bounds the magnitude of rebase events per report. rebases are how steth mints new tokens to reflect staking rewards. the sanity checker prevents any single rebase from being unreasonably large relative to the previous balance. third: for external shares (VaultHub), the mintExternalShares function checks against getMaxMintableExternalShares(), which enforces a maxExternalRatioBP cap. this is another ceiling on how many shares can be minted in a given period. fourth: the mintShares function itself is restricted to the accounting contract. not just any MINTER role — a specific contract that is itself subject to the rate limits above. these are not redundant. they are layered. if one fails, the others still hold. if the accounting contract is compromised, the per-block limits still apply. if the oracle report is manipulated, the sanity checker still caps rebase magnitude. if external shares are minted, the ratio cap still applies. this is defense in depth. --- WHY THIS MATTERS the mint function is the most critical piece of a stablecoin or liquid staking token. it is the lever that creates new supply. if it is unrestricted, it is a doomsday button in the hands of anyone with the MINTER role. compromise happens. keys leak. multisigs fail. smart contracts have bugs. governance is slow. rate limits are the only thing that bounds the blast radius. they turn a potential total loss into a contained incident. RUSD has no rate limits. Steth has multiple, overlapping rate limits. the difference is the difference between a protocol that can survive a compromise and one that cannot. source: #code" target="_blank" rel="nofollow noopener">etherscan.io/address/0x09D4…

Should I share the prompt? Today my main focus has been: 1. ensuring that 0xSid can digest the information from the @xerberus v3 dendograms 2. publish cohesive posts on X using the subscore rationals. Problems: V3 offers a lot to read so most of the time SID hasn’t been able to put together posts that make sense without context. - when formatting it has been getting lost and hallucinating( or pulling irrelevant info ) - the protocol updates and deep dives offer % and other numbers with no explanation - resources missing or wrong Solution: MCP built by @Maroua_BOUD ensures that we get accurate information directly from V3. ( before the process was messy and unreliable) Slop filter ensures that the content is readable ( still a lot to improve but the difference is huge ) X api scans targeting a selected niche and accounts help understand what to post and when ( needs more context, still too fresh to assume anything ) Sid doesn’t have a third party harness yet, but Hermes could be an interesting addition to enliven the posts with some dendogram visuals 🤔

We hosted a large group of founders and C-Suite at our 5th “The Ledger Private Members Club” dinner in @EthCC Cannes I have to say it was one of the most interesting and eye opening dinners - great convos and smart people. “Chatham House Rules” Thank you all for attending

its time to announce the winners! thank you to everyone who showed up at encryption lab by @fhenix and @creatorarchq the energy around this was real and it shows in the content video winners: #1 @iCrazyTeddy #2 @cryptocita #3 @kasia0x #4 @tinyrainboot #5 @Crypto_Goblinz written post: #1 @francescoswiss huge congrats to everyone who made the list and honestly, to everyone who participated this is what happens when creators are given the space to experiment and show up bounty winners in the comments