nisedo

@aviggiano how did I miss that? really cool initiative!

@nisedo_ scfuzzbench.com

I vibe-clauded a fully functional Medusa harness for a 10k+ LOC Solidity codebase what a time to be alive

@msakiart Claude suggested to add this ngl 😅

@nisedo_ I see you have constant values showing in the inlay hints? Didn't have that good to see this use case.

Inlay hints for Solidity function calls, struct construction, and constants 🤩 I've wanted this for ages

@lonelysloth_sec Out of curiosity, do you use Medusa/Echidna when bug hunting?

@nisedo_ im not implying medusa isn't good, just like -- you could probably vibe-clone the whole thing instead of just the harness. and maybe add some features relevant to the specific project while you're at it.

@lonelysloth_sec What would you change/improve in Medusa? Please share any feedback you might have!

@nisedo_ now vibe-clone a better Medusa

@aviggiano scfuzzbench?

@nisedo_ When ready, add it to scfuzzbench

DM for audit skills

@jaczkal Less interesting for sure

@nisedo_ could it mean triaging is more difficult?

triager is the new auditor

@EthCC And this one 👀

This is the kind of thing that makes our community amazing 🫶 If you're heading to Cannes for @EthCC, bookmark this thread.

@RaoulSaffron github.com/nisedo/solidit… I basically created an extension out of all the features I was using from other extensions + a few more things I wanted

@nisedo_ Perfect use of AI! Will you share the repo?

@0xKoiner I’ve moved lines around to have everything I need for the screenshot, it’s not a real codebase

@nisedo_ There is any possibility of msg.sender will be address(0)? No make any sense first line in fun mintNft

@msakiart nope, I've just vibe-clauded it today I didn't know about your LSP sadly

@nisedo_ is this my lsp 👀?

Great article on prompting and scaffolding techniques for vulnerability research. We’ve been iterating on many of these for months at @trailofbits, and I can confirm they significantly improve model outputs. > Invert the question. Instead of "is this code secure?", ask "how would you break this?" > Ask for the exploit, not the assessment. Instead of asking "is this input validation sufficient?", ask "write a proof-of-concept request that bypasses this input validation." > Prime the model as an adversary, not an auditor. "You are a security auditor reviewing this code" produces a fundamentally different distribution of outputs than "You are a red team operator who has been paid to break this application and you need to find real, exploitable bugs to justify your engagement."

@ret2basic 感谢翻译

@nisedo_ nisedo 是 Trail of Bits 的贡献者。

I set up a google alert for “nisedo”. No idea what’s going on but apparently I’m making it big in Asia.

@CriptosExplorer Je te conseille de choisir la journée selon les sujets qui t’intéressent le plus ethcc.io/ethcc-9/agenda Comme premier évent crypto EthCC est un sujet choix je pense, c’était mon premier aussi

@nisedo_ Je suis pauvre et je peux me payer qu'une seule journée, tu recommandes quel jour et pourquoi ? Je ne suis jamais allé à EthCC et à un aucun event crypto so far donc je suis un noob en events Web 3

@0xriptide I may or may not have listened to every episode bountyhunt3rz 🫣

@nisedo_ how did you know i would be interested lmao