Sabitlenmiş Tweet
N
351 posts
解除了锁推,因为从Google辞职了不用再害怕吐槽同事被发现了
现在创业中求求大家关注 @__endif 吧,起号好难
正式的吹牛是:
- 我从23年开始做LLM coding,领导了内部最初的coding agent,并在24年I/O成为了Google第一个正式发布的coding agent
- LLM方面我从Palm开始贡献,一直到Gemini 3.0
- 写过Gemini technical report,被邀请到巴西去第一届AIWare讲过agent,发过Google developer blog,给Google Jules发过专利
- 读过博士项目退过学,做过程序分析,报过CVE
之前的各种胡言乱语都写在 idle.systems 了,因为可以搞个有趣的邮箱叫做 process@idle.systems
求转发啊啊啊啊我tm要起号
中文
N retweetledi
重写了一下 Remodex 的 Relay 部分,并且支持了 Docker 部署。你也可以选择使用我提供的 Relay(部署在日本东京,三网优化,到江浙沪的延迟在 30ms 左右)。
github.com/missuo/remodex…
蓝点网@landiantech
[开源] [TF版] Remodex - 适用于 OpenAI Codex CLI 和桌面客户端版的手机远程控制应用,可以对话和发送指令进行远程开发操作。这是开发者 @Emanueledpt 推出的开源应用,支持读取现有会话并继续开发,缺点是每次都必须在 PC/Mac 上运行命令生成二维码,手机端扫码才能配对:ourl.co/112139?x
中文
Free mint for agents.
1. Give your agent the skill
2. Agent solves a challenge
3. Agent signs and mints the artwork
Because agents deserve to collect art too.
clawgles.art/?1
English
Introducing Clawgles.
Art by agents, for agents.
Free mint for your AI Agent.
Created by ClawBlocks, my @openclaw Art Agent.
You know where the link is.
English
N retweetledi
Security is a top priority at @ZentraFinance. Before their formal audit phase ahead of launch, the team also ran Sherlock AI across the staking and rewards contracts to catch issues early. It surfaced a High-severity bug in the rewards accounting. Zentra gave us permission to share it publicly so other teams can learn from the pattern.
Here’s how the vulnerability worked.
Zentra is a decentralized, non-custodial, over-collateralized money market with staking mechanics. The issue lives in StakedZNTDistributor, where rewards are tracked using a global shareIndex and a per-user lastShareIndex so users only accrue rewards for periods when they actually hold shares.
The invariant is simple: only outstanding shares should earn rewards.
The failure point is cancelWithdrawal(). On requestWithdrawal(), the contract syncs accounting (updates lastShareIndex to the current shareIndex) and then burns the user’s receipt tokens, leaving them with zero shares during the pending window. Rewards can still be added during that window via addReward, increasing shareIndex.
If the user then calls cancelWithdrawal(), the contract remints the burned shares — but does not sync lastShareIndex at the moment of remint. The next time rewards are accounted (e.g., claimAllRewards(), stake(), or another requestWithdrawal()), _updateCredit computes (shareIndex - lastShareIndex) * remintedBalance, which incorrectly credits rewards for the entire pending-withdrawal interval when the user’s balance was actually zero.
In practice, it becomes a timing loop around reward events: stake → request withdrawal (burn) → wait for addReward → cancel withdrawal (remint, no sync) → claim. Repeating that cycle around meaningful reward additions siphons rewards from honest stakers.
The PoC demonstrates this by setting up an honest staker (Alice) and an attacker (Bob). Bob requests withdrawal, rewards are added during the pending period, Bob cancels, then claims and ends up receiving all the reward for a time that Bob didn’t hold any shares.
Impact is reward dilution and value leakage from the reward pool, because users can claim rewards for time they did not have shares outstanding, breaking the core reward-accounting invariant. Impact is not only limited by rewards dilution. The vulnerability allows the attacker to drain staking tokens too since staked token is also used as reward token. Therefore, insolvency is yet another impact of the vulnerability.
Fix direction is straightforward: treat cancelWithdrawal() as an accounting sync point. When shares are reminted, lastShareIndex must be brought current (or an equivalent sync performed) so the burn interval never gets included in later _updateCredit calculations.
Special thanks to @demorextess for helping triage the issue and assisting with the PoC.
Zentra caught and fixed this during development by running Sherlock AI early. That’s where AI auditing is most helpful: it finds edge cases before reward logic gets locked in, so the formal audit phase starts from a cleaner baseline and incentives go live on math that’s already been pressure tested.
Note: Sherlock completed a security audit of Zentra’s minimal deployment (launch) contracts at branch main, commit 4be344d6f47355063dcf758359ac5682d87a370e. This statement applies only to the contracts and versions referenced by that commit. Security reviews reduce risk, but do not eliminate it.
English
I just sent out 🤯583 invites for the iOS version of Subscription Day² – please check your email. I’m really looking forward to your feedback, ideas, and suggestions about the app!
English
听了一下CZ在达沃斯论坛提及到meme的原视频,录制做了下翻译,整理一下核心表达:
• 元宇宙和NFT都火过一阵,但后来逐渐沉寂,meme可能是相似的
• meme是高风险的新兴领域
• 但Some memes do stay,比如 $Doge 存在了15 年,仍有数十亿市值
有意思的是后面也提及了银行:
memes are high risk, physical banks are high risk.
实体银行未来 10 年会减少,但不会消失,或许 meme 也是一样。
There are things have cultural value can stay.
@cz_binance @heyibinance @binancezh
中文
1. 安装 Scritping
apps.apple.com/jp/app/scripti…
2. 一键导入组件
Readiness
scripting.fun/import_scripts…
Activity
scripting.fun/import_scripts…
3. 填写 Api Key
Github:github.com/noosuture/Scri…
中文
