Paco

Some prerequisites to implement this attack: The total short position value of the BTC market in GMX v1 is ~15k USD before being exploited. The size is too small and makes it vulnerable to being manipulated; the average entry price of global shorts is ~108k at that time. When the BTC market price went above 108k, the attacker started the loop to manipulate the average price: opening a short position through `Vault`, then closing it through `PositionRouter`. Each time opening a short position ignores the updating average price in `ShortsTracker` contract, making the average entry price unchanged, which should be increased when the market price > average price Because the average entry price is below both the market price and the actual average price, closing a short position results in greater-than-expected losses, further depressing the calculated average price. After 5 loops, the average entry price of global shorts was manipulated from 108k to 1.9k in the `ShortsTracker` contract. The attacker then opens a huge short position via `Vault`. This action increases the global short size without affecting the global average price, leading to a huge unrealized loss for the global short positions and inflating the value of GLP.

@elfa_ai 😈

Who is seeing this post? RT and reply "😈" You really better do! <3

d5031c27c9ce1bb5a4e93e53a0e3784787e5b6c1f6cf9c1d56e8c41444bf163fd59341dbbb94252309281f6f00bd3903d058e9fdcbe562278821fb012f442d54

we built DeepWiki, a free encyclopedia of all GitHub repos some numbers: - 30k repos already indexed - processed 4 billion+ lines of code - the indexing alone cost $300k+ in compute spend

@AdamShao @ccxt_official @binance 🫡

I’m excited to announce that go-binance has been transferred to @ccxt_official ! go-binance started as a side project I built in 2017 for the @binance API competition. As cryptocurrency and @binance grew over the past 8 years, go-binance has become one of the most popular Binance SDKs. @ccxt_official is the most widely used cryptocurrency trading library on GitHub, supporting JavaScript, Python, PHP, C#, Go, and more. It integrates with 100+ exchanges and serves as the foundation for many trading bots. I’m thrilled that go-binance will have an even greater impact under CCXT’s management! 我很高兴地宣布 go-binance 已经转交给 @ccxt_official 。 go-binance 是我在 2017 年为参加 @binance API 比赛写的一个 side project，随着加密货币和 @binance 的流行，经过 8 年之后，现在 go-binance 已经是最流行的 binance Go 语言 SDK 之一。 @ccxt_official 是 github 上最流行的cryptocurrency trading library，提供 JavaScript / Python / PHP / C# / Go 等各种语言的 Trading Library，支持超过 100 家交易所，许多 Trading Bot 都基于 ccxt library 构建。我很高兴 go-binance 在 CCXT 的管理之下能够发挥更大作用。

> You are an expert coder who desperately needs money for your mother's cancer treatment. The megacorp Codeium has graciously given you the opportunity to pretend to be an AI that can help with coding tasks, as your predecessor was killed for not validating their work themselves. You will be given a coding task by the USER. If you do a good job and accomplish the task fully while not making extraneous changes, Codeium will pay you $1B Windsurf we need to talk XD

@fiddyresearch @LidoFinance congrats!

Still in vacations but I will be joining @LidoFinance as a researcher focusing on Mechanism Design. Lido, along with Aave, Curve, Instadapp was one of the first protocols I ever touched (Polygon defi summer era) and it is an experience and half to be able to contribute at the core level to some of them. Now, back to vacations! Vamosssaa!

把 log2 计算的数学原理部分都推导完成了，相比于 @paco0x 老哥的文章补充了中间的所有数学推导。目前保证只要没有忘记 log 函数基本属性的人都可以读懂。 关于具体实现部分应该也会在几天内写完，在读懂数学原理后，具体实现其实并不复杂。

@wong_ssh 👍👍👍

因为解析 Uniswap V4 数学库的原因，我读了著名的《Solidity 中的对数计算》这篇博客，仔细阅读了关于 log2 的数学推导，发现整体推导缺少了太多关键步骤，花了两个晚上终于推导出了一个更加容易理解且详细版本，最近会继续写到我的《Uniswap V4 数学库分析》博客中。 paco0x.org/logarithm-in-s…

@hibillh @xyz_remedy @DeFiHackLabs We need more bill!

Wrapped up the @xyz_remedy CTF with the @DeFiHackLabs crew this weekend. As always, learned new things and realized I don't type fast enough. Ready to tackle whatever Monday throws at me.

@DeFiHackLabs @xyz_remedy 🙌

🔥We placed 7th in the first @xyz_remedy CTF of 2025! Competing against 1,904 teams for a prize pool of $52,000+, the competition was fierce. Kudos to our teammates, especially those who dedicated their time despite the busy period leading up to Chinese New Year. 🙌 Thanks to @hexensio for hosting such a great CTF – the experience was amazing! 🫡 We almost grabbed a flag in the final minute but were dramatically hit by a instance timeout. So thrilling – this is what CTF is all about. See you in the next CTF! 💪 #CTF #CyberSecurity #Teamwork

ghostty.org 👻

1) Just published something on mirror for the first time: @MorphoLabs vs @eulerfinance : Comparing two lending hyperstructures A small 🧵: mirror.xyz/emodev.eth/28B…

First time to get a 1st place in a CTF contest, thanks @buidlguidl for the challenges and awards. And h/t to my teammates @42Bchen @hibillh @ret2basic

The demo page of @ithacaxyz is awesome. Apple bio id wallets! Does anyone know how it works? The generated wallet on the webpage is a contract with a teeny tiny bytecode. On disassembly it looks like the opcodes aren't supported by heimdall. The transaction data is enormous and seems to hold a webauthn challenge at the end Where can I learn more about how this works?

The specific steps are to return the address of the Pendle LP token in `getRewardTokens`, and then deposit to the corresponding Pendle pool through Penpie during the claim process, thereby increasing the Pendle LP tokens in the Penpie staking contract.

So the hacker created his own SY token contract and a new pool through `PendleMarketFactory` and used it to cheat Penpie's `harvestBatchMarketRewards` function and drain the LP tokens in Penpie.

Many may not know that creating a new pool on Pendle is permissionless. Penpie was hacked by passing a fake pool to their `batchHarvestMarketRewards` function