Trusting responses from a single AI model and believing it as the source of truth is stupidity just like believing in a religion and taking it as the source of tru... Oh wait. Nvm.
English
Jainil 🦇🔊 | 🤓.eth
407 posts
Jainil 🦇🔊 | 🤓.eth
@save_as_jay
Blockchain Researcher | Solidity | Web3 | Learner | Chess | Reactjs |
Katılım Şubat 2022
736 Takip Edilen233 Takipçiler
Jainil 🦇🔊 | 🤓.eth retweetledi
Don't be surprised when a LayerZero multisig
exploit ends up funding some more DPRK tests 🫡
612 days ago
Joe@0x_Osprey
124d8e4a9bf6f58e20ea7d754410f7422a0fa77d410b77cb5ba539ecb0145bbb
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Jainil 🦇🔊 | 🤓.eth retweetledi
Introducing OpenZeppelin Skills 🤖
In the first of a series of releases, we're dropping 9 skills to give AI agents authoritative, up-to-date knowledge of OpenZeppelin Contracts libraries for secure smart contract development, setup, and safe upgrades.
github.com/OpenZeppelin/o…
English
@WTTDOTM Can you have names based upon country?
Also, some standard layout used by lawyers of the country as well?
It would be awesome
English
Lawyers are expensive, but *looking* like you have a lawyer is free.
Today, I'm happy to announce my latest project, Heavyweight! Heavyweight lets you take any complaint you have, and make it look like a scary legal document without ever actually claiming to be from a lawyer.
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Cute hack of the week
Did you know that some older compound cTokens return false on failure instead of reverting?
This staking contract discovered that the hard way
app.blocksec.com/explorer/tx/et…
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Jainil 🦇🔊 | 🤓.eth retweetledi
It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementation contract.
There is an old proxy by OpenZeppelin who used the following slot: `keccak256("org.zeppelinos.proxy.implementation")` = `0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3`
We now also have the standard EIP-1967 slot `bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1)` = `0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc`
So what happened is that the old OpenZeppelin proxy slot was written to with the benign implementation address _and_ the standard EIP-1967 slot was also written to with the malicious implementation address. Since Etherscan queries first the old proxy slot, it retrieved the benign looking one first and thus displayed it.
deebeez@deeberiroz
We @VennBuild just discovered a critical backdoor on thousands of smart contracts leaving over $10,000,000 at risk for months Along with the help of security researchers @dedaub @pcaversaccio, the seals team @seal_911 and others, we managed to rescue the majority of funds before the attacker could make their move. This is the story of how a sophisticated attacker (cough Lazarus) put backdoors in thousands of contracts and ALMOST got away with it 🧵
English
Jainil 🦇🔊 | 🤓.eth retweetledi
This is pretty interesting
Never thought of using the identity precompile to bypass external checks that expect the function selector to be returned
Also, this is the first time I've seen a precompile used in an exploit
BlockSec Phalcon@Phalcon_xyz
ALERT! Our system detected a series of attacks targeting the @odosprotocol protocol on #ETH #Base, resulting in ~$50k in losses. The root cause is arbitrary call vulnerability caused by unverified user input. We notice that the attacker exploited the precompile contract (0x4) to bypass the signature verification. Protocols utilizing this method should exercise caution to mitigate similar risks. Attack TX: app.blocksec.com/explorer/tx/ba… Subscribe to BlockSec Phalcon today to get alerted in realtime and take automatic actions to protect your assets. blocksec.com/phalcon
English
Excited to be one of the winners for Based Builder of the Year 2024! Thank you @BasedIndia @callusfbi for the recognition. Let’s keep building!
#basedbuilderoftheyear
Base India@BasedIndia
We have our winners in for Based Builders of the Year 2024! Congratulations @0xSarthak13 & @RadadiyaSunny! They collectively shipped: - Basewave: for recurring payments - Vox: a ticket reselling platform - Hunch: letting AI agents trade viral content - Snapbam: a memecoin rebalancer allowing gasless memecoin buying and selling You guys are the based ones that will get: (i) A 1:1 mentorship call with @Saxenasaheb💙 (ii) A shoutout from @jessepollak (iii) An exclusive Based Builder of the Year, 2024 NFT🔥 LFB Builders- to more based ships in 2025!
English
I met the @lodestar_eth team #DevconSEA Booth S2-03! Virtually connect on Discord at chainsafe.io/discord and meet the team @caymannan @ensi321 @Gajpower @MatthewKeil @nazarhussain @nicoflaig @philngo_ @vutuyen2636
English
Jainil 🦇🔊 | 🤓.eth retweetledi
- @blast 3/5 msig ($1.45B)
- @0xMantle 6/13 msig ($1.44B)
- @LineaBuild 4/6 msig ($849M)
- @Starknet 2/5 msig ($676M)
- @MetisL2 4/9 msig ($303M)
- @fraxfinance 3/5 msig ($170M)
- @taikoxyz 3/4 msig ($100M)
- @loopringorg 4/6 msig ($45M)
- @KintoXYZ 3/5 msig ($36M)
Mudit Gupta@Mudit__Gupta
PSA: Radiant finance is being exploited live. Withdraw your fund and revoke approvals. Seems like their 3/11 multisig got compromised, ownership transferred and then rekt. Another key management failure.
HT
Jainil 🦇🔊 | 🤓.eth retweetledi
.@Safe leads the way in wallet infra, revolutionizing digital asset ownership.
- Over $70B in assets secured
- 67% increase in active users quarterly
- Enhanced security, advanced access control
As dedicated Safe users, we built our own module in-house: zkSafe
What it is ↓
English
Looking for a cross chain builder/specialist with 2-3 year experience to work with a star CTO building cross chain liquidity infra. Lets use twitter family to source some rockstars ❤️
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Jainil 🦇🔊 | 🤓.eth retweetledi
Please do not interact with any LI.FI powered applications for now!
We're investigating a potential exploit. If you did not set infinite approval, you are not at risk.
Only users that have manually set infinite approvals seem to be affected.
Revoke all approvals for: 0x1231deb6f5749ef6ce6943a275a1d3e7486f4eae 0x341e94069f53234fE6DabeF707aD424830525715 0xDE1E598b81620773454588B85D6b5D4eEC32573e 0x24ca98fB6972F5eE05f0dB00595c7f68D9FaFd68 revoke.cash
English
Jainil 🦇🔊 | 🤓.eth retweetledi
ALERT: The compound.finance URL has been compromised and is currently hosting a phishing site. DO NOT interact with the compound.finance website until further notice.
The Compound protocol itself is not impacted and all smart contract funds are safe.
English
One of the worst customer service @whirlpool_india !
refrigerator has been broken for more than 1 month and we are told it will be replaced under warranty and yet no update from @whirlpool_india after contacting so many times.
SRN:
AHM18062404578
AHM18062404545
AHM10062460697
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Introducing Lumos Macro Stats.
Since the release of Lumos, we've received numerous requests from hacked victims, security researchers, projects, and students for charts showing statistics of hacking incidents by category.
Now, anyone, regardless of their engineering background, can access a customizable chart containing the following information:
→ Total exploited value and incident count
→ Attack vector
→ Destination of exploited funds
→ Estimated value of DPRK-linked hacks
Our goal is simple: to shed light on the shadows of Web3 hacks by providing transparent information on prevalent security incidents involving both smart contracts and project teams.
$1.7B was lost to hacks in 2023.
They can't keep getting away with this.
English
Jainil 🦇🔊 | 🤓.eth retweetledi
Seeking seamless batch transactions across various networks without the hassle of manual switches?
Experience the ease of one-click trading across abstract chains with DefiLens. Say goodbye to manual switches and hello to seamless transactions👋
#Defi #DeFiRevolution
English