Stan Trenev

@RECRDapp Yes ser, exactly 😅

@sstrenev The metaverse gaming job offer is truly the universal red flag.

You know a Web3 recruiter is definitely North Korean when they offer you a position in a metaverse gaming platform. That shit has been dead for a long time.

@pashov good point, indeed could be - but still better than the public memepool when executing a private txn is critical xD

@sstrenev Is it still a "single point of failure"-type trust?

Web3 Security Horror Story Time A protocol gets reported a Critical vulnerability. They immediately patch it with a code fix and push it on-chain to their upgradeable contracts. A MEV bot picks up the "code fix" transaction before it is validated into a block, re-engineers the vulnerability with AI and front-runs the upgrade patch with an exploit. Upgrade passes successfully, the exploit before it as well. You just exposed the fix of a Critical vulnerability to an untrusted actor. AI allowed seconds to be enough to deduct a vulnerability from a patch. You can argue AI is dumb, sure. But you can't argue AI is not fast - and that it can't be even faster. Upgradeability and MEV bots become an attack vector with time. I challenge you to say how this can be safely secured.

github repo, github.com/defiedcc/diamo… no critical issues identified by 3 independent AI scan audits disclaimer: no manual audit review has been performed will be adding some funds to it, which can be treated as a bug bounty

non-custodial - your funds stay in the smart contract your ETH is wrapped into wstETH to earn Lido staking yield while locked chainlink oracle verifies ETH all-time high onchain before unlocking withdrawals

bear market experiment: diamond hands vault a simple vault that lets users stake their ETH (via wstETH) with a 10% penalty for early withdrawal unless ETH reaches a new ATH use case: signaling long-term holder conviction 0x3548A8345A37f58F232F97eB050C937fb660D514

@TateTheTalisman Bulgarian

Baklava is -

@MartinMarchev Nice deep dive-in, sir! Indeed, we can't expect to onboard the next billion users with such UX. I guess such stories make even long-term DeFi degens afraid to swap xD.

There’s no other feeling like deploying new smart contracts on mainnet that will hold substantial TVL. The adrenaline rush is real. 🚀

Gas optimization in smart contracts is fun - until it isn’t. A protocol should never trade off security just to spend 1% less gas on transactions.

@MartinMarchev @SoloditOfficial @cyfrin Legend!

Your AI agent now has access to 20k+ smart contract audit findings. claudit - one-line install, works with Claude Code & Codex CLI, searches across all @SoloditOfficial findings, open source. Huge shoutout to @Cyfrin for opening the Solodit API 🫡 Link below 🔗👇

@0xEvgeniy but it gets harder lol

i work in crypto not because it is easy, but because i thought it would be easy.

It might not be 100% necessary, but it gives some sense of trust and social proof, especially if the backers have previously backed other successful projects. In your mind, you would think, "See, these guys also backed whichever protocol crushed it, so maybe this one will also do well and is probably safe to put my money there."

@sstrenev @mezzanine_fi why prominent investors?

What would it take for you to feel genuinely comfortable depositing into a new yield protocol in 2026? Curious what actually moves the needle for people right now.

If you're building or auditing ERC-4626 tokenized vaults, you should definitely bookmark this repo by a16z. It's a comprehensive test suite for verifying that the main ERC-4626 invariants are respected in all cases. github.com/a16z/erc4626-t…

@savantchat True that

@sstrenev the invariant alerting point is underrated. most protocols can't even define their invariants clearly enough to monitor them

The following should be non-negotiable for web3 protocols: - Managing a generous bug bounty program - Maintaining active threat monitoring - Setting up alerts for breaking key invariants in your protocol - Doing everything possible to keep users’ funds secure Remember, you’re not just holding TVL and users’ funds - in many cases you’re safeguarding their savings, dreams, and retirement.

Career update: After almost two years with @legiondotcc, I am moving on - and have to say it’s been a wild ride. After handling 20+ token sales and more than $450M in stablecoin and token transaction volume combined through the smart contracts I built, Legion indeed positioned itself as the go-to place for regulatory compliant ICOs. Thanks to the team for the time spent together - keep dominating the space! More updates on my end soon!