P

Open-sourced a home-made static analyzer in @typescript that I started building when I saw all the spam reports on @code4rena. It works with detectors based on RegEx or AST analysis using solidity-ast by @OpenZeppelin Feel free to build on it! github.com/Picodes/4naly3…

🇪🇺 agEUR rebrands to EURA 🇪🇺 Say hello to EURA, Angle's Euro stablecoin fresh new name! This rebranding marks a pivotal step in Angle's commitment to streamlining and enhancing DeFi usability. Read more: angle.money/blog/announcem…

Gm Get you team members that craft branded cups for fun Also plotting long term world domination

@GalloDaSballo The 4nalyz3r is the most egalitarian thing we've ever seen. It's insanely ambitious, and if it works, can really reshape the fabric of society

Legend.

Crypto should actually be criticized more, it’s just still unpopular to do so in a serious way. We’ve spent 100s of billions of dollars and the most successful DeFi applications would salivate for 5k daily active users. The most highly regarded investment firms funded the biggest

@bytes032 How would it work? I don't think you can access secrets without having collaborator access to the repo

DAO Extractable Value: Charge $4,000,000 for an unknown amount of work.

@MitchellAmador For example, don't you think it would be more effective to deter future hackers to stress that there will be no other choices than Immunefi and criminal prosecution, rather than insisting on increasing bounties?

@thePicodes Nah, this is wrong. ‘Others’ are the vast majority, committed white/black types are the very small minorities. Bounties are for the vast central majority that is morally flexible, that is most people.

@trust__90 Yes, that's exactly what my point actually, to me bounties are useful for attracting whitehat's eyes, not to "change" hats colors

@thePicodes With that logic there's no point in even hosting a bounty program. Reality is, you need to incentivize pure whitehats to spend the time before pure blackhats get there first. The reward slope must be matched.

@gogotheauditor @bytes032 @SpearbitDAO 25k per week and Spearbit LSRs are paid 20k, no?

Arbitrum is paying $625/hour for governance proposal audits. This is the equivalent of a $1.3M annual salary. We're just getting started.

2 years ago, agEUR was deployed on Ethereum mainnet! 10,000,000,000€ in transaction volume later, 🌐 1.5M addresses across 10+ chains are now using agEUR as their gateway to open finance and Euro DeFi 🇪🇺 Evolution in motion

@pashov For the ones currently using this model, what happens when there is a disagreement on the validity of a finding?

The Pay-per-Vulnerability audit model is gaining more and more traction, I see new people applying it constantly now I know there are arguments for and against it, but I think the market knows best, let's see if it becomes more popular than the current model

Here is an open letter to formal methods researchers, particularly cryptocurrency outliers, on the incredible opportunity that awaits those who finally want to prove the worth of formal methods. 100proof.org/open-letter-on…

One more of these feature for which the design is mostly settled, and "its just details remainings".

🔒 Thread: Risk Analysis of Stablecoins Huge shoutout to @thePicodes for his crazy insights. Here's a comprehensive thread summarizing the key takeaways and the importance of risk analysis when dealing with stablecoins. 💼🔍

@hansfriese At the same time the number of issues in the final audit report is a good indicator of your chance to get rekt. The more issues auditors have found the more likely they are to have missed something.

A 100% perfect audit means there are no weak spots left. The more problems we spot during an audit, the fewer are left. So, to me, it totally makes sense to use the number of issues we find during an audit to see how well we're doing.

Boom! @pablo_veyrat from @AngleProtocol is rocking the main stage at @EthCC with the Key Transmuter Principles! They are undeniably one of the best teams and projects in the entire ecosystem!

@TheBigWhale_ @LensProtocol @alex_gabadou @bipbop_eth @koeppelmann @gnosispay @pablo_veyrat @AngleProtocol It’s so obvious, thank you very much @pablo_veyrat 😅

@jeiwan7 But you still have to assume at some point that transactions are properly built. Like when swapping at Uniswap you still have to set the slippage properly. So when assessing severity it can make sense to follow the rule user mistake -> low.

"User mistake" is a common argument to nullify a finding during an audit. Come on! Smart contracts these days are much more complex than they used to be. With everyone trying to bring the adoption to web3 it's also obvious that most users are not EVM geeks.