#  @chrisdior777 chrisdior.eth chrisdior.eth posts on X about web3, ethereum, smart contract, if you the most. They currently have [------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours. ### Engagements: [-----] [#](/creator/twitter::1444642306179616769/interactions)  - [--] Week [------] -9.70% - [--] Month [-------] -7.80% - [--] Months [---------] +336% - [--] Year [---------] +227% ### Mentions: [--] [#](/creator/twitter::1444642306179616769/posts_active)  - [--] Month [--] no change - [--] Months [---] +100% - [--] Year [---] +58% ### Followers: [------] [#](/creator/twitter::1444642306179616769/followers)  - [--] Week [------] +0.29% - [--] Month [------] +2.40% - [--] Months [------] +22% - [--] Year [------] +52% ### CreatorRank: [---------] [#](/creator/twitter::1444642306179616769/influencer_rank)  ### Social Influence **Social category influence** [finance](/list/finance) [cryptocurrencies](/list/cryptocurrencies) [technology brands](/list/technology-brands) [exchanges](/list/exchanges) [stocks](/list/stocks) [social networks](/list/social-networks) [travel destinations](/list/travel-destinations) [celebrities](/list/celebrities) [automotive brands](/list/automotive-brands) [vc firms](/list/vc-firms) **Social topic influence** [web3](/topic/web3) #2294, [ethereum](/topic/ethereum), [smart contract](/topic/smart-contract), [if you](/topic/if-you), [money](/topic/money), [uniswap](/topic/uniswap), [defi](/topic/defi), [protocol](/topic/protocol), [contracts](/topic/contracts), [blockchain](/topic/blockchain) **Top assets mentioned** [Ethereum (ETH)](/topic/ethereum) [USDC (USDC)](/topic/usdc) [Chainlink (LINK)](/topic/chainlink) [Solana (SOL)](/topic/solana) [Bitcoin (BTC)](/topic/bitcoin) [Aave (AAVE)](/topic/aave) [WETH (WETH)](/topic/weth) ### Top Social Posts Top posts by engagements in the last [--] hours "β Helpful questions that you should ask yourself when creating/auditing a function in Solidity: Q1 - Can it be external Q2 - Should it be internal Q3 - Should it be payable Q4 - Can it be combined with another similar function" [X Link](https://x.com/chrisdior777/status/1610904804347514881) 2023-01-05T07:43Z [----] followers, [----] engagements "Q5 - Validate all parameters are within safe bounds even if the function can only be called by a trusted users. Q6 - Is the checks before effects pattern followed (SWC-107) Q7 - Check for front-running possibilities such as the approve function. (SWC-114)" [X Link](https://x.com/chrisdior777/status/1610904806977331202) 2023-01-05T07:43Z [----] followers, [---] engagements "β If you want to transition to web3 security then this thread is for you Pay attention I will give you the exact steps that you need to take in order to start auditing smart contracts: A 𧡠1/ First things first you need to understand Ethereum as much as you can π" [X Link](https://x.com/anyuser/status/1616935875132411905) 2023-01-21T23:08Z 10.7K followers, 55.5K engagements "I am just reading an article about MEV and I am amazed at how much money are made with MEV: "Between January [--] [----] and December [--] [----] more than $773m has been earned through MEV on Ethereum."" [X Link](https://x.com/chrisdior777/status/1652315407712235520) 2023-04-29T14:14Z [----] followers, [----] engagements "I am recently learning a lot from SpearBit's youtube channel: You can find amazing videos where experienced auditors are explaining findings and much more. Definitely check it out" [X Link](https://x.com/chrisdior777/status/1659895958493167618) 2023-05-20T12:16Z [----] followers, [----] engagements "A lot of people can't seem to understand how the Tornado cash hack happened exactly. Here is a video that will certainly clear it out for you:" [X Link](https://x.com/chrisdior777/status/1664319207633305608) 2023-06-01T17:13Z [----] followers, [--] engagements "How using _safeMint() can create a security loophole and make re-entrancy possible See more here:" [X Link](https://x.com/chrisdior777/status/1673237207983718401) 2023-06-28T08:34Z [----] followers, [----] engagements "@cmpeq The information in the post is targeting people who are in the beginning of their auditing career and are practicing by auditing in code4rena for example. Also the weird thing here is the hex version of 2**256-1 which is not encountered often at least from my experience" [X Link](https://x.com/chrisdior777/status/1677986224106029056) 2023-07-09T10:39Z [----] followers, [---] engagements "This one is fairly easy and a critical one. What is the problem Will post the finding from the report after couple of hours" [X Link](https://x.com/chrisdior777/status/1685636241834827776) 2023-08-02T20:01Z [----] followers, [----] engagements "The from argument is user controlled so anyone can pass the address of a user who has approved the contract to spend his tokens which will move EURS tokens from the exploited user to the contract even that the user didn't intend that. Check the fix recommendation here" [X Link](https://x.com/chrisdior777/status/1685778574119182336) 2023-07-31T01:21Z [----] followers, [---] engagements "Here is a perfect way to level up if you want to upgrade your smart contract security knowledge: [--]. Go to SECUREUM discord: [--]. If you are a newbie or at least have some experience start going through slot-quiz channels and try to do the tests yourself" [X Link](https://x.com/chrisdior777/status/1688493878150623232) 2023-08-07T10:14Z [----] followers, [--] engagements "How I manage my day-to-day tasks as a smart contract security researcher in [--] steps β: Step [--]. Listing Tasks: I start by enumerating all the tasks that need to be completed today for example: 1/ Write [--] tweets 2/ Audit [---] SLOC of your current private audit 3/ Read 3" [X Link](https://x.com/chrisdior777/status/1689616506424815616) 2023-08-10T12:35Z [----] followers, [--] engagements "5 things which you MUST check in a smart contract or you may miss a Med/High risk vulnerability π: [--]. Check for casting errors [--]. Check if division can round down to zero or if it can be divided by zero [--]. Check if each contract input is properly validated [--]. Check all onlyOwner functions for centralisation risks [--]. Specifying explicitly gas cost values - opcodes can change" [X Link](https://x.com/chrisdior777/status/1690000205188370432) 2023-08-11T14:00Z [----] followers, [----] engagements "Cryptographic proofs (merkle trees signatures etc) need to be tied to msg.sender which an attacker cannot manipulate without acquiring the private key. This code is insecure for [--] reasons π: [--]. Anyone who knows the addresses that are selected for the airdrop can recreate" [X Link](https://x.com/chrisdior777/status/1690311836078350336) 2023-08-12T10:38Z [----] followers, [---] engagements "Always check if these business logic breakers are not present when you audit a lending and borrowing based DeFi protocol π [--]. The buyer's collateral cannot be liquidated when the loan is not paid back or the collateral drops below the threshold. [--]. The due date of the loan principal or payments is improperly moved to an earlier or later date. [--]. A bug where paying back the principal does not lead to principal reduction" [X Link](https://x.com/chrisdior777/status/1691025580651626499) 2023-08-14T09:54Z [----] followers, [----] engagements "Whenever you audit a code which calls a function from Uniswap V3 Router where deadline is one of the params always check if it is user supplied (correct) or hardcoded to block.timestamp or type(uint256).max (wrong)" [X Link](https://x.com/chrisdior777/status/1692197932559224917) 2023-08-17T15:33Z [----] followers, [----] engagements "How an Arbitrum(layer 2) transaction goes through from a signed transaction to its confirmation on Ethereum(layer1). The Sequencer is a centralized node (run by the Arbitrum team) which submits user's transactions to the Ethereum mainnet. [--]. When users submit a trx on Arbitrum the Sequencer puts them into a sequence of tx's in first-come first-served order which is done off-chain. [--]. Every few minutes the Sequencer takes a batch of sequenced tx's compresses them and then writes that data to the L1. [--]. "Hard" finality is achieved when user's transaction sequenced in a batch is posted and" [X Link](https://x.com/chrisdior777/status/1692473433299259826) 2023-08-18T09:48Z [----] followers, [----] engagements "Compound uses Chainlink as a price feed but it also verifies data via a TWAP oracle from the Uniswap which is a sanity check referred to as the Anchor price" [X Link](https://x.com/chrisdior777/status/1694347026786394270) 2023-08-23T13:53Z [----] followers, [----] engagements "Just found this article which contains links to integration tips for [--] of the top DeFi projects. This should be a must-read for solidity devs as well as for the auditors:" [X Link](https://x.com/chrisdior777/status/1695028718777888952) 2023-08-25T11:01Z [----] followers, [----] engagements "Top [--] Most Common Vulnerabilities In Web3 you should be aware of. By Immunefi: [--]. Improper Input Validation [--]. Incorrect Calculation [--]. Oracle/Price Manipulation [--]. Weak Access Control [--]. Replay Attacks/Signature Malleability [--]. Rounding Error [--]. Reentrancy [--]. Frontrunning π [--]. Uninitialized Proxy [--]. Governance Attacks" [X Link](https://x.com/chrisdior777/status/1697203688928850266) 2023-08-31T11:04Z [----] followers, [----] engagements "Web3 security auditors should know how to communicate properly before and during an audit. Wouldn't it be cool if there is an article that is giving you the perfect training for that Well there isπ₯ Just found this gemπ¨ https://blog.theredguild.org/auditors-what-do-you-ask-developers/ https://blog.theredguild.org/auditors-what-do-you-ask-developers/" [X Link](https://x.com/chrisdior777/status/1699124143545839765) 2023-09-05T18:15Z [----] followers, [----] engagements "Do you guys think that two separate projects can be properly audited simultaneously For instance dedicating half of the day to the first project and the remaining half to the second project. What are your thoughts on this" [X Link](https://x.com/chrisdior777/status/1699354249585430822) 2023-09-06T09:30Z [----] followers, [----] engagements "I remember tweeting about this before but I will tweet it again because I still see this problem in codebases from time to time: Verify that the address called via low-level call/delegatecall/staticcall exists because it will return TRUE if the contract does NOT EXIST.β " [X Link](https://x.com/chrisdior777/status/1700106643051057309) 2023-09-08T11:19Z [----] followers, [----] engagements "1/The most effective way for me to have a successful day is by dividing and allocating specific timeframes for my tasks. Otherwise I find myself juggling various tasks only to realise at the end of the day that I've been inefficient. The successful way FOR ME - an example: π§΅" [X Link](https://x.com/chrisdior777/status/1708798153338581337) 2023-10-02T10:56Z [----] followers, [----] engagements "What is the role of the Incremental Merkle Tree and Zero Knowledge Proof Verification in Tornado Cash. The prevention of frontrunning during withdrawal and much more. Read stuff like that if you want to be among the best in the space. https://www.rareskills.io/post/how-does-tornado-cash-work https://www.rareskills.io/post/how-does-tornado-cash-work" [X Link](https://x.com/chrisdior777/status/1709163887898026448) 2023-10-03T11:10Z [----] followers, [----] engagements "If you want to have a solid knowledge of Solidity and Foundry the number [--] resource in my opinion is Smart Contract Programmer channel in Youtube. This is all you need guys don't overcomplicate your journey with a thousand resources that at the end just confuse you" [X Link](https://x.com/chrisdior777/status/1709873249507586331) 2023-10-05T10:08Z [----] followers, [----] engagements "Pattern matching isn't always enough for finding bugs. Yes maybe for mediocre findings it is but some bugs are found from having a deep understanding of what the protocol is meant to do" [X Link](https://x.com/chrisdior777/status/1710254071335223561) 2023-10-06T11:22Z [----] followers, [----] engagements "delete will reset the length of the array to [--] and delete the elements in it. But as the stuff array grows the gas price for the delete operation on it grows as well. If stuff becomes too long it will become undeletable due to high the gas cost. Thats why its length should be constrained" [X Link](https://x.com/chrisdior777/status/1711380827072876910) 2023-10-09T13:59Z [----] followers, 12.5K engagements "Consider introducing a try/catch block around the latestRoundData() calls. If these calls revert the catch block should contain logic to handle the failure. This could be a fallback mechanism an alternative oracle call or a contingency procedure to pause operations and alert protocol administrators. Explanation in section "ChainLink Price Feeds":" [X Link](https://x.com/chrisdior777/status/1712475444627612153) 2023-10-12T14:28Z [----] followers, [----] engagements "Do you know of any firms that offer Solidity development services along with auditing services for their developers' work Is this something people would prefer to take advantage of or would they rather hire a developer and a separate auditor or firm for the security review" [X Link](https://x.com/chrisdior777/status/1714598950945075355) 2023-10-18T11:07Z [----] followers, [----] engagements "I don't know how some projects launch without even one or only one security review thats crazy Is it a conscious decision or unawareness Every piece of Solidity code must be audited MULTIPLE times. The smartest people in this space know that SECURITY is a TOP priority" [X Link](https://x.com/chrisdior777/status/1714947497464877310) 2023-10-19T10:12Z [----] followers, [----] engagements "Your daily reminder that push0 opcode is still not supported by many chains like Arbitrum and might be problematic for projects compiled with a version of Solidity = 0.8.20 . Pay attention to projects using a Solidity version = 0.8.20 for that issue" [X Link](https://x.com/chrisdior777/status/1715672284805955792) 2023-10-21T10:12Z [----] followers, [----] engagements "Next time you are coding or auditing a DeFi protocol that includes pegged assets ask yourself the following: If tokens that are pegged to any asset (renBTC aBTC stETH etc.) are used in the market how will the protocol behave during the depeg Will it count the price 1:1" [X Link](https://x.com/chrisdior777/status/1718959181389303824) 2023-10-30T11:53Z [----] followers, [----] engagements "How to decompose a bytecode Bear with me here: The bytecode is the compiled code of the smart contract that is stored on the Ethereum blockchain and executed by the network. The first part is the loader code. It is the type of code that would create the smart contract basically the constructor of the smart contract. This part can be present in "Contract creation code" on The second part is the actual runtime code which is stored on the blockchain. This part of the code will be executed each time you are doing a transaction. The last part which is not mandatory is the swarm hash. Basically it" [X Link](https://x.com/chrisdior777/status/1719038614615539917) 2023-10-30T17:08Z [----] followers, [----] engagements "SSTORE2 library allows us to pass data as a contracts bytecode using the CREATE opcode and read the data through EXTCODECOPY. But how π When we want to store data to storage we use SSTORE opcode where the gas required is expensive. If the value of the slot changes from [--] to any non-zero value the cost is: - [-----] if the storage key wasnt accessed - [-----] if it was That means that for every [--] bytes of data we write to storage we pay [-----] gas. Thats expensive Here comes the beauty of the SSTORE2 library. SSTORE2 allows us to pass data as a contracts bytecode using the CREATE opcode and read" [X Link](https://x.com/chrisdior777/status/1719732238210728415) 2023-11-01T15:04Z [----] followers, [----] engagements "Here is possibly the most comprehensive collection of critical issues and exploits from 2022:" [X Link](https://x.com/chrisdior777/status/1720825478871953606) 2023-11-04T15:29Z [----] followers, [----] engagements "What happened with Aave shortly: [--]. Aave received a bug report [--]. The bug was reported as a high vulnerability affecting Aave v2 afterwards raised to a critical. [--]. Aave won't disclose the details surrounding the vulnerability for now. [--]. By disabling stable rate mode borrowing it is not exploitable. [--]. All Aave forks must do that ASAP" [X Link](https://x.com/chrisdior777/status/1721555795341431194) 2023-11-06T15:51Z [----] followers, [----] engagements "@banditx0x Because I know a lot of guys in web3 security since I am in this twitter web3 space for over a year now and a lot of them just stopped posting stopped participating in contests gave up private auditing etc" [X Link](https://x.com/chrisdior777/status/1722035888736149820) 2023-11-07T23:38Z [----] followers, [---] engagements "5 real examples of Flash Loan hacks:" [X Link](https://x.com/chrisdior777/status/1722659661877276802) 2023-11-09T16:57Z [----] followers, [----] engagements "In the forthcoming Cancun hardfork developers will gain access to transient storage (EIP-1153). However minor differences between the semantics of TSTORE and SSTORE will introduce a unexpected reentrancy attack vector: This proposal introduces transient storage opcodes which manipulate state that behaves identically to storage except that transient storage is discarded after every transaction. Transient storage is accessible to smart contracts via [--] new opcodes TLOAD and TSTORE where T stands for transient: EIP-2200 (which is another EIP) causes anSSTOREwith less than [----] gas to fail. Hence" [X Link](https://x.com/chrisdior777/status/1724400746005676312) 2023-11-14T12:15Z [----] followers, [----] engagements "Imagine you have: IERC20(_underlying).permit(from address(this) amount deadline v r s); to approve a contract's withdrawal from the user's address. What will happen if the _underlying is WETH which doesn't have a permit function Is it going to revert WETH contract does have a fallback function that is called when a function is called but not found. WETHs fallback function is deposit() that does nothing material in this case but allows its calling functions execution to continue as it does not fail. This was also one of the causes of Multicoins $ 1M bridge hack:" [X Link](https://x.com/chrisdior777/status/1725443201132069355) 2023-11-17T09:18Z [----] followers, [----] engagements "It's a fundamental concept but the picture simplifies it so effectively that I can't resist sharing. How to know which function is called fallback() or receive() π" [X Link](https://x.com/chrisdior777/status/1725827941341548617) 2023-11-18T10:47Z [----] followers, [----] engagements "All Solidity devs must be aware of the inflation attack which is a widespread problem that targets ERC-4626 tokenized vault standard. Here is the best [--] minutes video explanation of it: Starts at 1:46" [X Link](https://x.com/chrisdior777/status/1726257521965572248) 2023-11-19T15:14Z [----] followers, [----] engagements "@0xfave Not sure myself but I found this: "Looks like flash loans being used with mint and redeem and some sort of rounding/truncation error to drain the pools Each tx starts with a mint and an ETH source coming in from Aave or UniV3 to a single side of the pair. "" [X Link](https://x.com/chrisdior777/status/1727483949549600861) 2023-11-23T00:27Z [----] followers, [----] engagements "I pulled out the [--] Smart Contract Security Best Practices from the book "Mastering Ethereum" for you. Make sure you BOOKMARK RETWEET and follow these GOLDEN principlesβ : Just keep reading. Defensive programming is a style of programming that is particularly well suited to smart contracts. It emphasizes the following all of which are best practices: - Minimalism/simplicity - Code reuse - Code quality - Readability/auditability - Test coverage Now lets take a quick look at each of them: [--]. Minimalism/simplicity Complexity is the enemy of security. The simpler the code and the less it does the" [X Link](https://x.com/chrisdior777/status/1727614952859374024) 2023-11-23T09:07Z [----] followers, [----] engagements "Are there any firms that specialise in a certain niche for audits For example a firm that specializes in DeFi protocols (Lending/Borowing) only. If it is good enough firm would projects prefer something like this instead of a firm that focus on all niches(Staking NFTs etc)" [X Link](https://x.com/chrisdior777/status/1727983394460782672) 2023-11-24T09:32Z [----] followers, [----] engagements "ATTENTIONβ This is a scam Do not click on the link it will prompt you to a fake Kyber website where you will be required to connect your web3 wallet. Notice the @username of the fake Twitter account: KybcrNetwork This is the only real account of Kyber Network: They are also reminding not to respond to any DMs related to them and not to click on any links besides their official website Stay safe π http://kyberswap.com http://kyberswap.com" [X Link](https://x.com/chrisdior777/status/1728049893225140392) 2023-11-24T13:56Z [----] followers, [----] engagements "To all web3 projects: Stop thinking [--] security review of your smart contracts is enough. Even if it is from a top-notch company. Projects are getting 10+ audits and still getting hacked. The best thing you can do is keep doing audits regularly with firms + solo auditors" [X Link](https://x.com/chrisdior777/status/1729108306780987521) 2023-11-27T12:02Z [----] followers, [----] engagements "@Polyzoa_xyz I believe that a project should be regularly getting audits + to have a bug bounty. People should understand that security is KEY" [X Link](https://x.com/chrisdior777/status/1729431372534546704) 2023-11-28T09:25Z [----] followers, [--] engagements "Yesterday an issue with Chainlink's wstETH/ETH price feed on Arbitrum led to the liquidation of [--] positions on @SiloFinance. Luckily Silos liquidator caught the liquidation before other liquidators and received the liquidation penalty. The penalty will be refunded to the impacted users. I hear a lot of people talking that the Pyth Network oracle is way better than Chainlink what do you think π€" [X Link](https://x.com/chrisdior777/status/1731267736511111196) 2023-12-03T11:02Z [----] followers, [----] engagements "Interesting statistic about TOP [--] chains by TVL: [--]. Ethereum chain has currently [---] Protocols and $28b TVL [--]. Tron - [--] protocols only but almost $8b TVL [--]. BSC - [---] protocols and $3b TVL [--]. Arbitrum - [---] protocols and $2b TVL [--]. Polygon - [---] protocols $854m TVL" [X Link](https://x.com/chrisdior777/status/1732011701283738090) 2023-12-05T12:19Z [----] followers, [----] engagements "Some interesting facts: - Tron chain is 2nd by TVL with almost $8b - Lido's fees for the past [--] months amount to $570m - ETH reached a new high since May [----] - UniswapV2 is the most forked project - Chainlink oracle is used by [---] protocols" [X Link](https://x.com/chrisdior777/status/1732344276611145928) 2023-12-06T10:20Z [----] followers, [----] engagements "Tip for Borrow/Lending protocols: In liquidating shorts low collateral might reduce liquidator returns. Adding a minCollateralAmount param in liquidate() and then checking if the returned collateral is minCollateralAmount otherwise revert. This will ensure fair payouts" [X Link](https://x.com/chrisdior777/status/1733466020709388393) 2023-12-09T12:38Z [----] followers, [----] engagements "How are liquidations on Compound really happening. I saved this article long time ago when I was trying to find out how liquidations work exactly. I believe it will be out of great help to you guys. Start reading from "Compound Liquidation":" [X Link](https://x.com/chrisdior777/status/1733786565808160962) 2023-12-10T09:51Z [----] followers, [----] engagements "3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals Have a productive Sundayβ " [X Link](https://x.com/chrisdior777/status/1736330541727625726) 2023-12-17T10:20Z [----] followers, [----] engagements "Verify hardcoded external contract addresses for the chains where the contracts are deployed Take WETH as an example. Its address on Ethereum is: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 but 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon" [X Link](https://x.com/chrisdior777/status/1737844603251040703) 2023-12-21T14:36Z [----] followers, [----] engagements "List of the property tests with a focus more on functions that transfer funds or doing major state updates for the top four forked protocols: - Uniswap v2 - Olympus DAO - Compound v2 - Tomb Finance https://github.com/0xNazgul/fuzzydefi/blob/main/PROPERTIES.md#L https://github.com/0xNazgul/fuzzydefi/blob/main/PROPERTIES.md#L" [X Link](https://x.com/chrisdior777/status/1739720451989930272) 2023-12-26T18:50Z [----] followers, [----] engagements "Seems like there aren't many bug bounty platforms specifically for Web3. The ones I know and are legit: Immunefi - total paid $85000000+ Hackenproof - total paid $7358983 Hats Finance - total paid $400000+ Any other significant related platforms that I might have missed" [X Link](https://x.com/chrisdior777/status/1740346363504976056) 2023-12-28T12:18Z [----] followers, [----] engagements ""If the users of Ethereum are constantly recurring to the same centralized entity for a service that most people use we are walking on a path that compromises decentralization" Interesting PoV of how does Etherscan's dominance put the Ethereum community at risk. π "The biggest risk associated with Etherscan today is that the source code is closed and therefore not reproducible by other users which removes the availability resilience by redundancy of servers factor that we have in Ethereum and introduces security by obscurity controlled by a single entity."" [X Link](https://x.com/chrisdior777/status/1743331326508322909) 2024-01-05T17:59Z [----] followers, [----] engagements "The intuitive way to track lender deposits is to record the amount of USDC they deposited and the time they deposited. Compound V3 does not do this. Instead tracks the hypothetical gain of one dollar lent since the beginning of time. Super interesting:" [X Link](https://x.com/chrisdior777/status/1743909854018712011) 2024-01-07T08:18Z [----] followers, [----] engagements "Never took a look at the Decentralized Insurance category before but we definitely have a leader for these services and that is Nexus Mutual. Check out the TVL difference between them and the rest in the top 5:" [X Link](https://x.com/chrisdior777/status/1744706477783196010) 2024-01-09T13:03Z [----] followers, [----] engagements "Optimism no longer supports Goerli testnet. Sepolia is the sustainable path forward encouraging all apps and developers to migrate to OP Sepolia for any testing and development needs. Network Info for OP Sepolia:" [X Link](https://x.com/chrisdior777/status/1744734018321760397) 2024-01-09T14:53Z [----] followers, [----] engagements "Quick Solidity tip: Never hardcode opcodes gas cost in smart contracts as this could be wrong if there are changes to the gas cost in future EVM forks (which has happened before). Check out a reported issue of this kind here:" [X Link](https://x.com/chrisdior777/status/1745392859665068050) 2024-01-11T10:31Z [----] followers, [----] engagements "OMG RareSkills just dropped a free online book about Compound V3π It is a line-by-line examination of the protocol's code. I am personally very excited to start reading this ASAP. Thank you giving so much value for free guys @RareSkills_io π" [X Link](https://x.com/chrisdior777/status/1745411527409098939) 2024-01-11T11:45Z [----] followers, [----] engagements "I believe the demand for security audits for other languages such as Rust and Cairo will pick up nicely in [----]. Do you think there will be enough auditors supply for these languages" [X Link](https://x.com/chrisdior777/status/1746510222087360817) 2024-01-14T12:31Z [----] followers, [----] engagements "RetroPGF which is Optimism's mechanism to support the creation of a truly free and decentralized internet that provides value to the people has distributed a total of around [---] million in Optimism tokens which is $14.5 million to the Top [--] projects. Web3 money is unreal" [X Link](https://x.com/chrisdior777/status/1746844424288477208) 2024-01-15T10:39Z [----] followers, [----] engagements "Yesterday I read an old tweet from @tinchoabbate about some tips & tricks that'll make auditors love you if you are a web3 project seeking an audit. Here are some of my favourite ones: [--]. You cannot imagine the countless hours you save an auditor by just stating what you intend to do with that crazy obscure low-level assembly math thing that just multiplies two numbers. So add comments. [--]. Test Countless critical vulns can be saved with simple unit tests. Also tests let us understand intended behavior. A trick some auditors use: if a public function is not being called in the tests that's" [X Link](https://x.com/chrisdior777/status/1747937377417343118) 2024-01-18T11:02Z [----] followers, [----] engagements "How an Arbitrum(layer 2) transaction goes through from a signed transaction to its confirmation on Ethereum(layer1). The Sequencer is a centralized node (run by the Arbitrum team) which submits user's transactions to the Ethereum mainnet. [--]. When users submit a trx on Arbitrum the Sequencer puts them into a sequence of tx's in first-come first-served order which is done off-chain. [--]. Every few minutes the Sequencer takes a batch of sequenced tx's compresses them and then writes that data to the L1. [--]. "Hard" finality is achieved when user's transaction sequenced in a batch is posted and" [X Link](https://x.com/chrisdior777/status/1748011141752570169) 2024-01-18T15:55Z [----] followers, [----] engagements "This is pure gold π₯ If you're not entirely confident in your understanding of common liquidation function issues it's a must-watch. Given their integral role in every DeFi protocol gaining insight into these issues is essential knowledge" [X Link](https://x.com/chrisdior777/status/1748259250093060178) 2024-01-19T08:21Z [----] followers, [----] engagements "Sometimes we don't understand fully what a function does exactly. Here are some steps which help ME clear things out: - start by skimming through the function to get a general idea - read the natspec of it (params return value etc.) (if any) - start examining the function character by character - don't go to the next line if you don't understand the one you are reading now - check with attention any external calls or state changing operations - try to think of what can go wrong spend time actually thinking various scenarios - if you don't understand the function 100% contact the client for" [X Link](https://x.com/chrisdior777/status/1748681727852126298) 2024-01-20T12:19Z [----] followers, [----] engagements "Check out our website for more info about our offers past reports and about us as a team:" [X Link](https://x.com/chrisdior777/status/1748682352736219558) 2024-01-20T12:22Z [----] followers, [---] engagements "Did you know that in March [----] $624M vanished from Ronin Network unnoticed for six days. $624M loss Despite a multisig system a social-engineer attacker gained key control executing withdrawERC() from the bridge. Here is the tipπ Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it" [X Link](https://x.com/chrisdior777/status/1749057300847800634) 2024-01-21T13:12Z [----] followers, [----] engagements "If you want to become really adequate in Smart Contract Security: [--]. The staking algorithm of Sushiswap MasterChef: [--]. In-depth explanation of the codebase of Uniswap V2 [--]. Compound V2 https://www.rareskills.io/compound-v3-book https://www.rareskills.io/uniswap-v2-book https://www.rareskills.io/post/staking-algorithm https://www.rareskills.io/compound-v3-book https://www.rareskills.io/uniswap-v2-book https://www.rareskills.io/post/staking-algorithm" [X Link](https://x.com/anyuser/status/1749739946955432105) 2024-01-23T10:24Z 10.7K followers, [----] engagements "Some Merkle trees have a security vulnerability. It is explained in this comment in MerkleProof.sol by OZ. One of the ways to have secure Merkle trees is to double-hash their leaves. Read more here:" [X Link](https://x.com/chrisdior777/status/1749776242809655669) 2024-01-23T12:49Z [----] followers, [----] engagements "Become an absolute Web3 Security beast in [----] Resources: [--]. YouTube - Owen Thurm & Patrick Collins channels [--]. Past audit reports - [--]. Past hacks - [--]. DeFi bible - [--]. Books - http://rareskills.io https://github.com/OffcierCia/ultimate-defi-research-base https://github.com/coinspect/learn-evm-attacks http://Solodit.xyz http://rareskills.io https://github.com/OffcierCia/ultimate-defi-research-base https://github.com/coinspect/learn-evm-attacks http://Solodit.xyz" [X Link](https://x.com/anyuser/status/1750165271522771263) 2024-01-24T14:34Z 10.7K followers, 24.5K engagements "Always check the access control of the functions when you are auditing a smart contract especially the important setter functions. One mistake such as leaving setOracle function open for everybody to call can be the cause of millions of $ lost:" [X Link](https://x.com/chrisdior777/status/1750858238071816682) 2024-01-26T12:28Z [----] followers, [----] engagements "Quick gas optimization tips: - Storing small numbers in uint8 is not cheaper than uint256 due to padding. - If bytes length is limited prefer bytes1 to bytes32 for lower gas usage. - Use immutable for variables set only in the constructor to save 2.1k gas per instance" [X Link](https://x.com/chrisdior777/status/1751276470796771401) 2024-01-27T16:10Z [----] followers, [----] engagements "Most auditors know these simple gas optimizations but if you are a developer who wants to save some gas next time you are writing a smart contract please check this out: https://github.com/Malinariy/Solidity-gas-optimizations-tips https://github.com/Malinariy/Solidity-gas-optimizations-tips" [X Link](https://x.com/anyuser/status/1751553453506363896) 2024-01-28T10:31Z 10.7K followers, [----] engagements "Just a reminder for all beginner Solidity devs: The result of the function won't be [--] as some of you might think. minDeposit = [--------------------] (wei) hence the result of calculate() will be [--------------------]. This can be tricky in some scenarios" [X Link](https://x.com/chrisdior777/status/1751912569869308232) 2024-01-29T10:18Z [----] followers, [----] engagements "Make sure you are familiar with all the observations and tips about protocols deployed on multiple chains. This repo is a must whether you are a Solidity dev or a Solidity auditor. Helped me a lot during my auditing process with such protocols:" [X Link](https://x.com/chrisdior777/status/1752278415023935974) 2024-01-30T10:31Z [----] followers, [----] engagements "Was reading an old report by Spearbit and wanted to share this with you guys: In a require check see if one of the components is user controlled param which can bypass the check. This can lead to a High vulnerability. Finding 5.2.6:" [X Link](https://x.com/chrisdior777/status/1752355285203591483) 2024-01-30T15:37Z [----] followers, [----] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487399404261772) 2024-01-31T00:22Z [----] followers, [---] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487454626415098) 2024-01-31T00:22Z [----] followers, [---] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487512130433240) 2024-01-31T00:22Z [----] followers, [---] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487598876954671) 2024-01-31T00:22Z [----] followers, [---] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487640195125291) 2024-01-31T00:23Z [----] followers, [---] engagements "DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices" [X Link](https://x.com/chrisdior777/status/1752487697430499533) 2024-01-31T00:23Z [----] followers, [---] engagements "When using Oracle price feeds remember that different feeds can have different decimal precisions. Don't assume all feeds share the same precision. Non-ETH pairs usually have [--] decimals while ETH pairs have [--] decimals" [X Link](https://x.com/chrisdior777/status/1754092226857034030) 2024-02-04T10:39Z [----] followers, [----] engagements "If you are good at providing value in this space and your clients are satisfied enough its almost certain that they will refer you to someone. That way you will never be out of clients. Strive to provide an amazing experience for the client walk the extra mile.β " [X Link](https://x.com/chrisdior777/status/1754146800427016266) 2024-02-04T14:16Z [----] followers, [----] engagements ""The average score is 30-35% for professional Solidity developers so its quite challenging." Have you tried it already" [X Link](https://x.com/chrisdior777/status/1754813182689083427) 2024-02-06T10:24Z [----] followers, [----] engagements "3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals" [X Link](https://x.com/chrisdior777/status/1755960695072399515) 2024-02-09T14:23Z [----] followers, [----] engagements "How to progress in smart contract security in [--] steps: - Read past audit reports and learn each finding's attack vector - Watch all videos by Owen Thurm in YT - Practice finding bugs DAILY (competitions) - Study the most important protocols in the space (Compound Uniswap etc)" [X Link](https://x.com/chrisdior777/status/1759885102694412650) 2024-02-20T10:18Z [----] followers, [----] engagements "MUST be known: 90% of the smart contracts that we have audited which integrate UniswapV2Router02.sol make this mistake which allows 100% slippage during swaps. Most auditors know it but if you are someone who is planning to deploy such contract please know that: The swap functions in the above mentioned Uniswap contract have amountOutMin param. What is this param - "The minimum amount of output tokens that must be received for the transaction not to revert". Now the mistake that most of the devs are doing is that they are hardcoding this param as [--] when they implement some of the swap" [X Link](https://x.com/anyuser/status/1760674873637298283) 2024-02-22T14:36Z 10.7K followers, 15K engagements "We now have the Solidity Cheatsheet β Good job ser @Smacaud1" [X Link](https://x.com/chrisdior777/status/1762414519706591315) 2024-02-27T09:49Z [----] followers, [----] engagements "It's not everyday you enter into a collaboration with one of the largest blockchain ecosystems in the industry. Excited to announce our collaboration with @0xPolygon as an official security provider and Mentor for the Polygon Village Program. @CDSecurity_" [X Link](https://x.com/chrisdior777/status/1762433293490831599) 2024-02-27T11:03Z [----] followers, [----] engagements "@HanabiPlug Check in their website for more info ser" [X Link](https://x.com/chrisdior777/status/1762841909175754817) 2024-02-28T14:07Z [----] followers, [--] engagements "The demand for web3 security audits is getting crazier than ever and you can feel it. Most of my auditor friends are overbooked. Contest platforms are also blowing up. This is overwhelming. Let's put forth our best efforts and be a great help to the projects β " [X Link](https://x.com/chrisdior777/status/1763967728526778440) 2024-03-02T16:40Z [----] followers, [----] engagements "Check out this DeFi developer roadmap. Really interesting materials in this repo:" [X Link](https://x.com/chrisdior777/status/1766869319932125360) 2024-03-10T16:50Z [----] followers, [----] engagements "ALWAYS CHECK: If functions that allow users to withdraw their deposited or earned funds from a protocol have whenNotPaused modifier. If there is a malicious/compromised owner and the modifier is in place users may have their money stuck without a way to withdraw" [X Link](https://x.com/chrisdior777/status/1768612289941237919) 2024-03-15T12:16Z [----] followers, [----] engagements "@shards_king @ddimitrovv22 @CDSecurity_ Thank you broππ»π€" [X Link](https://x.com/chrisdior777/status/1770409259575980049) 2024-03-20T11:17Z [----] followers, [--] engagements "yAcademy created a repo of common DeFi forked protocol bugs. The most common ones seem to be the reentrancy and the flashloan attack. Check them out :" [X Link](https://x.com/chrisdior777/status/1770438654495789198) 2024-03-20T13:14Z [----] followers, [----] engagements "If you don't understand the inflation attack which is a widespread problem that targets ERC-4626 tokenized vault standard this will help you. Here is the best [--] minutes video explanation of it: Starts at 1:46" [X Link](https://x.com/chrisdior777/status/1771984377930526741) 2024-03-24T19:36Z [----] followers, [----] engagements "@lmc_security @DefiLlama God sent me to help you today serππ€" [X Link](https://x.com/chrisdior777/status/1772267543551484206) 2024-03-25T14:21Z [----] followers, [---] engagements "@aave 's developers are certainly in good hands π€ The BGD Phase [--] proposal was executed earlier today. This proposal covers two scopes over a 6-month contract period: - [---] mil in stablecoins and 5k AAVE - [---] mil in stablecoins and 7.5k AAVE https://vote.onaave.com/proposal/proposalId=59 https://vote.onaave.com/proposal/proposalId=59" [X Link](https://x.com/chrisdior777/status/1774762408235417845) 2024-04-01T11:35Z [----] followers, [---] engagements "Things I know now that I wish I had known when I started auditing smart contracts: - Believe more in yourself - Stay consistently up-to-date with the space - Analyze the experts in the field - There are no shortcuts to knowledge - Don't stop trying - Put in more hours β " [X Link](https://x.com/chrisdior777/status/1776920353224171981) 2024-04-07T10:30Z [----] followers, [----] engagements "Sometimes we don't understand fully what a function does exactly. Here are some steps which help ME clear things out: - start by skimming through the function to get a general idea - read the natspec of it (params return value etc.) (if any) - start examining the function character by character - don't go to the next line if you don't understand the one you are reading now - check with attention any external calls or state changing operations - try to think of what can go wrong spend time actually thinking various scenarios - if you don't understand the function 100% contact the client for" [X Link](https://x.com/chrisdior777/status/1779103339147338075) 2024-04-13T11:04Z [----] followers, [----] engagements "There are only [--] active Web3 security contests on all of the platforms currently. Maybe the demand for security contests is currently low Maybe it is better because there is enough good auditors to cover all of the contests as opposed to 25+ active contests. Your take" [X Link](https://x.com/chrisdior777/status/1780527621396439538) 2024-04-17T09:24Z [----] followers, [----] engagements "BOOKMARK this it might be useful to you sometime in the future So if you come across a scam domain what should you do You need to report it correctly I have collected all available options for you in this post. Please share this post with your friends EASY LEVEL: Alternatively for MM: [--] LEVEL: Try using: Also combined with multiple reports (abuse letters) to ICANN website report to google search console moderation report to and similar resources. Stay safe http://phishtank.org http://doppel.com http://bolster.ai/automated-website-takedown http://github.com/MetaMask/eth-phishing-detect" [X Link](https://x.com/chrisdior777/status/1780944891956052362) 2024-04-18T13:02Z [----] followers, [----] engagements "Check hardcoded contract addresses in smart contracts Projects may deploy contracts to different addresses on various chains. For instance WETH: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 on Ethereum & 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon" [X Link](https://x.com/chrisdior777/status/1781268502797598844) 2024-04-19T10:28Z [----] followers, [----] engagements "π§Perhaps you've heard about the new hot topic in the crypto space right now: Runes. I've read several articles to understand exactly what they are. Here's a brief overview to introduce you to Runes:π Runes are fungible tokens native to Bitcoin based on the Runes protocol. [--]. What is the Runes protocol for Bitcoin The Runes protocol is a mechanism for creating minting and transferring fungible tokens directly on Bitcoin. It seeks to be more efficient than the BRC-20 token standard by providing correct UTXO management and lowering the on-chain footprint. In the runes protocol messages are" [X Link](https://x.com/chrisdior777/status/1782788120775200805) 2024-04-23T15:06Z [----] followers, [----] engagements "A short summary of the current DeFi market state: Total Value Locked - $95.413 billion. Top [--] protocols by TVL: [--]. Lido - $30.515b [--]. EigenLayer - $15.635b [--]. AAVE - $10.976b Top [--] chains by TVL: [--]. Ethereum - $55b [--]. Tron - $8.6b [--]. BSC - $6.5b" [X Link](https://x.com/chrisdior777/status/1783151315348079064) 2024-04-24T15:09Z [----] followers, [----] engagements "Did you know that in March [----] $624M vanished from Ronin Network unnoticed for six days $624M loss Despite a multisig system a social-engineer attacker gained key control executing withdrawERC() from the bridge. Here is the tipπ Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it" [X Link](https://x.com/chrisdior777/status/1786819367126114505) 2024-05-04T18:05Z [----] followers, [----] engagements "Roles in smart contract projects are pivotal. β Here are couple of questions that you should definitely ask the project's team as well as verify that info yourself if possible:" [X Link](https://x.com/chrisdior777/status/1788166735641600439) 2024-05-08T11:19Z [----] followers, [----] engagements "Vitalik recently introduced EIP-7702 - a potentially groundbreaking change for Ethereum. To grasp its significance it's essential to understand its predecessors: [--]. EIP-4337 [--]. EIP-3074 [--]. EIP-5003 [--]. EIP-4337: EOAs on Ethereum lack security and features. Account abstraction allows you to use a smart contract as your account to add more features & safety to address this. However most users still use EOAs due to conversion challenges and lack of native support for smart contract accounts in web3 apps like MetaMask. [--]. EIP-3074 predates EIP-4337 However it has not been merged into mainnet. It" [X Link](https://x.com/chrisdior777/status/1788884155209535852) 2024-05-10T10:49Z [----] followers, [----] engagements "A quick reminder: When auditing a lending platform or a Collateralized Debt Position system keep in mind that a common attack vector during liquidations is the borrower's ability to force liquidations to revert. β " [X Link](https://x.com/chrisdior777/status/1791905169296281653) 2024-05-18T18:54Z [----] followers, [----] engagements "Verify hardcoded external contract addresses for the chains where the contracts are deployed Take WETH as an example. Its address on Ethereum is: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 but 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon. β " [X Link](https://x.com/chrisdior777/status/1792196104148414778) 2024-05-19T14:10Z [----] followers, [----] engagements "3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals β " [X Link](https://x.com/chrisdior777/status/1793335019160637664) 2024-05-22T17:36Z [----] followers, [---] engagements "Tip for new Solidity devs: Do not try to develop smart contracts like ERC-20 yourself. Instead use open source libraries that provide ready-made and battle-tested smart contracts. It is likely that when you develop something from the scratch you are going to make a mistake" [X Link](https://x.com/chrisdior777/status/1793660225049755796) 2024-05-23T15:08Z [----] followers, [----] engagements "Finished watching a video called "What is security in Web3" and found it to be incredibly well-structured and valuable. Here is a summary of the key points aimed at helping Web3 projects understand their security options and how to maximize their security strategy:" [X Link](https://x.com/chrisdior777/status/1795491909496185093) 2024-05-28T16:26Z [----] followers, [----] engagements "If you want to know how a whitehat reported [--] bugs in January and made $290497 check out this article. The root cause of the vulnerability are two rounding errors in separate assets impacting each. Proper floating-point handling is crucial. https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65 https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65" [X Link](https://x.com/chrisdior777/status/1796194538765099143) 2024-05-30T14:58Z [----] followers, [----] engagements "In case you have missed it here is a very interesting review of Euler V2 which dives into their core algorithms and important pieces of code. Including: Higher-level design Core Vaults Oracles Risk management and Additional implementation details: https://mixbytes.io/blog/modern-defi-lending-protocols-how-its-made-euler-v2#rec751452047 https://mixbytes.io/blog/modern-defi-lending-protocols-how-its-made-euler-v2#rec751452047" [X Link](https://x.com/chrisdior777/status/1798058466717929955) 2024-06-04T18:25Z [----] followers, [----] engagements "@NeoGranicen @euler_mab" [X Link](https://x.com/chrisdior777/status/1798286277424636198) 2024-06-05T09:30Z [----] followers, [--] engagements "@euler_mab @NeoGranicen @NeoGranicen Take a look here Thanks Michael π«‘" [X Link](https://x.com/chrisdior777/status/1798287219746378094) 2024-06-05T09:34Z [----] followers, [--] engagements "Pretty good set of tasks which are part of a Junior Solidity smart contracts security educational initiative. If you are a Junior Solidity dev/auditor this is the perfect exercise to test your skillsπ«‘ https://github.com/pessimistic-io/internship-tasks https://github.com/pessimistic-io/internship-tasks" [X Link](https://x.com/chrisdior777/status/1798683079059673160) 2024-06-06T11:47Z [----] followers, [----] engagements "Here is a nice analysis of two findings from an audit for crvUSD an over-collateralized stablecoin by Curve. [--]. Arbitrary Call [--]. Donation Attack https://mixbytes.io/blog/recap-of-the-crvusd-audit-findings https://mixbytes.io/blog/recap-of-the-crvusd-audit-findings" [X Link](https://x.com/chrisdior777/status/1799531582920839452) 2024-06-08T19:58Z [----] followers, [----] engagements "Mitchell Amador from Immunefi provides an excellent analysis of top whitehat hackers in Web3 and how to become one. Ive summarized the [--] steps he outlined in the screenshot below. Bookmark this for reference if you aspire to be one of the best" [X Link](https://x.com/chrisdior777/status/1801192840510296359) 2024-06-13T10:00Z [----] followers, [----] engagements "After [---] years in my Web3 security journey and trying to provide value to the space I have finally reached [----] followers. Want to thank all my followers for the support I really do it for you guys. It brings me joy when I am able to bring value to as much guys as possibleπ" [X Link](https://x.com/chrisdior777/status/1801584722063081970) 2024-06-14T11:57Z [----] followers, [----] engagements "If you want to be a good Solidity developer and auditor you must have a deep knowledge of the programming language and the Ethereum technology. Here are [---] questions divided into [--] levels: Easy Medium Hard and Advanced. Test yourself β https://www.rareskills.io/post/solidity-interview-questions https://www.rareskills.io/post/solidity-interview-questions" [X Link](https://x.com/anyuser/status/1802266425106833515) 2024-06-16T09:06Z 10.7K followers, 22.5K engagements "10 days ago Uwulend (a fork of AAVE V2 with changed oracle fallback logic) was hacked for $19.4M. The attacker exploited a price discrepancy in the oracles to manipulate rates. Uwulend paused the protocol an hour later but another $3.7M was stolen after it was unpaused. π" [X Link](https://x.com/chrisdior777/status/1803755239700336780) 2024-06-20T11:42Z [----] followers, [----] engagements "Short high-level explanation of LayerZero π layerzero: explain like i'm five https://t.co/wYN6Nlr72r layerzero: explain like i'm five https://t.co/wYN6Nlr72r" [X Link](https://x.com/chrisdior777/status/1809360680476373384) 2024-07-05T22:56Z [----] followers, [----] engagements "If you are curious about the requirements to work as a Senior Smart Contract Engineer at @Uniswap :" [X Link](https://x.com/anyuser/status/1815678026081849784) 2024-07-23T09:19Z 10.7K followers, 14.9K engagements "@Uniswap https://boards.greenhouse.io/uniswaplabs/jobs/4003103005 https://boards.greenhouse.io/uniswaplabs/jobs/4003103005" [X Link](https://x.com/chrisdior777/status/1815680471457517695) 2024-07-23T09:28Z [----] followers, [----] engagements "@k77eth @Uniswap Yeah but I don't really know if it is enough for living kind of luxury in New York guess not.π" [X Link](https://x.com/chrisdior777/status/1815691964035067976) 2024-07-23T10:14Z [----] followers, [---] engagements "Protocol DEVS should choose the auditing company for the smart contracts they have written not the FOUNDERS. Founders can set the budget but developers should decide who will review their code and tell them what is right or wrong. Doesn't that make sense β " [X Link](https://x.com/chrisdior777/status/1816065554949537957) 2024-07-24T10:59Z [----] followers, [----] engagements "@AragonProject is looking for Senior Smart Contract Dev. If you think you are suitable or know someone that will be interested here is a link: https://jobs.lever.co/aragon/fba68080-9e98-49d7-8ed7-ac05d047d4b0 https://jobs.lever.co/aragon/fba68080-9e98-49d7-8ed7-ac05d047d4b0" [X Link](https://x.com/chrisdior777/status/1817857925378912688) 2024-07-29T09:41Z [----] followers, [--] engagements "Top protocols on Ethereum right now by categories: Liquid Staking - @LidoFinance Restaking - @eigenlayer Lending - @aave V3 Collateralized Debt Position (CDP) - @MakerDAO" [X Link](https://x.com/chrisdior777/status/1818977361066352842) 2024-08-01T11:49Z [----] followers, [----] engagements "Just a quick reminder Popular ways to generate randomness in Solidity: - Using blockhash β - Using block.timestamp β - Using Chainlink VRF β Learn why for each case and how to implement Chainlink VRF: https://medium.com/rektify-ai/bad-randomness-in-solidity-8b0e4a393858 https://medium.com/rektify-ai/bad-randomness-in-solidity-8b0e4a393858" [X Link](https://x.com/chrisdior777/status/1819358991748829397) 2024-08-02T13:06Z [----] followers, [----] engagements "In a crypto market crash those who keep building improving and trusting without backing down are the ones who will succeed in the long term. They're here to stay. The rest Well they might just end up back at McDonald's. π" [X Link](https://x.com/chrisdior777/status/1820468520045654034) 2024-08-05T14:34Z [----] followers, [---] engagements "This month's Ethereum community events. IMO a great opportunity to connect with likeminded people as well as learn something new. Who is going" [X Link](https://x.com/chrisdior777/status/1820480632050380849) 2024-08-05T15:23Z [----] followers, [---] engagements "As a Solidity developer you should never let such dumb bugs slip through. Here anyone can arbitrarily burn NFTs. I have seen similar access control findings a lot of times. Sometimes serious bugs are that simple" [X Link](https://x.com/chrisdior777/status/1820506085607756208) 2024-08-05T17:04Z [----] followers, [----] engagements "Here are [--] simple tips that will help you master Solidity: 1/ Understanding Blockchain Basics Make sure you understand the basics of Ethereum: blocks transactions gas fees and blockchain limits. This knowledge will help you write better Solidity code and avoid mistakes. π" [X Link](https://x.com/chrisdior777/status/1820816408206250288) 2024-08-06T13:37Z [----] followers, [----] engagements "Workflow of Solidity Compiler. Simply explained. The main process (blue) converts Solidity code into EVM bytecode and generates an ABI for interaction. The Yul process (green) compiles intermediate code for different backends activated by specific flags. The formal verification process (red) uses model checkers for security also activated by flags. All these processes are bug-prone" [X Link](https://x.com/chrisdior777/status/1821175320441188381) 2024-08-07T13:23Z [----] followers, [----] engagements "I created this diagram to explain how Web3 startups are funded. Heres a simple explanation: Limited Partners (LPs) provide capital to VC firms which then decide how to invest in startups seeking funding. When an exit occurs both VCs and LPs receive their ROI.β" [X Link](https://x.com/chrisdior777/status/1821488523566064044) 2024-08-08T10:08Z [----] followers, [----] engagements "IMO Solidity devs should upgrade their security knowledge daily (at least common bugs patterns access control mechanisms etc.). Be curious about security. Don't be like: "Meh the auditors will fix that if it's not okay." Try to actually write secure code" [X Link](https://x.com/chrisdior777/status/1821531579304599964) 2024-08-08T12:59Z [----] followers, [----] engagements "The best way to advance in Smart Contract Auditing/Development (and most jobs) is to have a mentor. This was a game changer for me. We would audit in parallel and afterward he would show me where I made mistakes what I missed and how to improve. Find a mentor. β " [X Link](https://x.com/anyuser/status/1821851917623955839) 2024-08-09T10:12Z 10.7K followers, [----] engagements "Something interesting that I didn't know till today: @CoinMarketCap began as a side project by a single engineer who was working full-time at a software company without any traditional venture funding. Today [--] of the biggest advertising-driven biz in the crypto industry" [X Link](https://x.com/chrisdior777/status/1822258345983475966) 2024-08-10T13:07Z [----] followers, [---] engagements "If youre unaware theres a solid security audit checklist for Account Abstraction Wallets based on EIP4337. Devs are highly encouraged to consider it carefully during development: https://slowmist.medium.com/slowmist-security-audit-checklist-for-account-abstraction-wallets-ed48fc10cdbc https://slowmist.medium.com/slowmist-security-audit-checklist-for-account-abstraction-wallets-ed48fc10cdbc" [X Link](https://x.com/chrisdior777/status/1822995934457839862) 2024-08-12T13:57Z [----] followers, [----] engagements "Thats called SERIOUS SECURITY APPROACH. These guys know what they are doing. I wish more projects take security this seriously. Good job @eulerfinance π Securing Euler. Today we're sharing our multi-layer security approach developed and implemented over the past year. In this 𧡠you'll find some of the highlights. https://t.co/ogSpIwH2f9 Securing Euler. Today we're sharing our multi-layer security approach developed and implemented over the past year. In this 𧡠you'll find some of the highlights. https://t.co/ogSpIwH2f9" [X Link](https://x.com/chrisdior777/status/1823085428666470699) 2024-08-12T19:53Z [----] followers, [---] engagements "The usual Web3 funding rounds - explained: [--]. Pre-Seed: Used for research product development and team building. [--]. Seed: Focuses on developing core tech like blockchain or tokens. [--]. Series A/B/C+: For scaling user growth and revenue generation" [X Link](https://x.com/chrisdior777/status/1823286621661438320) 2024-08-13T09:13Z [----] followers, [----] engagements "What is CHAIN ABSTRACTION It makes blockchain easier to use by hiding the complicated parts of different networks. This lets people use DApps and manage digital assets without needing to understand the technical detailsjust like using the internet without knowing TCP/IP" [X Link](https://x.com/chrisdior777/status/1823319256877928860) 2024-08-13T11:22Z [----] followers, [----] engagements "@n00buntu Thats written from some CEO who wants to pay less to his employees π€£ Try engaging the top auditors with little money and see if they agree π" [X Link](https://x.com/chrisdior777/status/1823778749340418374) 2024-08-14T17:48Z [----] followers, [--] engagements "DeFi systems face unique risks: Smart Contracts may have bugs Blockchains have platform-specific risks Front-end interfaces are vulnerable Oracles introduce external data risks and Bridges can hold or transfer very significant value making them attractive targets" [X Link](https://x.com/chrisdior777/status/1824038743583383802) 2024-08-15T11:01Z [----] followers, [----] engagements "Do you have a good intuition about on-chain fees I was surprised. Here is data for the past [--] days: * Ethereum makes 2x the fees of SOL * Jito makes almost as much as SOL itself * Aave makes less than half the fees of Uniswap * TRON is top dog on fees" [X Link](https://x.com/chrisdior777/status/1824102537860911569) 2024-08-15T15:15Z [----] followers, [----] engagements "Basically Game Theory in tokenomics uses incentives to boost token demand. For example Curve rewards users with higher ROI and lower fees the longer they lock CRV tokens up to [--] years. This encourages holding and reduces the incentive to sell boosting token value. β " [X Link](https://x.com/chrisdior777/status/1824788517773332837) 2024-08-17T12:41Z [----] followers, [----] engagements "If you have ever wondered. This is how a typical Web3 VC Structure looks like. * Small to Mid-Sized Crypto VC Firms: 10-30 employees * Large Crypto VC Firms: 30-100+ employees For example @paradigm has 50+ employees so its definitely a large Crypto VC" [X Link](https://x.com/chrisdior777/status/1825112401911427130) 2024-08-18T10:08Z [----] followers, [----] engagements "Profits from fees can be crazzzy sometimes. Here is an example: Metaplex the main Solana app for minting NFTs has made $12.7 million in from fees" [X Link](https://x.com/chrisdior777/status/1825148137654391285) 2024-08-18T12:30Z [----] followers, [---] engagements "As most of you know Uniswap V4 is expected to launch soon. Cantina is currently hosting a security competition for V4 core contracts periphery contracts and the Universal Router. Lets break down the key features of V4 in [--] simple subtweetsπ" [X Link](https://x.com/chrisdior777/status/1825489415340179660) 2024-08-19T11:06Z [----] followers, [----] engagements "1/ Customizability with Hooks Uniswap V4 introduces "hooks" smart contracts that can be attached to liquidity pools. Hooks allow custom functionalities like limit orders custom AMM curves oracles and moreexpanding the platforms innovation potential" [X Link](https://x.com/chrisdior777/status/1825489417567338812) 2024-08-19T11:06Z [----] followers, [---] engagements "2/ Singleton Contract for Efficiency No more separate contracts for each token pair V4 uses a Singleton contract consolidating all pools into one. This reduces gas costs significantlycreating new pools is now 99% cheaper and multi-hop trades are much more efficient" [X Link](https://x.com/chrisdior777/status/1825489419282870501) 2024-08-19T11:06Z [----] followers, [---] engagements "3/ Flash Accounting System Uniswap V4s flash accounting system lets users chain multiple actions in one transaction (e.g. swap-and-add-liquidity). It ensures security by tracking token balances and verifying debt settlement improving efficiency while cutting gas costs" [X Link](https://x.com/chrisdior777/status/1825489421019320554) 2024-08-19T11:06Z [----] followers, [---] engagements "5/ Native ETH Support Goodbye Wrapped ETH V4 enables direct trading with native ETH simplifying the trading process and reducing costs. Its easier and more efficient for users to interact with the protocol" [X Link](https://x.com/chrisdior777/status/1825489425163256140) 2024-08-19T11:06Z [----] followers, [---] engagements "6/ Community-Driven Innovation Uniswap V4 fosters community-driven development. Since its code release active engagement has shaped the protocols evolution. This open approach encourages global contributions pushing the boundaries of AMM innovation" [X Link](https://x.com/chrisdior777/status/1825489427071730108) 2024-08-19T11:06Z [----] followers, [---] engagements "Sometimes when I talk with Devs/Auditors I feel they lack knowledge of Tokenomics (supply demand ROI game theory etc.). So here's the best resource I know on the topic: Tokenomics 101: The Basics of Evaluating Cryptocurrencies Check it out: https://every.to/almanack/tokenomics-101 https://every.to/almanack/tokenomics-101" [X Link](https://x.com/chrisdior777/status/1825552701276754033) 2024-08-19T15:17Z [----] followers, [----] engagements "Here are the top [--] Web3 startups that got seed funding from [----] to [----]. Aptos really stands out since it raised $200 million in [----]. This is definitely worth checking out further. https://eqvista.com/top-seed-funded-web3-startups/ https://eqvista.com/top-seed-funded-web3-startups/" [X Link](https://x.com/chrisdior777/status/1825823588458573908) 2024-08-20T09:14Z [----] followers, [----] engagements "Lately I'm so deep in work that I can't even chill right. Start a movie Think about work. Try to sleep Work. Hit the gym Yep work. Does this mean I'm a full-blown workaholic now π Guess I need a vacation just to remember how to relax" [X Link](https://x.com/chrisdior777/status/1826957308670124446) 2024-08-23T12:19Z [----] followers, [----] engagements "Curious about where Web3 startups are getting their seed funding Here are the top [--] seed funding sources for Web3 startups. Link: https://eqvista.com/top-seed-funded-web3-startups/ https://eqvista.com/top-seed-funded-web3-startups/" [X Link](https://x.com/chrisdior777/status/1827316173496516647) 2024-08-24T12:05Z [----] followers, [----] engagements "Some updates you might have missed: *Polygon's MATIC token rebrands to POL *MakerDAO rebranding to @SkyEcosystem Two new tokens: $SKY - governance token and $USDS - stablecoin. The two legacy tokens are staying (i.e. $MKR and $DAI)" [X Link](https://x.com/chrisdior777/status/1828434679575224423) 2024-08-27T14:09Z [----] followers, [----] engagements "WETH can't go insolvent because it's always backed 1:1 with ETH. The logic behind it is simple and requires only about [--] lines of code. Here's a quick rundown of how WETH works π§΅:" [X Link](https://x.com/anyuser/status/1829125782741893290) 2024-08-29T11:55Z 10.7K followers, 15.6K engagements "1/ Key functions: deposit withdraw and transferFrom. Deposit: You receive WETH equivalent to the ETH you send. Your WETH balance increases by the deposited amount" [X Link](https://x.com/chrisdior777/status/1829125784943878591) 2024-08-29T11:55Z [----] followers, [---] engagements "2/ Withdraw: Checks if your balance is enough to cover the withdrawal reduces your WETH and sends the corresponding ETH back to you. TransferFrom: Ensures sufficient WETH checks approval if a third party is transferring then adjusts balances" [X Link](https://x.com/chrisdior777/status/1829125786734927978) 2024-08-29T11:55Z [----] followers, [---] engagements "3/ The contract cant hold more or less ETH than deposited; it matches withdrawals. Except in one case: Someone could self destruct and send ETH to the WETH contract but in that scenario there would always be more ETH available to withdraw than what was deposited" [X Link](https://x.com/chrisdior777/status/1829125788563591558) 2024-08-29T11:55Z [----] followers, [---] engagements "To all my crypto followers: If youre not achieving the success you want and arent putting in a few hours on weekends youre missing out. A little extra effort can make a huge difference. Dont let meaningless distractions hold you backstay focused on your goals guys" [X Link](https://x.com/chrisdior777/status/1830188006105362895) 2024-09-01T10:16Z [----] followers, [----] engagements "TO ALL WEB3 PROJECTS π¨: You may haven't heard of Lemniscap but they have recently launched a $70M fund to back early-stage Web3 projects. They will be focusing on ZK Infrastructure Consumer Apps Bitcoin Ecosystem DePin & more. More info in the comments π" [X Link](https://x.com/chrisdior777/status/1830586505687183700) 2024-09-02T12:40Z [----] followers, [----] engagements "Chainlink VRF offers a secure and fair source of randomness for smart contracts preventing manipulation by nodes or attackers. Unlike on-chain methods like block-hash it provides tamper-proof random values ensuring better security and usability. https://medium.com/@natachigram/how-chainlink-vrf-works-46f14645813c https://medium.com/@natachigram/how-chainlink-vrf-works-46f14645813c" [X Link](https://x.com/chrisdior777/status/1830927096689877191) 2024-09-03T11:13Z [----] followers, [----] engagements "@Penpiexyz_io The Penpie team has posted a message on Twitter to urge the hacker to return the money under the following terms: https://x.com/Penpiexyz_io/status/1831157212963598555 https://x.com/Penpiexyz_io/status/1831157212963598555" [X Link](https://x.com/chrisdior777/status/1831270077800267949) 2024-09-04T09:56Z [----] followers, [---] engagements "Block explorers are your portal to Ethereum's data. Thats why if you want to be proficient in this field you need the skill to read them and understand the information they display. Study the terms its important: https://ethereum.org/en/developers/docs/data-and-analytics/block-explorers/ https://ethereum.org/en/developers/docs/data-and-analytics/block-explorers/" [X Link](https://x.com/chrisdior777/status/1831623009892786457) 2024-09-05T09:18Z [----] followers, [----] engagements "Here is some ALPHA to all the smart contract auditors. Penpie was exploited couple of days ago for $27M. @rotcivegaf wrote a POC of the exploit. You can learn a lot here: https://github.com/SunWeb3Sec/DeFiHackLabs/blob/8423a14b97998f1557d1216d340f605d31a6e99d/src/test/2024-09/Penpiexyzio_exp.sol https://github.com/SunWeb3Sec/DeFiHackLabs/blob/8423a14b97998f1557d1216d340f605d31a6e99d/src/test/2024-09/Penpiexyzio_exp.sol" [X Link](https://x.com/chrisdior777/status/1831643692647489724) 2024-09-05T10:41Z [----] followers, [----] engagements "1/ Transaction Type Use this filter to narrow down your analysis to specific transaction types of interest. You can Select All: Includes all transaction types. Or you can choose a certain token filter like ERC20 that will include ERC20 transactions only" [X Link](https://x.com/chrisdior777/status/1832003992991183051) 2024-09-06T10:32Z [----] followers, [--] engagements "5/ Amount You can filter transactions based on the value transferred. It is useful for tracking transactions within specific value thresholds or analyzing high-value transfers" [X Link](https://x.com/chrisdior777/status/1832004006245171620) 2024-09-06T10:32Z [----] followers, [--] engagements "6/ Asset You can use this filter to search for transactions involving specific tokens by specifying the token's name symbol or contract address. Additionally popular assets like ETH USDC USDT DAI WETH and WBTC are readily available for selection" [X Link](https://x.com/chrisdior777/status/1832004009806156199) 2024-09-06T10:32Z [----] followers, [---] engagements "In Web3 there are some utterly ridiculous fundraises for sure. One of those seems to be Farcaster. Why do these guys need $180 million for Seems like almost nobody use them. Am I wrong" [X Link](https://x.com/chrisdior777/status/1832090187071173093) 2024-09-06T16:15Z [----] followers, [----] engagements "@RightNowIn https://cryptorank.io/price/farcaster https://cryptorank.io/price/farcaster" [X Link](https://x.com/chrisdior777/status/1832094669129589193) 2024-09-06T16:33Z [----] followers, [---] engagements "Has anyone returned to a 9-5 after freelancing or running a business I can't imagine anything worse. Losing control of your time being told what to do and working with people you dont like. Even if I end up broke I'd hustle 10x harder to avoid going back to a 9-5" [X Link](https://x.com/chrisdior777/status/1832352666544218163) 2024-09-07T09:38Z [----] followers, [----] engagements "Solidity v0.8.27 updates: - Custom errors: require now supports custom errors in the legacy pipeline - Optimizer Caching: Speeds up compilation by caching optimized IR improving performance up to 44% - Initial support for transient storage and --yul option deprecated" [X Link](https://x.com/chrisdior777/status/1832717765704081690) 2024-09-08T09:49Z [----] followers, [----] engagements "Heres a discussion you might find interesting. The Ethereum Foundation (EF) is hosting AMAs on Redditthis is Part [--]. They cover Layer [--] solutions maturing and how EF keeps Ethereum neutral against government pressures. Featuring Vitalik and others: https://www.reddit.com/r/ethereum/comments/1f81ntr/ama_we_are_ef_research_pt_12_05_september_2024/ https://www.reddit.com/r/ethereum/comments/1f81ntr/ama_we_are_ef_research_pt_12_05_september_2024/" [X Link](https://x.com/chrisdior777/status/1832794041592717481) 2024-09-08T14:52Z [----] followers, [---] engagements "You're a white hat hacker who found a critical flaw in VulnerableVault's smart contract. To prove its severity your mission is to ethically exploit it and drain a high-profile depositor's [-----] tokens. We need more of these challenges @chomper59647 https://github.com/BlockChomper/ctf-challenges/tree/master/src/ERC4626-v1 https://github.com/BlockChomper/ctf-challenges/tree/master/src/ERC4626-v1" [X Link](https://x.com/chrisdior777/status/1833082670412439951) 2024-09-09T09:59Z [----] followers, [----] engagements "Just a quick reminder: Be extra careful when reviewing code that uses ERC20::transferFrom with a non-msg.sender from argument. If the access control isn't secure there's a chance that ERC20 allowances could be drained.π«‘" [X Link](https://x.com/chrisdior777/status/1833521532452409717) 2024-09-10T15:02Z [----] followers, [----] engagements "Just read that again after couple of months. Interesting Saturday read: How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from [----] - [----]. https://zachxbt.mirror.xyz/B0-UJtxN41cJhpPtKv0v2LZ8u-0PwZ4ecMPEdX4l8vE https://zachxbt.mirror.xyz/B0-UJtxN41cJhpPtKv0v2LZ8u-0PwZ4ecMPEdX4l8vE" [X Link](https://x.com/chrisdior777/status/1834880327623340246) 2024-09-14T09:02Z [----] followers, [----] engagements "WTF is happening at TOKEN2049 π€£ Castles in the sky a movie promoted by singing magnificent @VitalikButerin @ #Token2049singapore #TOKEN2049Week #ethereum https://t.co/et8PQPYZnf Castles in the sky a movie promoted by singing magnificent @VitalikButerin @ #Token2049singapore #TOKEN2049Week #ethereum https://t.co/et8PQPYZnf" [X Link](https://x.com/chrisdior777/status/1836380179746242865) 2024-09-18T12:22Z [----] followers, [---] engagements "The cryptocurrency exchange BingX suffered a hack couple of hours ago with an total loss of $43m in USDT USDC and WUSD. Their team already confirmed that they will compensate for the loss with their own capital. Hacker wallet address - https://etherscan.io/txsa=0xf7e8033366166f92eb477b7b38e0d47d47b43326&p=6 https://etherscan.io/txsa=0xf7e8033366166f92eb477b7b38e0d47d47b43326&p=6" [X Link](https://x.com/chrisdior777/status/1837112985728270776) 2024-09-20T12:54Z [----] followers, [----] engagements "Did you know that Blockchain network adoption has been much slower compared to social media. Since Bitcoin's [----] launch total cryptocurrency users reached [---] million. In contrast TikTok and Facebook each hit [--] billion users in just [--] and [--] years respectively" [X Link](https://x.com/chrisdior777/status/1837115488783982799) 2024-09-20T13:03Z [----] followers, [---] engagements "Heres a list of some of the biggest cryptocurrency platforms and their approximate user bases: [--]. Binance - over [---] million [--]. Coinbase - over [---] million [--]. - around [--] million [--]. Kraken - around [--] million [--]. Huobi Global - around [--] million http://Crypto.com http://Crypto.com" [X Link](https://x.com/chrisdior777/status/1837421006597566585) 2024-09-21T09:18Z [----] followers, [---] engagements "Web3 hacks: A total of $1840879064 was lost across [---] security incidents in [----]. This represents a decline of 51% from 2022s total of $3.7 billion and an average of $2.45 million per incident. Curious to see the [----] statisticπ€ Hope we see a decline from 2023" [X Link](https://x.com/chrisdior777/status/1837470583761916263) 2024-09-21T12:35Z [----] followers, [----] engagements "Why Ethereum is better than Solana IMO: - Stronger security - More decentralized - Bigger community of developers - Significantly higher liquidity - Great open-source support Change my mind" [X Link](https://x.com/chrisdior777/status/1838185150338760965) 2024-09-23T11:54Z [----] followers, [----] engagements "In case anybody is currently searching for a blockchain related job. Sigma Prime has these [--] position opened. Link: https://github.com/sigp/positions-vacant/tree/master https://github.com/sigp/positions-vacant/tree/master" [X Link](https://x.com/chrisdior777/status/1838598589380985116) 2024-09-24T15:17Z [----] followers, [----] engagements "Fundraising spree: Crypto VCs have raised over $2.2B in new capital through closed funds this year as of August. In the past few weeks half a dozen VCs raised over $500M including ParaFi Capital ($120M) Borderless Capital ($100M) Hack VC ($77M) and Robot Ventures ($75M)" [X Link](https://x.com/chrisdior777/status/1838916611769602413) 2024-09-25T12:21Z [----] followers, [----] engagements "40 smart contract vulnerabilities explained. Make sure you know all of them inside and out. Link: https://github.com/kadenzipfel/smart-contract-vulnerabilities https://github.com/kadenzipfel/smart-contract-vulnerabilities" [X Link](https://x.com/anyuser/status/1839253146293403661) 2024-09-26T10:38Z 10.7K followers, 19.2K engagements "I was interviewed by the founder of @dittoproj Dittoa stablecoin protocol. We audited them in [----]. I discuss how we started @CDSecurity_ our journey so far the state of L2 solutions today Ethereum and more. Here is a link: https://dittoeth.com/interviews/chrisdior https://dittoeth.com/interviews/chrisdior" [X Link](https://x.com/chrisdior777/status/1839598605566378449) 2024-09-27T09:31Z [----] followers, [----] engagements "I opened one of the Ethereum/Security newsletters I read weekly. This is how today's post started: Damn π₯²" [X Link](https://x.com/chrisdior777/status/1839631038009512320) 2024-09-27T11:39Z [----] followers, [----] engagements "Smart contract auditing opens the door to: - Remote work. - A global market. - Many ways to earn (contests bounties private audits etc.). - Making friends around the world. - Dopamine hits from finding Crit/High findings. What am I missingβ" [X Link](https://x.com/anyuser/status/1840097557046772088) 2024-09-28T18:33Z 10.7K followers, 11.3K engagements Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing
@chrisdior777 chrisdior.eth
chrisdior.eth posts on X about web3, ethereum, smart contract, if you the most. They currently have [------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.
Engagements: [-----] #
- [--] Week [------] -9.70%
- [--] Month [-------] -7.80%
- [--] Months [---------] +336%
- [--] Year [---------] +227%
Mentions: [--] #
- [--] Month [--] no change
- [--] Months [---] +100%
- [--] Year [---] +58%
Followers: [------] #
- [--] Week [------] +0.29%
- [--] Month [------] +2.40%
- [--] Months [------] +22%
- [--] Year [------] +52%
CreatorRank: [---------] #
Social Influence
Social category influence finance cryptocurrencies technology brands exchanges stocks social networks travel destinations celebrities automotive brands vc firms
Social topic influence web3 #2294, ethereum, smart contract, if you, money, uniswap, defi, protocol, contracts, blockchain
Top assets mentioned Ethereum (ETH) USDC (USDC) Chainlink (LINK) Solana (SOL) Bitcoin (BTC) Aave (AAVE) WETH (WETH)
Top Social Posts
Top posts by engagements in the last [--] hours
"β Helpful questions that you should ask yourself when creating/auditing a function in Solidity: Q1 - Can it be external Q2 - Should it be internal Q3 - Should it be payable Q4 - Can it be combined with another similar function"
X Link 2023-01-05T07:43Z [----] followers, [----] engagements
"Q5 - Validate all parameters are within safe bounds even if the function can only be called by a trusted users. Q6 - Is the checks before effects pattern followed (SWC-107) Q7 - Check for front-running possibilities such as the approve function. (SWC-114)"
X Link 2023-01-05T07:43Z [----] followers, [---] engagements
"β If you want to transition to web3 security then this thread is for you Pay attention I will give you the exact steps that you need to take in order to start auditing smart contracts: A 𧡠1/ First things first you need to understand Ethereum as much as you can π"
X Link 2023-01-21T23:08Z 10.7K followers, 55.5K engagements
"I am just reading an article about MEV and I am amazed at how much money are made with MEV: "Between January [--] [----] and December [--] [----] more than $773m has been earned through MEV on Ethereum.""
X Link 2023-04-29T14:14Z [----] followers, [----] engagements
"I am recently learning a lot from SpearBit's youtube channel: You can find amazing videos where experienced auditors are explaining findings and much more. Definitely check it out"
X Link 2023-05-20T12:16Z [----] followers, [----] engagements
"A lot of people can't seem to understand how the Tornado cash hack happened exactly. Here is a video that will certainly clear it out for you:"
X Link 2023-06-01T17:13Z [----] followers, [--] engagements
"How using _safeMint() can create a security loophole and make re-entrancy possible See more here:"
X Link 2023-06-28T08:34Z [----] followers, [----] engagements
"@cmpeq The information in the post is targeting people who are in the beginning of their auditing career and are practicing by auditing in code4rena for example. Also the weird thing here is the hex version of 2**256-1 which is not encountered often at least from my experience"
X Link 2023-07-09T10:39Z [----] followers, [---] engagements
"This one is fairly easy and a critical one. What is the problem Will post the finding from the report after couple of hours"
X Link 2023-08-02T20:01Z [----] followers, [----] engagements
"The from argument is user controlled so anyone can pass the address of a user who has approved the contract to spend his tokens which will move EURS tokens from the exploited user to the contract even that the user didn't intend that. Check the fix recommendation here"
X Link 2023-07-31T01:21Z [----] followers, [---] engagements
"Here is a perfect way to level up if you want to upgrade your smart contract security knowledge: [--]. Go to SECUREUM discord: [--]. If you are a newbie or at least have some experience start going through slot-quiz channels and try to do the tests yourself"
X Link 2023-08-07T10:14Z [----] followers, [--] engagements
"How I manage my day-to-day tasks as a smart contract security researcher in [--] steps β: Step [--]. Listing Tasks: I start by enumerating all the tasks that need to be completed today for example: 1/ Write [--] tweets 2/ Audit [---] SLOC of your current private audit 3/ Read 3"
X Link 2023-08-10T12:35Z [----] followers, [--] engagements
"5 things which you MUST check in a smart contract or you may miss a Med/High risk vulnerability π: [--]. Check for casting errors [--]. Check if division can round down to zero or if it can be divided by zero [--]. Check if each contract input is properly validated [--]. Check all onlyOwner functions for centralisation risks [--]. Specifying explicitly gas cost values - opcodes can change"
X Link 2023-08-11T14:00Z [----] followers, [----] engagements
"Cryptographic proofs (merkle trees signatures etc) need to be tied to msg.sender which an attacker cannot manipulate without acquiring the private key. This code is insecure for [--] reasons π: [--]. Anyone who knows the addresses that are selected for the airdrop can recreate"
X Link 2023-08-12T10:38Z [----] followers, [---] engagements
"Always check if these business logic breakers are not present when you audit a lending and borrowing based DeFi protocol π [--]. The buyer's collateral cannot be liquidated when the loan is not paid back or the collateral drops below the threshold. [--]. The due date of the loan principal or payments is improperly moved to an earlier or later date. [--]. A bug where paying back the principal does not lead to principal reduction"
X Link 2023-08-14T09:54Z [----] followers, [----] engagements
"Whenever you audit a code which calls a function from Uniswap V3 Router where deadline is one of the params always check if it is user supplied (correct) or hardcoded to block.timestamp or type(uint256).max (wrong)"
X Link 2023-08-17T15:33Z [----] followers, [----] engagements
"How an Arbitrum(layer 2) transaction goes through from a signed transaction to its confirmation on Ethereum(layer1). The Sequencer is a centralized node (run by the Arbitrum team) which submits user's transactions to the Ethereum mainnet. [--]. When users submit a trx on Arbitrum the Sequencer puts them into a sequence of tx's in first-come first-served order which is done off-chain. [--]. Every few minutes the Sequencer takes a batch of sequenced tx's compresses them and then writes that data to the L1. [--]. "Hard" finality is achieved when user's transaction sequenced in a batch is posted and"
X Link 2023-08-18T09:48Z [----] followers, [----] engagements
"Compound uses Chainlink as a price feed but it also verifies data via a TWAP oracle from the Uniswap which is a sanity check referred to as the Anchor price"
X Link 2023-08-23T13:53Z [----] followers, [----] engagements
"Just found this article which contains links to integration tips for [--] of the top DeFi projects. This should be a must-read for solidity devs as well as for the auditors:"
X Link 2023-08-25T11:01Z [----] followers, [----] engagements
"Top [--] Most Common Vulnerabilities In Web3 you should be aware of. By Immunefi: [--]. Improper Input Validation [--]. Incorrect Calculation [--]. Oracle/Price Manipulation [--]. Weak Access Control [--]. Replay Attacks/Signature Malleability [--]. Rounding Error [--]. Reentrancy [--]. Frontrunning π [--]. Uninitialized Proxy [--]. Governance Attacks"
X Link 2023-08-31T11:04Z [----] followers, [----] engagements
"Web3 security auditors should know how to communicate properly before and during an audit. Wouldn't it be cool if there is an article that is giving you the perfect training for that Well there isπ₯ Just found this gemπ¨ https://blog.theredguild.org/auditors-what-do-you-ask-developers/ https://blog.theredguild.org/auditors-what-do-you-ask-developers/"
X Link 2023-09-05T18:15Z [----] followers, [----] engagements
"Do you guys think that two separate projects can be properly audited simultaneously For instance dedicating half of the day to the first project and the remaining half to the second project. What are your thoughts on this"
X Link 2023-09-06T09:30Z [----] followers, [----] engagements
"I remember tweeting about this before but I will tweet it again because I still see this problem in codebases from time to time: Verify that the address called via low-level call/delegatecall/staticcall exists because it will return TRUE if the contract does NOT EXIST.β
"
X Link 2023-09-08T11:19Z [----] followers, [----] engagements
"1/The most effective way for me to have a successful day is by dividing and allocating specific timeframes for my tasks. Otherwise I find myself juggling various tasks only to realise at the end of the day that I've been inefficient. The successful way FOR ME - an example: π§΅"
X Link 2023-10-02T10:56Z [----] followers, [----] engagements
"What is the role of the Incremental Merkle Tree and Zero Knowledge Proof Verification in Tornado Cash. The prevention of frontrunning during withdrawal and much more. Read stuff like that if you want to be among the best in the space. https://www.rareskills.io/post/how-does-tornado-cash-work https://www.rareskills.io/post/how-does-tornado-cash-work"
X Link 2023-10-03T11:10Z [----] followers, [----] engagements
"If you want to have a solid knowledge of Solidity and Foundry the number [--] resource in my opinion is Smart Contract Programmer channel in Youtube. This is all you need guys don't overcomplicate your journey with a thousand resources that at the end just confuse you"
X Link 2023-10-05T10:08Z [----] followers, [----] engagements
"Pattern matching isn't always enough for finding bugs. Yes maybe for mediocre findings it is but some bugs are found from having a deep understanding of what the protocol is meant to do"
X Link 2023-10-06T11:22Z [----] followers, [----] engagements
"delete will reset the length of the array to [--] and delete the elements in it. But as the stuff array grows the gas price for the delete operation on it grows as well. If stuff becomes too long it will become undeletable due to high the gas cost. Thats why its length should be constrained"
X Link 2023-10-09T13:59Z [----] followers, 12.5K engagements
"Consider introducing a try/catch block around the latestRoundData() calls. If these calls revert the catch block should contain logic to handle the failure. This could be a fallback mechanism an alternative oracle call or a contingency procedure to pause operations and alert protocol administrators. Explanation in section "ChainLink Price Feeds":"
X Link 2023-10-12T14:28Z [----] followers, [----] engagements
"Do you know of any firms that offer Solidity development services along with auditing services for their developers' work Is this something people would prefer to take advantage of or would they rather hire a developer and a separate auditor or firm for the security review"
X Link 2023-10-18T11:07Z [----] followers, [----] engagements
"I don't know how some projects launch without even one or only one security review thats crazy Is it a conscious decision or unawareness Every piece of Solidity code must be audited MULTIPLE times. The smartest people in this space know that SECURITY is a TOP priority"
X Link 2023-10-19T10:12Z [----] followers, [----] engagements
"Your daily reminder that push0 opcode is still not supported by many chains like Arbitrum and might be problematic for projects compiled with a version of Solidity = 0.8.20 . Pay attention to projects using a Solidity version = 0.8.20 for that issue"
X Link 2023-10-21T10:12Z [----] followers, [----] engagements
"Next time you are coding or auditing a DeFi protocol that includes pegged assets ask yourself the following: If tokens that are pegged to any asset (renBTC aBTC stETH etc.) are used in the market how will the protocol behave during the depeg Will it count the price 1:1"
X Link 2023-10-30T11:53Z [----] followers, [----] engagements
"How to decompose a bytecode Bear with me here: The bytecode is the compiled code of the smart contract that is stored on the Ethereum blockchain and executed by the network. The first part is the loader code. It is the type of code that would create the smart contract basically the constructor of the smart contract. This part can be present in "Contract creation code" on The second part is the actual runtime code which is stored on the blockchain. This part of the code will be executed each time you are doing a transaction. The last part which is not mandatory is the swarm hash. Basically it"
X Link 2023-10-30T17:08Z [----] followers, [----] engagements
"SSTORE2 library allows us to pass data as a contracts bytecode using the CREATE opcode and read the data through EXTCODECOPY. But how π When we want to store data to storage we use SSTORE opcode where the gas required is expensive. If the value of the slot changes from [--] to any non-zero value the cost is: - [-----] if the storage key wasnt accessed - [-----] if it was That means that for every [--] bytes of data we write to storage we pay [-----] gas. Thats expensive Here comes the beauty of the SSTORE2 library. SSTORE2 allows us to pass data as a contracts bytecode using the CREATE opcode and read"
X Link 2023-11-01T15:04Z [----] followers, [----] engagements
"Here is possibly the most comprehensive collection of critical issues and exploits from 2022:"
X Link 2023-11-04T15:29Z [----] followers, [----] engagements
"What happened with Aave shortly: [--]. Aave received a bug report [--]. The bug was reported as a high vulnerability affecting Aave v2 afterwards raised to a critical. [--]. Aave won't disclose the details surrounding the vulnerability for now. [--]. By disabling stable rate mode borrowing it is not exploitable. [--]. All Aave forks must do that ASAP"
X Link 2023-11-06T15:51Z [----] followers, [----] engagements
"@banditx0x Because I know a lot of guys in web3 security since I am in this twitter web3 space for over a year now and a lot of them just stopped posting stopped participating in contests gave up private auditing etc"
X Link 2023-11-07T23:38Z [----] followers, [---] engagements
"5 real examples of Flash Loan hacks:"
X Link 2023-11-09T16:57Z [----] followers, [----] engagements
"In the forthcoming Cancun hardfork developers will gain access to transient storage (EIP-1153). However minor differences between the semantics of TSTORE and SSTORE will introduce a unexpected reentrancy attack vector: This proposal introduces transient storage opcodes which manipulate state that behaves identically to storage except that transient storage is discarded after every transaction. Transient storage is accessible to smart contracts via [--] new opcodes TLOAD and TSTORE where T stands for transient: EIP-2200 (which is another EIP) causes anSSTOREwith less than [----] gas to fail. Hence"
X Link 2023-11-14T12:15Z [----] followers, [----] engagements
"Imagine you have: IERC20(_underlying).permit(from address(this) amount deadline v r s); to approve a contract's withdrawal from the user's address. What will happen if the _underlying is WETH which doesn't have a permit function Is it going to revert WETH contract does have a fallback function that is called when a function is called but not found. WETHs fallback function is deposit() that does nothing material in this case but allows its calling functions execution to continue as it does not fail. This was also one of the causes of Multicoins $ 1M bridge hack:"
X Link 2023-11-17T09:18Z [----] followers, [----] engagements
"It's a fundamental concept but the picture simplifies it so effectively that I can't resist sharing. How to know which function is called fallback() or receive() π"
X Link 2023-11-18T10:47Z [----] followers, [----] engagements
"All Solidity devs must be aware of the inflation attack which is a widespread problem that targets ERC-4626 tokenized vault standard. Here is the best [--] minutes video explanation of it: Starts at 1:46"
X Link 2023-11-19T15:14Z [----] followers, [----] engagements
"@0xfave Not sure myself but I found this: "Looks like flash loans being used with mint and redeem and some sort of rounding/truncation error to drain the pools Each tx starts with a mint and an ETH source coming in from Aave or UniV3 to a single side of the pair. ""
X Link 2023-11-23T00:27Z [----] followers, [----] engagements
"I pulled out the [--] Smart Contract Security Best Practices from the book "Mastering Ethereum" for you. Make sure you BOOKMARK RETWEET and follow these GOLDEN principlesβ
: Just keep reading. Defensive programming is a style of programming that is particularly well suited to smart contracts. It emphasizes the following all of which are best practices: - Minimalism/simplicity - Code reuse - Code quality - Readability/auditability - Test coverage Now lets take a quick look at each of them: [--]. Minimalism/simplicity Complexity is the enemy of security. The simpler the code and the less it does the"
X Link 2023-11-23T09:07Z [----] followers, [----] engagements
"Are there any firms that specialise in a certain niche for audits For example a firm that specializes in DeFi protocols (Lending/Borowing) only. If it is good enough firm would projects prefer something like this instead of a firm that focus on all niches(Staking NFTs etc)"
X Link 2023-11-24T09:32Z [----] followers, [----] engagements
"ATTENTIONβ This is a scam Do not click on the link it will prompt you to a fake Kyber website where you will be required to connect your web3 wallet. Notice the @username of the fake Twitter account: KybcrNetwork This is the only real account of Kyber Network: They are also reminding not to respond to any DMs related to them and not to click on any links besides their official website Stay safe π http://kyberswap.com http://kyberswap.com"
X Link 2023-11-24T13:56Z [----] followers, [----] engagements
"To all web3 projects: Stop thinking [--] security review of your smart contracts is enough. Even if it is from a top-notch company. Projects are getting 10+ audits and still getting hacked. The best thing you can do is keep doing audits regularly with firms + solo auditors"
X Link 2023-11-27T12:02Z [----] followers, [----] engagements
"@Polyzoa_xyz I believe that a project should be regularly getting audits + to have a bug bounty. People should understand that security is KEY"
X Link 2023-11-28T09:25Z [----] followers, [--] engagements
"Yesterday an issue with Chainlink's wstETH/ETH price feed on Arbitrum led to the liquidation of [--] positions on @SiloFinance. Luckily Silos liquidator caught the liquidation before other liquidators and received the liquidation penalty. The penalty will be refunded to the impacted users. I hear a lot of people talking that the Pyth Network oracle is way better than Chainlink what do you think π€"
X Link 2023-12-03T11:02Z [----] followers, [----] engagements
"Interesting statistic about TOP [--] chains by TVL: [--]. Ethereum chain has currently [---] Protocols and $28b TVL [--]. Tron - [--] protocols only but almost $8b TVL [--]. BSC - [---] protocols and $3b TVL [--]. Arbitrum - [---] protocols and $2b TVL [--]. Polygon - [---] protocols $854m TVL"
X Link 2023-12-05T12:19Z [----] followers, [----] engagements
"Some interesting facts: - Tron chain is 2nd by TVL with almost $8b - Lido's fees for the past [--] months amount to $570m - ETH reached a new high since May [----] - UniswapV2 is the most forked project - Chainlink oracle is used by [---] protocols"
X Link 2023-12-06T10:20Z [----] followers, [----] engagements
"Tip for Borrow/Lending protocols: In liquidating shorts low collateral might reduce liquidator returns. Adding a minCollateralAmount param in liquidate() and then checking if the returned collateral is minCollateralAmount otherwise revert. This will ensure fair payouts"
X Link 2023-12-09T12:38Z [----] followers, [----] engagements
"How are liquidations on Compound really happening. I saved this article long time ago when I was trying to find out how liquidations work exactly. I believe it will be out of great help to you guys. Start reading from "Compound Liquidation":"
X Link 2023-12-10T09:51Z [----] followers, [----] engagements
"3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals Have a productive Sundayβ
"
X Link 2023-12-17T10:20Z [----] followers, [----] engagements
"Verify hardcoded external contract addresses for the chains where the contracts are deployed Take WETH as an example. Its address on Ethereum is: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 but 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon"
X Link 2023-12-21T14:36Z [----] followers, [----] engagements
"List of the property tests with a focus more on functions that transfer funds or doing major state updates for the top four forked protocols: - Uniswap v2 - Olympus DAO - Compound v2 - Tomb Finance https://github.com/0xNazgul/fuzzydefi/blob/main/PROPERTIES.md#L https://github.com/0xNazgul/fuzzydefi/blob/main/PROPERTIES.md#L"
X Link 2023-12-26T18:50Z [----] followers, [----] engagements
"Seems like there aren't many bug bounty platforms specifically for Web3. The ones I know and are legit: Immunefi - total paid $85000000+ Hackenproof - total paid $7358983 Hats Finance - total paid $400000+ Any other significant related platforms that I might have missed"
X Link 2023-12-28T12:18Z [----] followers, [----] engagements
""If the users of Ethereum are constantly recurring to the same centralized entity for a service that most people use we are walking on a path that compromises decentralization" Interesting PoV of how does Etherscan's dominance put the Ethereum community at risk. π "The biggest risk associated with Etherscan today is that the source code is closed and therefore not reproducible by other users which removes the availability resilience by redundancy of servers factor that we have in Ethereum and introduces security by obscurity controlled by a single entity.""
X Link 2024-01-05T17:59Z [----] followers, [----] engagements
"The intuitive way to track lender deposits is to record the amount of USDC they deposited and the time they deposited. Compound V3 does not do this. Instead tracks the hypothetical gain of one dollar lent since the beginning of time. Super interesting:"
X Link 2024-01-07T08:18Z [----] followers, [----] engagements
"Never took a look at the Decentralized Insurance category before but we definitely have a leader for these services and that is Nexus Mutual. Check out the TVL difference between them and the rest in the top 5:"
X Link 2024-01-09T13:03Z [----] followers, [----] engagements
"Optimism no longer supports Goerli testnet. Sepolia is the sustainable path forward encouraging all apps and developers to migrate to OP Sepolia for any testing and development needs. Network Info for OP Sepolia:"
X Link 2024-01-09T14:53Z [----] followers, [----] engagements
"Quick Solidity tip: Never hardcode opcodes gas cost in smart contracts as this could be wrong if there are changes to the gas cost in future EVM forks (which has happened before). Check out a reported issue of this kind here:"
X Link 2024-01-11T10:31Z [----] followers, [----] engagements
"OMG RareSkills just dropped a free online book about Compound V3π It is a line-by-line examination of the protocol's code. I am personally very excited to start reading this ASAP. Thank you giving so much value for free guys @RareSkills_io π"
X Link 2024-01-11T11:45Z [----] followers, [----] engagements
"I believe the demand for security audits for other languages such as Rust and Cairo will pick up nicely in [----]. Do you think there will be enough auditors supply for these languages"
X Link 2024-01-14T12:31Z [----] followers, [----] engagements
"RetroPGF which is Optimism's mechanism to support the creation of a truly free and decentralized internet that provides value to the people has distributed a total of around [---] million in Optimism tokens which is $14.5 million to the Top [--] projects. Web3 money is unreal"
X Link 2024-01-15T10:39Z [----] followers, [----] engagements
"Yesterday I read an old tweet from @tinchoabbate about some tips & tricks that'll make auditors love you if you are a web3 project seeking an audit. Here are some of my favourite ones: [--]. You cannot imagine the countless hours you save an auditor by just stating what you intend to do with that crazy obscure low-level assembly math thing that just multiplies two numbers. So add comments. [--]. Test Countless critical vulns can be saved with simple unit tests. Also tests let us understand intended behavior. A trick some auditors use: if a public function is not being called in the tests that's"
X Link 2024-01-18T11:02Z [----] followers, [----] engagements
"How an Arbitrum(layer 2) transaction goes through from a signed transaction to its confirmation on Ethereum(layer1). The Sequencer is a centralized node (run by the Arbitrum team) which submits user's transactions to the Ethereum mainnet. [--]. When users submit a trx on Arbitrum the Sequencer puts them into a sequence of tx's in first-come first-served order which is done off-chain. [--]. Every few minutes the Sequencer takes a batch of sequenced tx's compresses them and then writes that data to the L1. [--]. "Hard" finality is achieved when user's transaction sequenced in a batch is posted and"
X Link 2024-01-18T15:55Z [----] followers, [----] engagements
"This is pure gold π₯ If you're not entirely confident in your understanding of common liquidation function issues it's a must-watch. Given their integral role in every DeFi protocol gaining insight into these issues is essential knowledge"
X Link 2024-01-19T08:21Z [----] followers, [----] engagements
"Sometimes we don't understand fully what a function does exactly. Here are some steps which help ME clear things out: - start by skimming through the function to get a general idea - read the natspec of it (params return value etc.) (if any) - start examining the function character by character - don't go to the next line if you don't understand the one you are reading now - check with attention any external calls or state changing operations - try to think of what can go wrong spend time actually thinking various scenarios - if you don't understand the function 100% contact the client for"
X Link 2024-01-20T12:19Z [----] followers, [----] engagements
"Check out our website for more info about our offers past reports and about us as a team:"
X Link 2024-01-20T12:22Z [----] followers, [---] engagements
"Did you know that in March [----] $624M vanished from Ronin Network unnoticed for six days. $624M loss Despite a multisig system a social-engineer attacker gained key control executing withdrawERC() from the bridge. Here is the tipπ Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it"
X Link 2024-01-21T13:12Z [----] followers, [----] engagements
"If you want to become really adequate in Smart Contract Security: [--]. The staking algorithm of Sushiswap MasterChef: [--]. In-depth explanation of the codebase of Uniswap V2 [--]. Compound V2 https://www.rareskills.io/compound-v3-book https://www.rareskills.io/uniswap-v2-book https://www.rareskills.io/post/staking-algorithm https://www.rareskills.io/compound-v3-book https://www.rareskills.io/uniswap-v2-book https://www.rareskills.io/post/staking-algorithm"
X Link 2024-01-23T10:24Z 10.7K followers, [----] engagements
"Some Merkle trees have a security vulnerability. It is explained in this comment in MerkleProof.sol by OZ. One of the ways to have secure Merkle trees is to double-hash their leaves. Read more here:"
X Link 2024-01-23T12:49Z [----] followers, [----] engagements
"Become an absolute Web3 Security beast in [----] Resources: [--]. YouTube - Owen Thurm & Patrick Collins channels [--]. Past audit reports - [--]. Past hacks - [--]. DeFi bible - [--]. Books - http://rareskills.io https://github.com/OffcierCia/ultimate-defi-research-base https://github.com/coinspect/learn-evm-attacks http://Solodit.xyz http://rareskills.io https://github.com/OffcierCia/ultimate-defi-research-base https://github.com/coinspect/learn-evm-attacks http://Solodit.xyz"
X Link 2024-01-24T14:34Z 10.7K followers, 24.5K engagements
"Always check the access control of the functions when you are auditing a smart contract especially the important setter functions. One mistake such as leaving setOracle function open for everybody to call can be the cause of millions of $ lost:"
X Link 2024-01-26T12:28Z [----] followers, [----] engagements
"Quick gas optimization tips: - Storing small numbers in uint8 is not cheaper than uint256 due to padding. - If bytes length is limited prefer bytes1 to bytes32 for lower gas usage. - Use immutable for variables set only in the constructor to save 2.1k gas per instance"
X Link 2024-01-27T16:10Z [----] followers, [----] engagements
"Most auditors know these simple gas optimizations but if you are a developer who wants to save some gas next time you are writing a smart contract please check this out: https://github.com/Malinariy/Solidity-gas-optimizations-tips https://github.com/Malinariy/Solidity-gas-optimizations-tips"
X Link 2024-01-28T10:31Z 10.7K followers, [----] engagements
"Just a reminder for all beginner Solidity devs: The result of the function won't be [--] as some of you might think. minDeposit = [--------------------] (wei) hence the result of calculate() will be [--------------------]. This can be tricky in some scenarios"
X Link 2024-01-29T10:18Z [----] followers, [----] engagements
"Make sure you are familiar with all the observations and tips about protocols deployed on multiple chains. This repo is a must whether you are a Solidity dev or a Solidity auditor. Helped me a lot during my auditing process with such protocols:"
X Link 2024-01-30T10:31Z [----] followers, [----] engagements
"Was reading an old report by Spearbit and wanted to share this with you guys: In a require check see if one of the components is user controlled param which can bypass the check. This can lead to a High vulnerability. Finding 5.2.6:"
X Link 2024-01-30T15:37Z [----] followers, [----] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:22Z [----] followers, [---] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:22Z [----] followers, [---] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:22Z [----] followers, [---] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:22Z [----] followers, [---] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:23Z [----] followers, [---] engagements
"DM us for a FREE threat model for your project plus one day with unlimited security implementation requests and best practices"
X Link 2024-01-31T00:23Z [----] followers, [---] engagements
"When using Oracle price feeds remember that different feeds can have different decimal precisions. Don't assume all feeds share the same precision. Non-ETH pairs usually have [--] decimals while ETH pairs have [--] decimals"
X Link 2024-02-04T10:39Z [----] followers, [----] engagements
"If you are good at providing value in this space and your clients are satisfied enough its almost certain that they will refer you to someone. That way you will never be out of clients. Strive to provide an amazing experience for the client walk the extra mile.β
"
X Link 2024-02-04T14:16Z [----] followers, [----] engagements
""The average score is 30-35% for professional Solidity developers so its quite challenging." Have you tried it already"
X Link 2024-02-06T10:24Z [----] followers, [----] engagements
"3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals"
X Link 2024-02-09T14:23Z [----] followers, [----] engagements
"How to progress in smart contract security in [--] steps: - Read past audit reports and learn each finding's attack vector - Watch all videos by Owen Thurm in YT - Practice finding bugs DAILY (competitions) - Study the most important protocols in the space (Compound Uniswap etc)"
X Link 2024-02-20T10:18Z [----] followers, [----] engagements
"MUST be known: 90% of the smart contracts that we have audited which integrate UniswapV2Router02.sol make this mistake which allows 100% slippage during swaps. Most auditors know it but if you are someone who is planning to deploy such contract please know that: The swap functions in the above mentioned Uniswap contract have amountOutMin param. What is this param - "The minimum amount of output tokens that must be received for the transaction not to revert". Now the mistake that most of the devs are doing is that they are hardcoding this param as [--] when they implement some of the swap"
X Link 2024-02-22T14:36Z 10.7K followers, 15K engagements
"We now have the Solidity Cheatsheet β
Good job ser @Smacaud1"
X Link 2024-02-27T09:49Z [----] followers, [----] engagements
"It's not everyday you enter into a collaboration with one of the largest blockchain ecosystems in the industry. Excited to announce our collaboration with @0xPolygon as an official security provider and Mentor for the Polygon Village Program. @CDSecurity_"
X Link 2024-02-27T11:03Z [----] followers, [----] engagements
"@HanabiPlug Check in their website for more info ser"
X Link 2024-02-28T14:07Z [----] followers, [--] engagements
"The demand for web3 security audits is getting crazier than ever and you can feel it. Most of my auditor friends are overbooked. Contest platforms are also blowing up. This is overwhelming. Let's put forth our best efforts and be a great help to the projects β
"
X Link 2024-03-02T16:40Z [----] followers, [----] engagements
"Check out this DeFi developer roadmap. Really interesting materials in this repo:"
X Link 2024-03-10T16:50Z [----] followers, [----] engagements
"ALWAYS CHECK: If functions that allow users to withdraw their deposited or earned funds from a protocol have whenNotPaused modifier. If there is a malicious/compromised owner and the modifier is in place users may have their money stuck without a way to withdraw"
X Link 2024-03-15T12:16Z [----] followers, [----] engagements
"@shards_king @ddimitrovv22 @CDSecurity_ Thank you broππ»π€"
X Link 2024-03-20T11:17Z [----] followers, [--] engagements
"yAcademy created a repo of common DeFi forked protocol bugs. The most common ones seem to be the reentrancy and the flashloan attack. Check them out :"
X Link 2024-03-20T13:14Z [----] followers, [----] engagements
"If you don't understand the inflation attack which is a widespread problem that targets ERC-4626 tokenized vault standard this will help you. Here is the best [--] minutes video explanation of it: Starts at 1:46"
X Link 2024-03-24T19:36Z [----] followers, [----] engagements
"@lmc_security @DefiLlama God sent me to help you today serππ€"
X Link 2024-03-25T14:21Z [----] followers, [---] engagements
"@aave 's developers are certainly in good hands π€ The BGD Phase [--] proposal was executed earlier today. This proposal covers two scopes over a 6-month contract period: - [---] mil in stablecoins and 5k AAVE - [---] mil in stablecoins and 7.5k AAVE https://vote.onaave.com/proposal/proposalId=59 https://vote.onaave.com/proposal/proposalId=59"
X Link 2024-04-01T11:35Z [----] followers, [---] engagements
"Things I know now that I wish I had known when I started auditing smart contracts: - Believe more in yourself - Stay consistently up-to-date with the space - Analyze the experts in the field - There are no shortcuts to knowledge - Don't stop trying - Put in more hours β
"
X Link 2024-04-07T10:30Z [----] followers, [----] engagements
"Sometimes we don't understand fully what a function does exactly. Here are some steps which help ME clear things out: - start by skimming through the function to get a general idea - read the natspec of it (params return value etc.) (if any) - start examining the function character by character - don't go to the next line if you don't understand the one you are reading now - check with attention any external calls or state changing operations - try to think of what can go wrong spend time actually thinking various scenarios - if you don't understand the function 100% contact the client for"
X Link 2024-04-13T11:04Z [----] followers, [----] engagements
"There are only [--] active Web3 security contests on all of the platforms currently. Maybe the demand for security contests is currently low Maybe it is better because there is enough good auditors to cover all of the contests as opposed to 25+ active contests. Your take"
X Link 2024-04-17T09:24Z [----] followers, [----] engagements
"BOOKMARK this it might be useful to you sometime in the future So if you come across a scam domain what should you do You need to report it correctly I have collected all available options for you in this post. Please share this post with your friends EASY LEVEL: Alternatively for MM: [--] LEVEL: Try using: Also combined with multiple reports (abuse letters) to ICANN website report to google search console moderation report to and similar resources. Stay safe http://phishtank.org http://doppel.com http://bolster.ai/automated-website-takedown http://github.com/MetaMask/eth-phishing-detect"
X Link 2024-04-18T13:02Z [----] followers, [----] engagements
"Check hardcoded contract addresses in smart contracts Projects may deploy contracts to different addresses on various chains. For instance WETH: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 on Ethereum & 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon"
X Link 2024-04-19T10:28Z [----] followers, [----] engagements
"π§Perhaps you've heard about the new hot topic in the crypto space right now: Runes. I've read several articles to understand exactly what they are. Here's a brief overview to introduce you to Runes:π Runes are fungible tokens native to Bitcoin based on the Runes protocol. [--]. What is the Runes protocol for Bitcoin The Runes protocol is a mechanism for creating minting and transferring fungible tokens directly on Bitcoin. It seeks to be more efficient than the BRC-20 token standard by providing correct UTXO management and lowering the on-chain footprint. In the runes protocol messages are"
X Link 2024-04-23T15:06Z [----] followers, [----] engagements
"A short summary of the current DeFi market state: Total Value Locked - $95.413 billion. Top [--] protocols by TVL: [--]. Lido - $30.515b [--]. EigenLayer - $15.635b [--]. AAVE - $10.976b Top [--] chains by TVL: [--]. Ethereum - $55b [--]. Tron - $8.6b [--]. BSC - $6.5b"
X Link 2024-04-24T15:09Z [----] followers, [----] engagements
"Did you know that in March [----] $624M vanished from Ronin Network unnoticed for six days $624M loss Despite a multisig system a social-engineer attacker gained key control executing withdrawERC() from the bridge. Here is the tipπ Multisigs do not matter if in practice several keys are controlled by the same entity. Distribute keys to independent entities to actually enforce that several entities must agree with a transaction before executing it"
X Link 2024-05-04T18:05Z [----] followers, [----] engagements
"Roles in smart contract projects are pivotal. β
Here are couple of questions that you should definitely ask the project's team as well as verify that info yourself if possible:"
X Link 2024-05-08T11:19Z [----] followers, [----] engagements
"Vitalik recently introduced EIP-7702 - a potentially groundbreaking change for Ethereum. To grasp its significance it's essential to understand its predecessors: [--]. EIP-4337 [--]. EIP-3074 [--]. EIP-5003 [--]. EIP-4337: EOAs on Ethereum lack security and features. Account abstraction allows you to use a smart contract as your account to add more features & safety to address this. However most users still use EOAs due to conversion challenges and lack of native support for smart contract accounts in web3 apps like MetaMask. [--]. EIP-3074 predates EIP-4337 However it has not been merged into mainnet. It"
X Link 2024-05-10T10:49Z [----] followers, [----] engagements
"A quick reminder: When auditing a lending platform or a Collateralized Debt Position system keep in mind that a common attack vector during liquidations is the borrower's ability to force liquidations to revert. β
"
X Link 2024-05-18T18:54Z [----] followers, [----] engagements
"Verify hardcoded external contract addresses for the chains where the contracts are deployed Take WETH as an example. Its address on Ethereum is: 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 but 0x7ceb23fd6bc0add59e62ac25578270cff1b9f619 on Polygon. β
"
X Link 2024-05-19T14:10Z [----] followers, [----] engagements
"3 tokens that are widely used but their decimals = [--]. Be careful with these in projects they can be problematic when the code expects the standard [--] decimals. [--]. WBTC - [--] decimals [--]. USDT - [--] decimals [--]. USDC - [--] decimals β
"
X Link 2024-05-22T17:36Z [----] followers, [---] engagements
"Tip for new Solidity devs: Do not try to develop smart contracts like ERC-20 yourself. Instead use open source libraries that provide ready-made and battle-tested smart contracts. It is likely that when you develop something from the scratch you are going to make a mistake"
X Link 2024-05-23T15:08Z [----] followers, [----] engagements
"Finished watching a video called "What is security in Web3" and found it to be incredibly well-structured and valuable. Here is a summary of the key points aimed at helping Web3 projects understand their security options and how to maximize their security strategy:"
X Link 2024-05-28T16:26Z [----] followers, [----] engagements
"If you want to know how a whitehat reported [--] bugs in January and made $290497 check out this article. The root cause of the vulnerability are two rounding errors in separate assets impacting each. Proper floating-point handling is crucial. https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65 https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65"
X Link 2024-05-30T14:58Z [----] followers, [----] engagements
"In case you have missed it here is a very interesting review of Euler V2 which dives into their core algorithms and important pieces of code. Including: Higher-level design Core Vaults Oracles Risk management and Additional implementation details: https://mixbytes.io/blog/modern-defi-lending-protocols-how-its-made-euler-v2#rec751452047 https://mixbytes.io/blog/modern-defi-lending-protocols-how-its-made-euler-v2#rec751452047"
X Link 2024-06-04T18:25Z [----] followers, [----] engagements
"@NeoGranicen @euler_mab"
X Link 2024-06-05T09:30Z [----] followers, [--] engagements
"@euler_mab @NeoGranicen @NeoGranicen Take a look here Thanks Michael π«‘"
X Link 2024-06-05T09:34Z [----] followers, [--] engagements
"Pretty good set of tasks which are part of a Junior Solidity smart contracts security educational initiative. If you are a Junior Solidity dev/auditor this is the perfect exercise to test your skillsπ«‘ https://github.com/pessimistic-io/internship-tasks https://github.com/pessimistic-io/internship-tasks"
X Link 2024-06-06T11:47Z [----] followers, [----] engagements
"Here is a nice analysis of two findings from an audit for crvUSD an over-collateralized stablecoin by Curve. [--]. Arbitrary Call [--]. Donation Attack https://mixbytes.io/blog/recap-of-the-crvusd-audit-findings https://mixbytes.io/blog/recap-of-the-crvusd-audit-findings"
X Link 2024-06-08T19:58Z [----] followers, [----] engagements
"Mitchell Amador from Immunefi provides an excellent analysis of top whitehat hackers in Web3 and how to become one. Ive summarized the [--] steps he outlined in the screenshot below. Bookmark this for reference if you aspire to be one of the best"
X Link 2024-06-13T10:00Z [----] followers, [----] engagements
"After [---] years in my Web3 security journey and trying to provide value to the space I have finally reached [----] followers. Want to thank all my followers for the support I really do it for you guys. It brings me joy when I am able to bring value to as much guys as possibleπ"
X Link 2024-06-14T11:57Z [----] followers, [----] engagements
"If you want to be a good Solidity developer and auditor you must have a deep knowledge of the programming language and the Ethereum technology. Here are [---] questions divided into [--] levels: Easy Medium Hard and Advanced. Test yourself β
https://www.rareskills.io/post/solidity-interview-questions https://www.rareskills.io/post/solidity-interview-questions"
X Link 2024-06-16T09:06Z 10.7K followers, 22.5K engagements
"10 days ago Uwulend (a fork of AAVE V2 with changed oracle fallback logic) was hacked for $19.4M. The attacker exploited a price discrepancy in the oracles to manipulate rates. Uwulend paused the protocol an hour later but another $3.7M was stolen after it was unpaused. π"
X Link 2024-06-20T11:42Z [----] followers, [----] engagements
"Short high-level explanation of LayerZero π layerzero: explain like i'm five https://t.co/wYN6Nlr72r layerzero: explain like i'm five https://t.co/wYN6Nlr72r"
X Link 2024-07-05T22:56Z [----] followers, [----] engagements
"If you are curious about the requirements to work as a Senior Smart Contract Engineer at @Uniswap :"
X Link 2024-07-23T09:19Z 10.7K followers, 14.9K engagements
"@Uniswap https://boards.greenhouse.io/uniswaplabs/jobs/4003103005 https://boards.greenhouse.io/uniswaplabs/jobs/4003103005"
X Link 2024-07-23T09:28Z [----] followers, [----] engagements
"@k77eth @Uniswap Yeah but I don't really know if it is enough for living kind of luxury in New York guess not.π"
X Link 2024-07-23T10:14Z [----] followers, [---] engagements
"Protocol DEVS should choose the auditing company for the smart contracts they have written not the FOUNDERS. Founders can set the budget but developers should decide who will review their code and tell them what is right or wrong. Doesn't that make sense β
"
X Link 2024-07-24T10:59Z [----] followers, [----] engagements
"@AragonProject is looking for Senior Smart Contract Dev. If you think you are suitable or know someone that will be interested here is a link: https://jobs.lever.co/aragon/fba68080-9e98-49d7-8ed7-ac05d047d4b0 https://jobs.lever.co/aragon/fba68080-9e98-49d7-8ed7-ac05d047d4b0"
X Link 2024-07-29T09:41Z [----] followers, [--] engagements
"Top protocols on Ethereum right now by categories: Liquid Staking - @LidoFinance Restaking - @eigenlayer Lending - @aave V3 Collateralized Debt Position (CDP) - @MakerDAO"
X Link 2024-08-01T11:49Z [----] followers, [----] engagements
"Just a quick reminder Popular ways to generate randomness in Solidity: - Using blockhash β - Using block.timestamp β - Using Chainlink VRF β
Learn why for each case and how to implement Chainlink VRF: https://medium.com/rektify-ai/bad-randomness-in-solidity-8b0e4a393858 https://medium.com/rektify-ai/bad-randomness-in-solidity-8b0e4a393858"
X Link 2024-08-02T13:06Z [----] followers, [----] engagements
"In a crypto market crash those who keep building improving and trusting without backing down are the ones who will succeed in the long term. They're here to stay. The rest Well they might just end up back at McDonald's. π"
X Link 2024-08-05T14:34Z [----] followers, [---] engagements
"This month's Ethereum community events. IMO a great opportunity to connect with likeminded people as well as learn something new. Who is going"
X Link 2024-08-05T15:23Z [----] followers, [---] engagements
"As a Solidity developer you should never let such dumb bugs slip through. Here anyone can arbitrarily burn NFTs. I have seen similar access control findings a lot of times. Sometimes serious bugs are that simple"
X Link 2024-08-05T17:04Z [----] followers, [----] engagements
"Here are [--] simple tips that will help you master Solidity: 1/ Understanding Blockchain Basics Make sure you understand the basics of Ethereum: blocks transactions gas fees and blockchain limits. This knowledge will help you write better Solidity code and avoid mistakes. π"
X Link 2024-08-06T13:37Z [----] followers, [----] engagements
"Workflow of Solidity Compiler. Simply explained. The main process (blue) converts Solidity code into EVM bytecode and generates an ABI for interaction. The Yul process (green) compiles intermediate code for different backends activated by specific flags. The formal verification process (red) uses model checkers for security also activated by flags. All these processes are bug-prone"
X Link 2024-08-07T13:23Z [----] followers, [----] engagements
"I created this diagram to explain how Web3 startups are funded. Heres a simple explanation: Limited Partners (LPs) provide capital to VC firms which then decide how to invest in startups seeking funding. When an exit occurs both VCs and LPs receive their ROI.β"
X Link 2024-08-08T10:08Z [----] followers, [----] engagements
"IMO Solidity devs should upgrade their security knowledge daily (at least common bugs patterns access control mechanisms etc.). Be curious about security. Don't be like: "Meh the auditors will fix that if it's not okay." Try to actually write secure code"
X Link 2024-08-08T12:59Z [----] followers, [----] engagements
"The best way to advance in Smart Contract Auditing/Development (and most jobs) is to have a mentor. This was a game changer for me. We would audit in parallel and afterward he would show me where I made mistakes what I missed and how to improve. Find a mentor. β
"
X Link 2024-08-09T10:12Z 10.7K followers, [----] engagements
"Something interesting that I didn't know till today: @CoinMarketCap began as a side project by a single engineer who was working full-time at a software company without any traditional venture funding. Today [--] of the biggest advertising-driven biz in the crypto industry"
X Link 2024-08-10T13:07Z [----] followers, [---] engagements
"If youre unaware theres a solid security audit checklist for Account Abstraction Wallets based on EIP4337. Devs are highly encouraged to consider it carefully during development: https://slowmist.medium.com/slowmist-security-audit-checklist-for-account-abstraction-wallets-ed48fc10cdbc https://slowmist.medium.com/slowmist-security-audit-checklist-for-account-abstraction-wallets-ed48fc10cdbc"
X Link 2024-08-12T13:57Z [----] followers, [----] engagements
"Thats called SERIOUS SECURITY APPROACH. These guys know what they are doing. I wish more projects take security this seriously. Good job @eulerfinance π Securing Euler. Today we're sharing our multi-layer security approach developed and implemented over the past year. In this 𧡠you'll find some of the highlights. https://t.co/ogSpIwH2f9 Securing Euler. Today we're sharing our multi-layer security approach developed and implemented over the past year. In this 𧡠you'll find some of the highlights. https://t.co/ogSpIwH2f9"
X Link 2024-08-12T19:53Z [----] followers, [---] engagements
"The usual Web3 funding rounds - explained: [--]. Pre-Seed: Used for research product development and team building. [--]. Seed: Focuses on developing core tech like blockchain or tokens. [--]. Series A/B/C+: For scaling user growth and revenue generation"
X Link 2024-08-13T09:13Z [----] followers, [----] engagements
"What is CHAIN ABSTRACTION It makes blockchain easier to use by hiding the complicated parts of different networks. This lets people use DApps and manage digital assets without needing to understand the technical detailsjust like using the internet without knowing TCP/IP"
X Link 2024-08-13T11:22Z [----] followers, [----] engagements
"@n00buntu Thats written from some CEO who wants to pay less to his employees π€£ Try engaging the top auditors with little money and see if they agree π"
X Link 2024-08-14T17:48Z [----] followers, [--] engagements
"DeFi systems face unique risks: Smart Contracts may have bugs Blockchains have platform-specific risks Front-end interfaces are vulnerable Oracles introduce external data risks and Bridges can hold or transfer very significant value making them attractive targets"
X Link 2024-08-15T11:01Z [----] followers, [----] engagements
"Do you have a good intuition about on-chain fees I was surprised. Here is data for the past [--] days: * Ethereum makes 2x the fees of SOL * Jito makes almost as much as SOL itself * Aave makes less than half the fees of Uniswap * TRON is top dog on fees"
X Link 2024-08-15T15:15Z [----] followers, [----] engagements
"Basically Game Theory in tokenomics uses incentives to boost token demand. For example Curve rewards users with higher ROI and lower fees the longer they lock CRV tokens up to [--] years. This encourages holding and reduces the incentive to sell boosting token value. β
"
X Link 2024-08-17T12:41Z [----] followers, [----] engagements
"If you have ever wondered. This is how a typical Web3 VC Structure looks like. * Small to Mid-Sized Crypto VC Firms: 10-30 employees * Large Crypto VC Firms: 30-100+ employees For example @paradigm has 50+ employees so its definitely a large Crypto VC"
X Link 2024-08-18T10:08Z [----] followers, [----] engagements
"Profits from fees can be crazzzy sometimes. Here is an example: Metaplex the main Solana app for minting NFTs has made $12.7 million in from fees"
X Link 2024-08-18T12:30Z [----] followers, [---] engagements
"As most of you know Uniswap V4 is expected to launch soon. Cantina is currently hosting a security competition for V4 core contracts periphery contracts and the Universal Router. Lets break down the key features of V4 in [--] simple subtweetsπ"
X Link 2024-08-19T11:06Z [----] followers, [----] engagements
"1/ Customizability with Hooks Uniswap V4 introduces "hooks" smart contracts that can be attached to liquidity pools. Hooks allow custom functionalities like limit orders custom AMM curves oracles and moreexpanding the platforms innovation potential"
X Link 2024-08-19T11:06Z [----] followers, [---] engagements
"2/ Singleton Contract for Efficiency No more separate contracts for each token pair V4 uses a Singleton contract consolidating all pools into one. This reduces gas costs significantlycreating new pools is now 99% cheaper and multi-hop trades are much more efficient"
X Link 2024-08-19T11:06Z [----] followers, [---] engagements
"3/ Flash Accounting System Uniswap V4s flash accounting system lets users chain multiple actions in one transaction (e.g. swap-and-add-liquidity). It ensures security by tracking token balances and verifying debt settlement improving efficiency while cutting gas costs"
X Link 2024-08-19T11:06Z [----] followers, [---] engagements
"5/ Native ETH Support Goodbye Wrapped ETH V4 enables direct trading with native ETH simplifying the trading process and reducing costs. Its easier and more efficient for users to interact with the protocol"
X Link 2024-08-19T11:06Z [----] followers, [---] engagements
"6/ Community-Driven Innovation Uniswap V4 fosters community-driven development. Since its code release active engagement has shaped the protocols evolution. This open approach encourages global contributions pushing the boundaries of AMM innovation"
X Link 2024-08-19T11:06Z [----] followers, [---] engagements
"Sometimes when I talk with Devs/Auditors I feel they lack knowledge of Tokenomics (supply demand ROI game theory etc.). So here's the best resource I know on the topic: Tokenomics 101: The Basics of Evaluating Cryptocurrencies Check it out: https://every.to/almanack/tokenomics-101 https://every.to/almanack/tokenomics-101"
X Link 2024-08-19T15:17Z [----] followers, [----] engagements
"Here are the top [--] Web3 startups that got seed funding from [----] to [----]. Aptos really stands out since it raised $200 million in [----]. This is definitely worth checking out further. https://eqvista.com/top-seed-funded-web3-startups/ https://eqvista.com/top-seed-funded-web3-startups/"
X Link 2024-08-20T09:14Z [----] followers, [----] engagements
"Lately I'm so deep in work that I can't even chill right. Start a movie Think about work. Try to sleep Work. Hit the gym Yep work. Does this mean I'm a full-blown workaholic now π Guess I need a vacation just to remember how to relax"
X Link 2024-08-23T12:19Z [----] followers, [----] engagements
"Curious about where Web3 startups are getting their seed funding Here are the top [--] seed funding sources for Web3 startups. Link: https://eqvista.com/top-seed-funded-web3-startups/ https://eqvista.com/top-seed-funded-web3-startups/"
X Link 2024-08-24T12:05Z [----] followers, [----] engagements
"Some updates you might have missed: *Polygon's MATIC token rebrands to POL *MakerDAO rebranding to @SkyEcosystem Two new tokens: $SKY - governance token and $USDS - stablecoin. The two legacy tokens are staying (i.e. $MKR and $DAI)"
X Link 2024-08-27T14:09Z [----] followers, [----] engagements
"WETH can't go insolvent because it's always backed 1:1 with ETH. The logic behind it is simple and requires only about [--] lines of code. Here's a quick rundown of how WETH works π§΅:"
X Link 2024-08-29T11:55Z 10.7K followers, 15.6K engagements
"1/ Key functions: deposit withdraw and transferFrom. Deposit: You receive WETH equivalent to the ETH you send. Your WETH balance increases by the deposited amount"
X Link 2024-08-29T11:55Z [----] followers, [---] engagements
"2/ Withdraw: Checks if your balance is enough to cover the withdrawal reduces your WETH and sends the corresponding ETH back to you. TransferFrom: Ensures sufficient WETH checks approval if a third party is transferring then adjusts balances"
X Link 2024-08-29T11:55Z [----] followers, [---] engagements
"3/ The contract cant hold more or less ETH than deposited; it matches withdrawals. Except in one case: Someone could self destruct and send ETH to the WETH contract but in that scenario there would always be more ETH available to withdraw than what was deposited"
X Link 2024-08-29T11:55Z [----] followers, [---] engagements
"To all my crypto followers: If youre not achieving the success you want and arent putting in a few hours on weekends youre missing out. A little extra effort can make a huge difference. Dont let meaningless distractions hold you backstay focused on your goals guys"
X Link 2024-09-01T10:16Z [----] followers, [----] engagements
"TO ALL WEB3 PROJECTS π¨: You may haven't heard of Lemniscap but they have recently launched a $70M fund to back early-stage Web3 projects. They will be focusing on ZK Infrastructure Consumer Apps Bitcoin Ecosystem DePin & more. More info in the comments π"
X Link 2024-09-02T12:40Z [----] followers, [----] engagements
"Chainlink VRF offers a secure and fair source of randomness for smart contracts preventing manipulation by nodes or attackers. Unlike on-chain methods like block-hash it provides tamper-proof random values ensuring better security and usability. https://medium.com/@natachigram/how-chainlink-vrf-works-46f14645813c https://medium.com/@natachigram/how-chainlink-vrf-works-46f14645813c"
X Link 2024-09-03T11:13Z [----] followers, [----] engagements
"@Penpiexyz_io The Penpie team has posted a message on Twitter to urge the hacker to return the money under the following terms: https://x.com/Penpiexyz_io/status/1831157212963598555 https://x.com/Penpiexyz_io/status/1831157212963598555"
X Link 2024-09-04T09:56Z [----] followers, [---] engagements
"Block explorers are your portal to Ethereum's data. Thats why if you want to be proficient in this field you need the skill to read them and understand the information they display. Study the terms its important: https://ethereum.org/en/developers/docs/data-and-analytics/block-explorers/ https://ethereum.org/en/developers/docs/data-and-analytics/block-explorers/"
X Link 2024-09-05T09:18Z [----] followers, [----] engagements
"Here is some ALPHA to all the smart contract auditors. Penpie was exploited couple of days ago for $27M. @rotcivegaf wrote a POC of the exploit. You can learn a lot here: https://github.com/SunWeb3Sec/DeFiHackLabs/blob/8423a14b97998f1557d1216d340f605d31a6e99d/src/test/2024-09/Penpiexyzio_exp.sol https://github.com/SunWeb3Sec/DeFiHackLabs/blob/8423a14b97998f1557d1216d340f605d31a6e99d/src/test/2024-09/Penpiexyzio_exp.sol"
X Link 2024-09-05T10:41Z [----] followers, [----] engagements
"1/ Transaction Type Use this filter to narrow down your analysis to specific transaction types of interest. You can Select All: Includes all transaction types. Or you can choose a certain token filter like ERC20 that will include ERC20 transactions only"
X Link 2024-09-06T10:32Z [----] followers, [--] engagements
"5/ Amount You can filter transactions based on the value transferred. It is useful for tracking transactions within specific value thresholds or analyzing high-value transfers"
X Link 2024-09-06T10:32Z [----] followers, [--] engagements
"6/ Asset You can use this filter to search for transactions involving specific tokens by specifying the token's name symbol or contract address. Additionally popular assets like ETH USDC USDT DAI WETH and WBTC are readily available for selection"
X Link 2024-09-06T10:32Z [----] followers, [---] engagements
"In Web3 there are some utterly ridiculous fundraises for sure. One of those seems to be Farcaster. Why do these guys need $180 million for Seems like almost nobody use them. Am I wrong"
X Link 2024-09-06T16:15Z [----] followers, [----] engagements
"@RightNowIn https://cryptorank.io/price/farcaster https://cryptorank.io/price/farcaster"
X Link 2024-09-06T16:33Z [----] followers, [---] engagements
"Has anyone returned to a 9-5 after freelancing or running a business I can't imagine anything worse. Losing control of your time being told what to do and working with people you dont like. Even if I end up broke I'd hustle 10x harder to avoid going back to a 9-5"
X Link 2024-09-07T09:38Z [----] followers, [----] engagements
"Solidity v0.8.27 updates: - Custom errors: require now supports custom errors in the legacy pipeline - Optimizer Caching: Speeds up compilation by caching optimized IR improving performance up to 44% - Initial support for transient storage and --yul option deprecated"
X Link 2024-09-08T09:49Z [----] followers, [----] engagements
"Heres a discussion you might find interesting. The Ethereum Foundation (EF) is hosting AMAs on Redditthis is Part [--]. They cover Layer [--] solutions maturing and how EF keeps Ethereum neutral against government pressures. Featuring Vitalik and others: https://www.reddit.com/r/ethereum/comments/1f81ntr/ama_we_are_ef_research_pt_12_05_september_2024/ https://www.reddit.com/r/ethereum/comments/1f81ntr/ama_we_are_ef_research_pt_12_05_september_2024/"
X Link 2024-09-08T14:52Z [----] followers, [---] engagements
"You're a white hat hacker who found a critical flaw in VulnerableVault's smart contract. To prove its severity your mission is to ethically exploit it and drain a high-profile depositor's [-----] tokens. We need more of these challenges @chomper59647 https://github.com/BlockChomper/ctf-challenges/tree/master/src/ERC4626-v1 https://github.com/BlockChomper/ctf-challenges/tree/master/src/ERC4626-v1"
X Link 2024-09-09T09:59Z [----] followers, [----] engagements
"Just a quick reminder: Be extra careful when reviewing code that uses ERC20::transferFrom with a non-msg.sender from argument. If the access control isn't secure there's a chance that ERC20 allowances could be drained.π«‘"
X Link 2024-09-10T15:02Z [----] followers, [----] engagements
"Just read that again after couple of months. Interesting Saturday read: How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from [----] - [----]. https://zachxbt.mirror.xyz/B0-UJtxN41cJhpPtKv0v2LZ8u-0PwZ4ecMPEdX4l8vE https://zachxbt.mirror.xyz/B0-UJtxN41cJhpPtKv0v2LZ8u-0PwZ4ecMPEdX4l8vE"
X Link 2024-09-14T09:02Z [----] followers, [----] engagements
"WTF is happening at TOKEN2049 π€£ Castles in the sky a movie promoted by singing magnificent @VitalikButerin @ #Token2049singapore #TOKEN2049Week #ethereum https://t.co/et8PQPYZnf Castles in the sky a movie promoted by singing magnificent @VitalikButerin @ #Token2049singapore #TOKEN2049Week #ethereum https://t.co/et8PQPYZnf"
X Link 2024-09-18T12:22Z [----] followers, [---] engagements
"The cryptocurrency exchange BingX suffered a hack couple of hours ago with an total loss of $43m in USDT USDC and WUSD. Their team already confirmed that they will compensate for the loss with their own capital. Hacker wallet address - https://etherscan.io/txsa=0xf7e8033366166f92eb477b7b38e0d47d47b43326&p=6 https://etherscan.io/txsa=0xf7e8033366166f92eb477b7b38e0d47d47b43326&p=6"
X Link 2024-09-20T12:54Z [----] followers, [----] engagements
"Did you know that Blockchain network adoption has been much slower compared to social media. Since Bitcoin's [----] launch total cryptocurrency users reached [---] million. In contrast TikTok and Facebook each hit [--] billion users in just [--] and [--] years respectively"
X Link 2024-09-20T13:03Z [----] followers, [---] engagements
"Heres a list of some of the biggest cryptocurrency platforms and their approximate user bases: [--]. Binance - over [---] million [--]. Coinbase - over [---] million [--]. - around [--] million [--]. Kraken - around [--] million [--]. Huobi Global - around [--] million http://Crypto.com http://Crypto.com"
X Link 2024-09-21T09:18Z [----] followers, [---] engagements
"Web3 hacks: A total of $1840879064 was lost across [---] security incidents in [----]. This represents a decline of 51% from 2022s total of $3.7 billion and an average of $2.45 million per incident. Curious to see the [----] statisticπ€ Hope we see a decline from 2023"
X Link 2024-09-21T12:35Z [----] followers, [----] engagements
"Why Ethereum is better than Solana IMO: - Stronger security - More decentralized - Bigger community of developers - Significantly higher liquidity - Great open-source support Change my mind"
X Link 2024-09-23T11:54Z [----] followers, [----] engagements
"In case anybody is currently searching for a blockchain related job. Sigma Prime has these [--] position opened. Link: https://github.com/sigp/positions-vacant/tree/master https://github.com/sigp/positions-vacant/tree/master"
X Link 2024-09-24T15:17Z [----] followers, [----] engagements
"Fundraising spree: Crypto VCs have raised over $2.2B in new capital through closed funds this year as of August. In the past few weeks half a dozen VCs raised over $500M including ParaFi Capital ($120M) Borderless Capital ($100M) Hack VC ($77M) and Robot Ventures ($75M)"
X Link 2024-09-25T12:21Z [----] followers, [----] engagements
"40 smart contract vulnerabilities explained. Make sure you know all of them inside and out. Link: https://github.com/kadenzipfel/smart-contract-vulnerabilities https://github.com/kadenzipfel/smart-contract-vulnerabilities"
X Link 2024-09-26T10:38Z 10.7K followers, 19.2K engagements
"I was interviewed by the founder of @dittoproj Dittoa stablecoin protocol. We audited them in [----]. I discuss how we started @CDSecurity_ our journey so far the state of L2 solutions today Ethereum and more. Here is a link: https://dittoeth.com/interviews/chrisdior https://dittoeth.com/interviews/chrisdior"
X Link 2024-09-27T09:31Z [----] followers, [----] engagements
"I opened one of the Ethereum/Security newsletters I read weekly. This is how today's post started: Damn π₯²"
X Link 2024-09-27T11:39Z [----] followers, [----] engagements
"Smart contract auditing opens the door to: - Remote work. - A global market. - Many ways to earn (contests bounties private audits etc.). - Making friends around the world. - Dopamine hits from finding Crit/High findings. What am I missingβ"
X Link 2024-09-28T18:33Z 10.7K followers, 11.3K engagements
Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing