Alex the Entreprenerd

@entreprenerd

33 Following

11 Followers

Alex the Entreprenerd pfp

Alex the Entreprenerd

Recon is sponsoring this months editions of BlockThreat!

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Another phishing exploit causes $8 MLN in losses I’m seeing the same mistakes being repeated every 6 months For this reason I hosted a 2 Hour event on how to safely manage Multisigs Please just follow the advice we laid out in this video and share it with all new founders Phishing exploits need to stop https://x.com/getreconxyz/status/1885249716386226572?s=46

0 reply

0 recast

3 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

Another phishing exploit causes $8 MLN in losses I’m seeing the same mistakes being repeated every 6 months For this reason I hosted a 2 Hour event on how to safely manage Multisigs Please just follow the advice we laid out in this video and share it with all new founders Phishing exploits need to stop https://x.com/getreconxyz/status/1885249716386226572?s=46

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Quite a few researchers reached out to ask me more details about this bug Would you want me to post a full breakdown?

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

It is my pleasure to finally release the Bold Audit Report This is the result of a 3 weeks solo review were I had spent a considerable amount of time looking at the batch rebasing logic This resulted in one of the most interesting crits you’ll see, complete with POC that made it into the Bold repo On the design side, one my favourite contribution has been introducing Bid and Ask pricing for Borrowing vs Redemptions to combat arbitrages I open sourced the full repo, giving you a glimpse into my actual process, with hundreds of notes that never made it in the final report https://github.com/GalloDaSballo/bold-review

1 reply

0 recast

5 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

Compiling all the Liquity related work I’ve done over the years I have worked with many Liquity V1 and V2 forks as well as the Bold team for their Liquity V2 and their Governance Repository Security Advisories: - Liquity V1 - Tellor - Yeti Finance - Ethos Reserve Developers: - eBTC (Bitcoin themed Liquity V1 Fork) - Liquity Governance V2 Invariant Testing: - Bold (private) - Quill Finance - REDACTED Finance - REDACTED Manual Review V2: - Bold (private) - Quill (LINK) - REDACTED (SOON) - REDACTED (SOON) Manual Review V1: - thUSD (Threshold) - eBTC (developer and internal reviewer) - Ethos Reserve - Apollon (SEI V1 Fork) Economic Intel: - Quill (Economic Review that resulted in introducing borrow caps) - REDACTED (Economic Review that resulted in adding redemption fees and changing caps logic) - REDACTED (Economic Review that resulted in changing oracle config) - eBTC (Economic Review and sims to help determine risk parameters, validated by Risk DAO Contests: - Raft - Yeti - Ethos Reserve

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Join us on the bleeding edge of reverse engineering the EVM for Security Research All tools mentioned are open source and free to use - WhatsAbi - the easiest way to get abis - Evmole - the most thorough tool to get abi and cfg - Heimdall - can give you decompiled solidity off of bytecode In the video we: - Show each tool, demo it and talk about the key code snippets making it work - Answer a ton of questions on grabbing data from onchain - Reverse engineer the Bybit exploit contract with these tools This was a unique event, hopefully you’ll enjoy! https://x.com/getreconxyz/status/1893707255977324960?s=46

0 reply

1 recast

3 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

In just a few hours we’ll host a unique event “Reverse Engineering for Security” We’ll have 3 elite open source devs showcase their tools to reverse engineer smart contracts on the EVM And well also do a deep technical dive into the Bybit exploit If you’re tired of trusting and want to verify, join us later today on X at ) pm CET https://x.com/getreconxyz/status/1893615517820412032

0 reply

0 recast

1 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Pretty timely All of the advice the bybit team should have followed is in this 2 hour video Consider learning this for your own opsec

0 reply

1 recast

2 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

It’s absolute inexcusable for projects to deploy with a multisig and no timelock In this 2 hours video I’m joined by security experts and DAO members to discuss the most common best practices for multisig and governance security https://x.com/getreconxyz/status/1885249716386226572?s=46

2 replies

1 recast

10 reactions

Alex the Entreprenerd pfp

Alex the Entreprenerd

I’m organising an event on reverse engineering bytecode for security Like this for a free invite!

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Like this if you use foundry

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Very happy to share a new podcast I’ve registered with @austingriffith ! - Watch me build the simplest lending market - One key invariant to prevent many critical exploits - Quickly scaffold invariant with the Sandbox - Convert echidna traces into foundry repros in one click A complete overview of our professional workflow at Recon, all based on open source tools and templates you can use yourself! https://www.youtube.com/embed/cUAgLUra3Zw

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

One of the best ways to get started with Invariant Testing! December we hosted Fuzz Fest, an event focused solely on Fuzzing for security - How to Get started - Step by step examples of using Fuzz Testing to prevent exploits - Contributing to Medusa (OSS) - The UniV4 testing suite, by ToB https://www.youtube.com/watch?v=Cqmu-mhSLt8

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

If you’re building a Liquity V2 fork that is not using exactly the same collaterals as the original DM me, I’ll save you $15k with 2 words

0 reply

0 recast

0 reaction

Alex the Entreprenerd pfp

Alex the Entreprenerd

Pro tip: Use Cmd + K to clear your terminal

0 reply

0 recast

0 reaction