Alex the Entreprenerd pfp

Alex the Entreprenerd

@entreprenerd

33 Following
15 Followers
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Recon is sponsoring this months editions of BlockThreat!
0 reply
0 recast
1 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Did you know you can run the same tests you wrote for foundry, with Echidna (Concrete Fuzzer) and Halmos (Formal Verification), with zero code changes? Safer code and zero extra work Here’s the demo you can try today! https://x.com/getreconxyz/status/1903129678447251714?s=46
0 reply
0 recast
1 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Another phishing exploit causes $8 MLN in losses I’m seeing the same mistakes being repeated every 6 months For this reason I hosted a 2 Hour event on how to safely manage Multisigs Please just follow the advice we laid out in this video and share it with all new founders Phishing exploits need to stop https://x.com/getreconxyz/status/1885249716386226572?s=46
0 reply
0 recast
3 reactions
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Another phishing exploit causes $8 MLN in losses I’m seeing the same mistakes being repeated every 6 months For this reason I hosted a 2 Hour event on how to safely manage Multisigs Please just follow the advice we laid out in this video and share it with all new founders Phishing exploits need to stop https://x.com/getreconxyz/status/1885249716386226572?s=46
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Quite a few researchers reached out to ask me more details about this bug Would you want me to post a full breakdown?
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
It is my pleasure to finally release the Bold Audit Report This is the result of a 3 weeks solo review were I had spent a considerable amount of time looking at the batch rebasing logic This resulted in one of the most interesting crits you’ll see, complete with POC that made it into the Bold repo On the design side, one my favourite contribution has been introducing Bid and Ask pricing for Borrowing vs Redemptions to combat arbitrages I open sourced the full repo, giving you a glimpse into my actual process, with hundreds of notes that never made it in the final report https://github.com/GalloDaSballo/bold-review
1 reply
0 recast
5 reactions
polymutex pfp
polymutex
@polymutex.eth
You use Chrome. Imagine for a moment that Chrome sent 𝙚𝙫𝙚𝙧𝙮 𝙐𝙍𝙇 𝙮𝙤𝙪 𝙫𝙞𝙨𝙞𝙩𝙚𝙙 to Google. That would be outrageous, right? web3 is about doing better than this. Well, what if your wallet did the very same thing? 👇
3 replies
5 recasts
34 reactions
shazow pfp
shazow
@shazow.eth
Safe{Wallet} frontend infrastructure was compromised. 🥁 We need to reduce our dependence on centralized frontends! We need more independent frontends implementations or, better yet, generative frontends. At least one signer should use a different frontend. https://x.com/benbybit/status/1894768736084885929
6 replies
6 recasts
31 reactions
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Compiling all the Liquity related work I’ve done over the years I have worked with many Liquity V1 and V2 forks as well as the Bold team for their Liquity V2 and their Governance Repository Security Advisories: - Liquity V1 - Tellor - Yeti Finance - Ethos Reserve Developers: - eBTC (Bitcoin themed Liquity V1 Fork) - Liquity Governance V2 Invariant Testing: - Bold (private) - Quill Finance - REDACTED Finance - REDACTED Manual Review V2: - Bold (private) - Quill (LINK) - REDACTED (SOON) - REDACTED (SOON) Manual Review V1: - thUSD (Threshold) - eBTC (developer and internal reviewer) - Ethos Reserve - Apollon (SEI V1 Fork) Economic Intel: - Quill (Economic Review that resulted in introducing borrow caps) - REDACTED (Economic Review that resulted in adding redemption fees and changing caps logic) - REDACTED (Economic Review that resulted in changing oracle config) - eBTC (Economic Review and sims to help determine risk parameters, validated by Risk DAO Contests: - Raft - Yeti - Ethos Reserve
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
X
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Join us on the bleeding edge of reverse engineering the EVM for Security Research All tools mentioned are open source and free to use - WhatsAbi - the easiest way to get abis - Evmole - the most thorough tool to get abi and cfg - Heimdall - can give you decompiled solidity off of bytecode In the video we: - Show each tool, demo it and talk about the key code snippets making it work - Answer a ton of questions on grabbing data from onchain - Reverse engineer the Bybit exploit contract with these tools This was a unique event, hopefully you’ll enjoy! https://x.com/getreconxyz/status/1893707255977324960?s=46
0 reply
1 recast
3 reactions
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
In just a few hours we’ll host a unique event “Reverse Engineering for Security” We’ll have 3 elite open source devs showcase their tools to reverse engineer smart contracts on the EVM And well also do a deep technical dive into the Bybit exploit If you’re tired of trusting and want to verify, join us later today on X at ) pm CET https://x.com/getreconxyz/status/1893615517820412032
0 reply
0 recast
1 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Towards the end of the video we talk about some of the decision making behind each config (number of signers, timelock delay, etc..) I believe you can pick some of those and combine them based on your needs
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Pretty timely All of the advice the bybit team should have followed is in this 2 hour video Consider learning this for your own opsec
0 reply
1 recast
2 reactions
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
It’s absolute inexcusable for projects to deploy with a multisig and no timelock In this 2 hours video I’m joined by security experts and DAO members to discuss the most common best practices for multisig and governance security https://x.com/getreconxyz/status/1885249716386226572?s=46
2 replies
1 recast
10 reactions
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
I’m organising an event on reverse engineering bytecode for security Like this for a free invite!
0 reply
0 recast
0 reaction
Alex the Entreprenerd pfp
Alex the Entreprenerd
@entreprenerd
Like this if you use foundry
0 reply
0 recast
0 reaction