Thomas Humphreys pfp

Thomas Humphreys

@so

449 Following
887 Followers
Thomas Humphreys pfp
Thomas Humphreys
@so
I went to the States and lost an hour of sleep. Flew back home to Spain… and lost another one. At this rate, I’ll be in a sleep deficit so bad I’ll wake up in 2023.
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
I don't need to talk to make friends
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Make it make sense
1 reply
0 recast
0 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Do you recommend to use Swapper (with Chainlink Keepers) for DCAing ?
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Creatine and electrolytes. Collagen peptides are a giga chad move
0 reply
0 recast
4 reactions
Vinay Vasanji pfp
Vinay Vasanji
@vinayvasanji.eth
lowercase improvement proposals in progress LIP-1: If lowercase [dot] cards is shared then display a frame in feed, but if a specific card URL is shared display a preview of card and the URL (no frame) LIP-2: If any lowercase [dot] cards URL is shared on FC without "https://" a worker throws exception error displays, need to fix LIP-3: On mobile and in frame v2 make the create card button visible immediately after sign in (currently requires an extra tap on pfp to display menu) LIP-4: Enable search LIP-5: /revnet rewards for card contributions will show as zero value in Warplet due to lack of Uniswap pool. Petition Merkle to automatically calculate revnet's token<>ETH fixed exchange rate in Warplet, and enable revnet 'swaps' LIP-6: Post card data to Snapchain If you can think of anything else feel free to propose LIP-7 onwards
0 reply
2 recasts
5 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
I came across a protocol that's done over $100M+ in volume with big customer names, but their frontend auth is poorly designed. They're exposing WebAuthn details, which isn't the main issue — it's the fact that they're also leaking customer emails. This opens the door for social engineering attacks, making it far too easy for attackers to target them. If you're a non-custodial protocol, avoid advertising your customers — especially if I can easily identify which users are using your system and whether they have admin-level access.
1 reply
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
I got streaks back ty. I'll DM proof next time.
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
I'm boosting every 2 hours. I've planted every other day. This is 100% a bug.
1 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
@itsmide.eth not able to claim rewards, there's a bug
2 replies
1 recast
8 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Hey @clanker deploy Name: Beetroot attack Ticker: PIVOT Image attached:
0 reply
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Do north korean hackers go to crypto conferences?
5 replies
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
emphasis on the *possible* bit
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
$1.5B vanished and we still don't know the root cause
1 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Thanks! Strong believer that passkeys are the future of User Auth
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
I've been cursor maxxing past year now. Gave windsurf a try recently, but it wasn't that great... my current spend is about $60/month on Cursor and recommend you pay the premium.
0 reply
0 recast
2 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
thanks for pushing this @jxom 🫡
0 reply
0 recast
1 reaction
Thomas Humphreys pfp
Thomas Humphreys
@so
Super stoked my first contribution to oxlib.sh got merged—my PR now lets you pass multiple credentials when prompting WebAuthn creds. Been using oxlib.sh since day 1 and helped refactor rhinestone's 7579 guide (docs.rhinestone.wtf/module-sdk/u...) along with other 4337 repos. Need help? Reach out!
2 replies
2 recasts
7 reactions
Thomas Humphreys pfp
Thomas Humphreys
@so
Great write-up @adamhurwitz.eth ! keen to grab your thoughts on webauthn security & how to address security risks like blind signing txns thru a compromised frontend? Passkeys are great until the frontend gets hacked.
1 reply
0 recast
2 reactions
Adam pfp
Adam
@adamhurwitz.eth
@safe is at the top of Walletbeat for security. The next step is knowing what device accounts like Ethereum Phone, Trezor, and Ledger support fully readable Safe transactions txns on their screen to know exactly what is being signed onchain. You should be able to read the full txn details on the device account before approving onchain. https://www.walletbeat.fyi/
4 replies
2 recasts
6 reactions