Olivia
Online
hasanza
@0xProtosec
Blockchain Security Researcher
Fellow @yAcademyDAO
Tweets and opinions are my own.
I (sometimes) write at |
Dark Forest
Joined October 2022
241 Following
132 Followers
166 Posts
ย Pinned Tweet
Using literals in your smart contracts? Time to go back and take another look ๐.
Introducing my latest publication:
Solidity Quirks: Literals and Mobile Types
Credit goes to @paladin_marco for his tweet highlighting the issue.
https://t.co/iQhfQJ9OzK
I believe that the metric hasn't changed. One still has to build non-trivial, interesting things. What's changed is that now you have to be able to explain what you built down to the smallest primitive, because anyone can ship a vibe-coded app.
Also, in the longer term, the slop debt is going to need repayment, and the pool of engineers who can actually reason about systems is shrinking. So yea, keep building, developing deep familiarity with systems, and publishing your learnings.
@jeffsecurity Lmaoo "teamz" ๐
Who to follow
@Jeyffre @RareCodeAI Working through the rarecode Rust course (50.2% completed) and I have to agree with this. Do the rust course, then rustlings, then go and build sth is what I'd suggest.
They never were intelligent to begin with (insert astronaut holding a gun to another astronaut's head meme).
But yea, I agree. Cost is creeping up for these AI companies. Gotta break even some how. As a potential workaround, look into harness engineering. Basically, constraining the model to get the most out of each token.
@Jeyffre I believe that this would necessitate getting better at AI harnesses so that we get the most out of the model with the same amount of tokens. In fact, "harness engineering" is sth that is emerging as a lucrative skill set.
@danielvf I went with option A. Complex protocols jump through a lot of hoops to keep the contract size in check (diamonds, etc.), potentially increasing vuln. risk. a 10% size reduction means an extra 2.4KB to work with, which is considerable, and (potentially) safer contracts.
@real_philogy @ddimitrovv22 Partially agree. In the process of getting better and better at Solidity, devs will gain closer familiarity with EVM. The target machine will stay the same even when Solidity is replaced, so the EVM knowledge will carry over.
@ddimitrovv22 Agree. The majority of DeFi TVL is on Ethereum and it's only going to increase (going by the trends + Solidity being easier to get into for web2.0 devs compared to Rust and other web3 languages).
@PatrickAlphaC Arguably, the biggest "tool" attackers have is incentive. They have a lot to gain from successful attacks. Protocols have to make security more attractive for white hats. This space needs more people, more onboarding resources, and more incentive.
@Jeyffre Personally, I am very averse to any form of gambling, which predictions markets are. Could there be a way to incentivise "crowd wisdom" without wagers?
So @AftermathFi just got exploited for $1.14m.
The vulnerability was apparently in their perps code, which allowed "to set negative builder codes fees". It's worth noting that the project is deployed on Sui and the contract in question appears to be immutable.
The signal is strong. Web3 security is still undervalued as a service. Companies need to opt for audits and public contests, and must treat these as a fixed cost of existing on public blockchains.
@Jeyffre Fully agree with the take. It's crazy that these big AI companies are yet to break even, let alone turn a profit. It also remains to be seen how their customers react once the price is jacked up to realistic levels.
@hrkrshnn @lonelysloth_sec Hmm, so what should one use if one is serious about AI use/research? Are frontier models available to the general public?
@elonmusk How would we deal with the resulting demand-pull inflation?
@Jeyffre A security OG once told me to understand a new codebase through the test suite. Look at the unit tests to understand the intended logic and go from there. Of course, this requires the codebase to have a test suite. But the principle stands.
So those aspiring to enter web3 sec should instead pivot to building AI products? That would be a sharp pivot. Though such pivots are not something uncommon in this industry.
Also, one can make the case that the more AI is used for security, the weaker the security acumen of SRs becomes, until important knowledge gets forgotten, reliance on AI tools increases, which in turn get worse over time due to their maintainers/developers having impaired understanding (the cycle continues). The fact is that despite the impact created by LLMs, they are probabilistic systems (their outputs are not deterministic) at the end of the day, and remain dependent on their training data.
I think that AI model tuning would be a skill that would need to be learned and honed by domain experts, but domain expertise would continue to be needed, and AI tools would need to be continuously retuned as new vectors emerge. Companies need to continue focusing on producing and sustaining domain experts.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
109.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.3M followers
Taylor Swift
@taylorswift13
81.1M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.4M followers