Toby

Weekend rodeo. Wrapped up Challenge 5 of Damn Vulnerable DeFi. Spent way too long chasing a dead end around the bitmap boundary (0 → 1). The actual bug was much simpler. Transfers execute per claim, but “already claimed” is enforced per token group. By repeating the same valid proof within a single call, the contract pays out multiple times before the claimed bit is finally recorded. The assumption: each (token, batchNumber) appears at most once in inputClaims per tx. The issue: state updates happen once per token per batch, not per claim. The contract relied on the structure of inputClaims instead of enforcing it.

Got caught up with some irl stuff and forgot to share my Damn Vulnerable DeFi progress. Just wrapped up Challenge 4 - Side Entrance (easiest so far, solved it and got the test set up under an hour). The pool relied on actual balance to enforce flash loan repayment, but internal balances mapping was treated separately. By repaying the flash loan through deposit() the contract credited the borrower internally while still satisfying the balance check. Flow was simple: >> flashLoan -> execute -> deposit -> withdraw This allows an adversary to completely drain the pool. Internal accounting ≠ actual ownership. Always align both.

not proud of my contest results lately -- taking a step back to recalibrate. after some honest introspection, I realized the gap isn’t theoretical exposure, but mechanical intuition -> the ability to reason about and violate systems beyond "missing access control". starting by working through all 18 Damn Vulnerable DeFi challenges. excited for what comes next!

really wish I could write like this. lowkey jealous of people who can articulate their thoughts this cleanly and deeply. biggest takeaway for me wasn’t “having multiple interests” it was that learning without a vessel is just dressed-up procrastination. curiosity on its own doesn’t move your life forward if it never turns into output. having many interests isn’t the issue. not building anything with them is. the idea of a vessel really hit: a way to channel curiosity → understanding → creation → leverage. research in public. think in public. write in public. not to perform, but to compound. we really are in a second renaissance where tools are cheap, distribution is free, knowledge is everywhere. the real edge now is synthesis which means basically connecting dots others don’t and turning that into something useful. also loved the reminder that brand isn’t aesthetics, it’s accumulated thought. people don’t follow profiles, they follow worldviews, need to do more of that fr. still learning how to express my thoughts better, but pieces like this remind me that clarity comes from reps, not waiting to feel “ready.” great read man ❤️👐