Olivia
Online
Asymptotic
@AsymptoticTech
Asymptotically verifying all software infrastructure
Audit & Formal Verification Partner of Sui Foundation
Joined August 2024
51 Following
965 Followers
155 Posts
Pinned Tweet
Asymptotic is supporting Hashi on Sui with comprehensive formal verification of BTC-backed collateral workflows. As BTC-backed finance moves onchain, mathematical proofs set the bar for institutional trust.
Introducing Hashi: a new era of Bitcoin finance on Sui.
Bitcoin's market cap exceeds $1 trillion. < 0.5% of it is used in DeFi.
Hashi is here to change that, with commitments from industry leaders including BitGo, Bullish, Erebor Bank, FalconX, Fordefi, Ledger, and more.
Verification highlights:
→ Interest and reserve accounting: exact update formulas verified for debt, protocol reserve accumulation, borrow index, utilization rate, and the two-kink interest rate model
→ Flash loans verified lending-book neutral: cash, debt, cToken supply, and protocol reserve are unchanged at origination. Fee is proven nonzero
→ Fixed-point arithmetic: all 18-decimal WAD operations verified exact with overflow protection
→ Balance sheet operations: deposit, withdraw, borrow, repay, liquidate, and flash loan all have specifications covering abort conditions and, where proven, semantic correctness
→ Oracle: Pyth feed registration enforces confidence bounds, price retrieval enforces staleness, and EMA-spot spread validation
→ Leverage: position lifecycle, market ID consistency, and reentrancy guards across flash-loan-funded borrow-swap loops
Building secure foundations together.
Comprehensive Formal Verification of @currentsui Lending on @SuiNetwork
Over 300 specifications covering interest accrual, reserve accounting, balance sheet operations, governance, oracle integrity, leverage operations, and fixed-point arithmetic.
As part of our security partnership with Current, we continue hardening the protocol.
@suidevelopers, details and report below.
Comprehensive Formal Verification report for Current Lending:
https://t.co/Gp6QzvaNVu
Coverage spans the full protocol surface:
→ Lending: deposit, withdraw, borrow, repay, liquidate, flash loans, E-mode, and liquidity mining
→ Leverage: flash-loan-funded borrow-swap loops, position lifecycle, and reentrancy guards
→ Governance: multi-party custody, timelock enforcement, role assignment, and parameter changes
Comprehensive Formal Verification reports coming soon.
Building secure foundations together.
Audit reports for @currentsui on @SuiNetwork: Lending, and Leverage + Governance.
As part of our Security Partnership with Current, we continuously audit and update the formal verification of the protocol as it evolves. These reports capture the results of our original engagement, and the Current team did a great job remediating all of our findings.
Reports below.
Audit report for Current Lending
https://t.co/yQSSzJbksh
Audit report for Current Leverage + Governance
https://t.co/1Vehn7UEXc
Are audit reports are up to date with deployed packages
https://t.co/JG2cy294MA
One of the questions we discussed in this recent Sui Security chat was:
>Within one year, coding agents will advance to a point where a trivial prompt "find all critical vulns" will basically work
Seems like the answer is getting much closer to yes
https://t.co/fFW2W6MiN5
104 specifications. Zero assumptions.
Every vault operation, rate update, and fee calculation mathematically proven correct. @EmberProtocol just set the standard.
This is how you build unbreakable DeFi.
Ember is now formally verified by @AsymptoticTech.
See the post below for more
details and read the full report here: https://t.co/WtCuTTxc80
The FIFO withdrawal queue preserves structural invariants across all operations: ordering, index bounds, and exact length tracking. All fixed-point arithmetic is overflow-safe with exact u128 intermediate results.
Every privileged operation requires the correct capability or address check, with package version enforcement gating all entry points.
Comprehensive Formal Verification of @EmberProtocol on @SuiNetwork -- heads up to @suidevelopers
We proved 104 specifications covering vault accounting, rate safety, fee mechanics, access control, oracle integrity, FIFO queue operations, and fixed-point arithmetic across single-asset and multi-collateral vaults.
We formally verified Ember's core vault system and, as part of our security partnership, we will continue hardening the protocol.
Details and report below.
What we proved:
→ Balance integrity: all deposit and withdrawal operations are exact. Share minting rounds in the protocol's favor, operator fund movements are proven to leave shares, rates, and fees unchanged.
→ Rate safety: rate updates are triple-bounded by absolute min/max, a per-update percentage cap, and a minimum time interval. Repeated updates cannot compound into unsafe drift.
→ Fee correctness: platform fees are time-proportional with a 24-hour cooldown, and collection transfers exactly the accrued amount.
→ Oracle integrity: multi-collateral prices are validated for freshness, positivity, exponent bounds, and confidence ratio before any computation.
Sui Security Discussions: The AI Cybersecurity Arms Race https://t.co/oz7NdhFIlF
Interesting and educational discussion on the arms race--thank you @seth_certora, @NotDeGhost, @cosmin_radoi and Ben! Here are the questions we covered:
1. At some value of X, releasing a model and skills that can reliably find X% of critical vulnerabilities in open source code is a violation of responsible disclosure
2. In 2026, it is safer for your smart contract code to be open source than it is to be closed source
3. In 2026, there is no defensible reason to launch a new smart contract without specifying and formally verifying all financial and access-control related properties
4. In 2026, crypto bug bounty programs are the best ethical way to convert subsidized tokens (e.g., Claude Code and Codex max plans) into dollars
5. In 2026, a team with a great 48-hour new-model-release playbook and no pre-launch audit is safer than a team with a top-tier audit and no playbook
6. In 2026, the role of a useful audit shifts from inspecting the code towards building the invariants and scaffolding that will be used in continuous AI red-teaming in the future
The security playbook is being rewritten in real time: AI is finding vulnerabilities faster than humans can patch them.
Join @b1ackd0g @NotDeGhost @thebensams @seth_certora and @AsymptoticTech for a livestream breaking down the new AI vs defender reality.
🗓️ April 3 | 1pm PT
The world needed better capital efficienct infrastructure. We built it.
Current is now live on @SuiNetwork : https://t.co/DlbNNQByx7 ,
welcoming all future assets, RWAs coming to Sui.
https://t.co/AkzpgPt4mF
Current takes security seriously, and we're proud to be their long-term security partner.
Full audits of the core lending protocol, leverage, and governance modules are complete. Comprehensive Formal Verification is underway, public report out soon 🦊
The firms behind the security of billions dollars on DeFi just went through every line of our code. We gave them full access and told them to break it.
They couldn't.
✓Full audit @AsymptoticTech @MoveBit_
✓Formal verification @AsymptoticTech
✓Penetration test @MoveBit_
✓Audit contest @sherlockdefi
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers