Olivia
Online
Carl Hua
@carlhua
Managing Partner at | ex NASA/JPL engineer turned VC.
I can probably still write software..
Joined September 2016
343 Following
1.4K Followers
494 Posts
Pinned Tweet
1/ Unpopular Opinion: EVM is Fundamentally Flawed in Its Current Form!
Or should I say the execution environments hosting the EVM are fundamentally flawed.
The fatal flaw is that no matter how well-tested the smart contracts are, they still aren't safe enough.
@VitalikButerin plz take a look at my pinned tweet. It will save ethereum. That’s all.
DeFi will be dead if it’s not fixed.
Someone please at least get his attention.
@MaxResnick Exactly.
Who to follow
@antirez lets be honest, markdown++ is just word so lets not even try.
Controversial take: one person team will be amazing but you now need more people manager.
@JoshPurtell if this is the SOTA system at chase, they are in trouble.
software as a moat is trending to 0
but i think what will make money is highly tailored/customized software.
think a calender app
as software cost trends to 0 (minus infra cost), what people want is customizability.
it could take two paths:
1. ironically, consulting will come back stronger than ever
2. highly customizable software design platform.
anyone building the 2nd? replit is not an option here.
I present you the SOTA GPT, ChinaGPT
Mercury is the best bank we have used so far - especially its "perks" feature.
I literally just go to @mercury perks before signing up for any SaaS at this point - and usually there is a 3 digit credit partnership with one of the service providers.
if you think you’re safe because you hold HYPE, remember in 2022 people felt the same about sol and it went from $260 to $8 hyperliquid is just another flavor of the month cause perp dexes are hot right now, don’t mistake it for a bluechip in a year maybe nobody cares anymore
If xAI properly implements its X search API with Grok, their traction will increase 10 fold minimum @elonmusk , this is under monetized and under engineered.
Can anyone enlighten me,
If Openai obfuscates CoT tokens, and make it encrypted. Why should we pay for it?
This is not a technical question. If I am paying for your CoT tokens, you need to let me see them.
@petergostev Are you running this at 256k context?
deploy your strategies and trading logic directly on exchange, in real-time and privately
makes the latency race a thing of the past and introduces a new era of trading
this is @SynchronicityHQ
@kirbyongeo @nativemarkets brother, something is not right here.
cant stand the long offramp - usually USDH takes 15 min to land in my bank. you are doing it wrong
/s
I analyzed the hack end to end. My (opinionated) conclusion first:
60% LayerZero's fault, 30% KelpDAO, 10% Aave.
BUT THE MISSING PARTY: 0% allocated but 100% of the structural failure is the Ethereum execution environment itself.
LayerZero: DVN compromise. The RPC infra was theirs, the failover logic was their design, and the mutable binaries were on their hosts. The monitoring was also theirs. They also allowed KelpDAO to run a 1/1 config. "We told you not to do it" is not an excuse. Incentives here are not aligned. LayerZero wants protocols to use the service; they don't care as much about the risk because the cost lands on someone else.
KelpDAO: They were warned. LayerZero's integration checklist explicitly recommends multi-DVN. They had options. They chose the cheapest, simplest config for a >$1.5B escrow. That's negligent.
Aave: Accepted rsETH as collateral because rsETH had high TVL, without doing much due diligence on the upstream bridge configuration.
My honest take? KelpDAO and Aave simply lacked the expertise to truly assess the risk here. If they come out and say "we knew the risk," then they are admitting negligence, so they won't.
Here is the reality though: I actually do NOT blame KelpDAO or Aave. The expertise required to understand this risk is far beyond any typical DeFi application developer.
BUT GUESS WHAT, I ACTUALLY THINK THE BIGGEST OFFENDER HERE IS ETHEREUM ITSELF.
Hear me out.
People saying Aave should have "limit" checks and all that, this is all patchwork that doesn't work well. Today there is no way in Ethereum to perform security checks at the execution environment level, what I call "kernel guards." The EVM is a toy VM as it currently stands and should not be tasked to handle the TVL that Ethereum has. I posted about this back in 2024, @VitalikButerin if by chance you read this, pay attention to it plz.
What we lack here is something very structural that even operating systems 30 years old already have.
The philosophy is simple: you don't depend on the application itself to prevent hacks. You need the kernel to do the work.
In the case of this hack, if kernel guards existed, the execution environment could have easily caught the large bridge outflow and the large deposit, pausing them based on hooks registered by Aave, LayerZero, or KelpDAO, or even chain-level defaults.
This is far more structural than what people are saying.
Anyway, my frustration is clear, and I won't waste time going into further details here. If anyone is interested, you can read my pinned post.|
and before you decide to shit on my opinion, my software is running on Mars, Europa and the sky, with precisely 0 mission failure.
@ImLukeF did you ever solve this?
Most Popular Users
Elon Musk
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.2M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers