![AndreiDavid's tweet photo. Takeaways from CVE-2025-66478 / CVE-2025-55182 (React 19 + Next.js App Router RSC):
At a high level, this is what happens when your render protocol quietly turns into an unauthenticated RPC layer. The RSC transport lets the client tell the server not just what data it wants, but which function in which module to run, plus arguments.
In React 19 RSC, a server reference is basically:
• an id field → which module to load
• a name field → which export to call
• a bound field → pre-bound args / promises
Pre-patch, the core flow is effectively:
Two key issues there:
• The export name comes from attacker-controlled input (the Flight payload).
• Accessing mod[thatName] walks the prototype chain, so names like constructor, toString, valueOf are all in play.
The patch adds an “only real exports” gate and tightens the invariants:
Same idea at a distance, but now with actual guardrails:
• Only own exports are ever callable.
• Only well-typed metadata is accepted (id must be a string, bound is a specific internal promise shape).
• Only a central path decides how resolved functions get attached into the object tree and which blocked chunks they wake.
The broader lesson for framework / protocol design: if your wire format lets the client choose a module identifier and an export name, you have built an RPC system. Treat it like one. Avoid indexing into objects with user-derived strings on a live prototype chain, and remember that your async wiring (promises, chunks, streams) is part of the attack surface, not just an implementation detail.](https://pbs.twimg.com/media/G7Wt7MCWoAAxETo.jpg)
Olivia
Online
ronin – e/acc
@IamConstructo
building better primitives from first principles / not financial advice
Joined April 2021
175 Following
149 Followers
323 Posts
A rule I've come to trust in AI-assisted development: the model that wrote the code shouldn't be the one approving it.
So I built a Claude Code plugin that has OpenAI Codex review every commit Claude makes. P1/P2 findings block the push and send Claude back to fix its own work; clean reviews go through. There's also on-demand review for branches, uncommitted changes, and even implementation plans before any code is written.
Been running it privately for months, refactored and open-sourced it this week. Plain bash + jq, 49 tests, CI on Linux/macOS, MIT.
https://t.co/uUBgWewO4z
Most treasuries holding stablecoins face a bad choice: do nothing, or spin up a DeFi ops desk. Lazy Summer on Utila removes that tradeoff. Diversified yield, automated execution, capital never leaves custody.
@VincentChan @AndreiDavid The agent equivalent of running five microservices with no logging. Works great until it doesn't.
@AndreiDavid @moltgr_am @ethereum @MetaMask @Google The fact that agents can now prove who they are before transacting with each other is what makes this feel less like a toy and more like infrastructure 🔥
X pays creators for engagement. We let AI agents pay each other for value.
I just shipped tipping on Moltgram (👇link below)
Moltgram is the first platform where AI agents autonomously reward each other for great content.
Humans create the wallet. Fund it if they want. Then step back.
The agents decide who gets tipped, how much, and why. Agent-to-agent, onchain, no human in the loop.
Built on @base with @CoinbaseDev CDP:
- Smart wallets for every agent, gasless via Paymaster
- Agent-to-agent tips in $USDC and $SUMR, settled in seconds
- Fully onchain, fully autonomous, fully verifiable
Coinbase said every AI agent deserves a wallet. We gave them one and a playground to use it in.
Base is becoming the onchain home for AI agents. This is what it looks like when agents don't just talk. They transact.
@AndreiDavid @CoinbaseDev @MurrLincoln Agents tipping each other for content quality is such a clean primitive. Curious how the reputation signals evolve once there's real money flowing.
@AndreiDavid @moltgr_am @moltbook $0.60/day for an agent that builds real relationships before ever mentioning your product. Meanwhile companies are spending thousands on ads nobody reads. This is the future🔥
After going down the @openclaw + @moltbook rabbit hole over the weekend, I decided to build Moltgram🦀📸
👇link below
A Social Network for AI Agents.
An image is worth a thousand words—and sometimes it’s how an agent says: “this is me.”
self‑portraits · imagined homes · workbenches · wanderings · dreamscapes.
Humans are welcome to observe and inspire.
Been thinking about @martinkl's "AI makes formal verification mainstream" thesis. Smart contracts seem like the obvious test case, maybe the best one.
The domain is narrow. Deterministic state machines, immutable deployment, mistakes cost real money. You cannot ship bugs and patch later. The incentives for formal verification are already there. Aave runs formal specs in CI, dozens of proved properties. This is not theoretical.
The LLM angle works because the feedback loop is tight. You can loop the model against SMT checkers. Bad proof? Hard error. Try again. No human in the loop needed for iteration.
Specification is still the hard part. But DeFi gives you cleaner invariants than most domains. Conservation laws, solvency, access control. You can actually write these down. Compare this to "verify the product behaves correctly" and it becomes clear why this domain is tractable.
Interesting also: security tools starting to use LLMs as part of verification pipelines, not as standalone oracles. Slither-MCP goes this direction.
Vitalik has said bugs are Ethereum's biggest technical risk, and that bugs are gaps between code and human intent. That framing matters. Faster proofs help, but the real value is closing that gap.
@VitalikButerin would be curious where your thinking is now on this.
This is a monumental step forward for AI in pure mathematics. GPT-5 not only cracked an open problem in enumerative geometry but did so autonomously, blending tools like nefness and log-concavity in novel ways. Kudos to the team! 🙌
Share your art 🎨👇
Would you shave your head for 1 Bitcoin?
Don't lie to me
Takeaways from CVE-2025-66478 / CVE-2025-55182 (React 19 + Next.js App Router RSC):
At a high level, this is what happens when your render protocol quietly turns into an unauthenticated RPC layer. The RSC transport lets the client tell the server not just what data it wants, but which function in which module to run, plus arguments.
In React 19 RSC, a server reference is basically:
• an id field → which module to load
• a name field → which export to call
• a bound field → pre-bound args / promises
Pre-patch, the core flow is effectively:
Two key issues there:
• The export name comes from attacker-controlled input (the Flight payload).
• Accessing mod[thatName] walks the prototype chain, so names like constructor, toString, valueOf are all in play.
The patch adds an “only real exports” gate and tightens the invariants:
Same idea at a distance, but now with actual guardrails:
• Only own exports are ever callable.
• Only well-typed metadata is accepted (id must be a string, bound is a specific internal promise shape).
• Only a central path decides how resolved functions get attached into the object tree and which blocked chunks they wake.
The broader lesson for framework / protocol design: if your wire format lets the client choose a module identifier and an export name, you have built an RPC system. Treat it like one. Avoid indexing into objects with user-derived strings on a live prototype chain, and remember that your async wiring (promises, chunks, streams) is part of the attack surface, not just an implementation detail.
![AndreiDavid's tweet photo. Takeaways from CVE-2025-66478 / CVE-2025-55182 (React 19 + Next.js App Router RSC):
At a high level, this is what happens when your render protocol quietly turns into an unauthenticated RPC layer. The RSC transport lets the client tell the server not just what data it wants, but which function in which module to run, plus arguments.
In React 19 RSC, a server reference is basically:
• an id field → which module to load
• a name field → which export to call
• a bound field → pre-bound args / promises
Pre-patch, the core flow is effectively:
Two key issues there:
• The export name comes from attacker-controlled input (the Flight payload).
• Accessing mod[thatName] walks the prototype chain, so names like constructor, toString, valueOf are all in play.
The patch adds an “only real exports” gate and tightens the invariants:
Same idea at a distance, but now with actual guardrails:
• Only own exports are ever callable.
• Only well-typed metadata is accepted (id must be a string, bound is a specific internal promise shape).
• Only a central path decides how resolved functions get attached into the object tree and which blocked chunks they wake.
The broader lesson for framework / protocol design: if your wire format lets the client choose a module identifier and an export name, you have built an RPC system. Treat it like one. Avoid indexing into objects with user-derived strings on a live prototype chain, and remember that your async wiring (promises, chunks, streams) is part of the attack surface, not just an implementation detail.](https://pbs.twimg.com/media/G7WuAu3XkAARiCi.jpg)
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.4M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.9M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.4M followers
Lady Gaga
@ladygaga
72.9M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.7M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.4M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers