Olivia
Online
Thomas Pani | blltprf.xyz
@audithare
Model-based adversarial testing for distributed systems. Executable specs, better oracles, fewer 3am on-call pages. Make software boring again.
Vienna, AT
Joined November 2023
201 Following
80 Followers
81 Posts
Pinned Tweet
Recording now online! 🎥
I gave a hands-on workshop at Protocol Berg 2025:
25-Minute Solidity Fuzzer: Fuzzing Smarter, Not Harder 🎤
Learn EVM fuzzing by building a Solidity fuzzer in Python from scratch — in just 25'.
+ Better input generation
+ Smarter metrics (beyond # of runs)
+ Formal Methods mindset
🧠 Recording + blog: https://t.co/Nocp3cjMeL
💻 Code: https://t.co/3fVdoErJLD
📽️ Video: https://t.co/BMDuE9VFWR
#web3 #EVM #fuzzing #smartcontracts #Security
@protocol_berg
There is a growing interest in formal specifications and #tlaplus again! Check the recordings of the TLA+ Community Meeting 2026 to see the examples of what can be done with it (hint: a lot).
The TLA+ YouTube channel: https://t.co/qwMzJyGw72
The talks in the thread...
For an example, let's say your system has a single counter x, initially at least 42, and it can non-deterministically increment x by either 5 or 12.
x ≥ 10 is an inductive invariant.
Let's say we want to check the property "x is always positive" (x>0).
So we discharge in SMT:
1) initial state satisfies the inductive invariant:
x ≥ 42 ⇒ x ≥ 10
2) ind.inv. preserved under steps:
x ≥ 42 ∧ x' = x + 5 ⇒ x' ≥ 10 and
x ≥ 42 ∧ x' = x + 12 ⇒ x' ≥ 10
3) ind.inv. implies the property:
x ≥ 10 ⇒ x > 0
These four queries can be checked by Z3 in a fraction of a second, even though there are infinitely many initial states (any state where x is at least 42).
Obviously, for real systems with more complex state, the inductive invariant become more complex. But the basic principle remains as simple as illustrated here.
In practice, the challenge becomes finding an invariant that is inductive for the system and strong enough to satisfy the property. This is an intellectual puzzle, but one that can be done with a bit of practice.
@SivukhinN @k0nn0v @DominikTornow Checking these against a property P is symbolic, on the formulas – we don't need to deal concretely with the (possibly many) concrete states described by S and apply(s, a).
We simply hand over S ⇒ P and apply(s, a) ⇒ P (for all a \in Actions) to Z3.
@MichaelAArouet So? This difference covers healthcare, school through university, unemployment insurance, plus childcare and public transport subsidies.
The US just takes smaller deductions and pushes the same costs out-of-pocket and risk-based. Just a different way of paying 🤷🏻♂️
Fun with Protocols
A challenging but rewarding read, perfect for a holiday break:
Proving completeness of an eventually perfect failure detector in Lean4 by @k0nn0v
Igor uses Lean to prove (not model check) a distributed protocol's safety and liveness
https://t.co/22l1uiSjqO
"This is all good, but how does your spec match my implementation?"
Here is how. We generate a test harness that tries the code and the spec. Both get tested! Want it fast? Let's use Claude.
Does it find bugs? Oh yes!
https://t.co/Uw6KspBrSG
Our full write-up with a lot more details:
👉 https://t.co/7Aa4eSyReC
Recently wrapped up a month-long engagement to formally verify the new Aztec Governance Protocol together with @k0nn0v.
No critical issues, but we did uncover subtle cross-contract interactions and timing-related edge cases that rarely appear in conventional audits or fuzzing.
Aztec Labs addressed all findings, and working with them was a pleasure. 🤝 @aztecnetwork
What a cool event: curious people, interesting tech, and a stunning location ✨
Thanks @renerocksai for bringing the @TigerBeetleDB spirit to Vienna! Hope this can be repeated (and lure @jorandirkgreef to Vienna) 😄
Can’t believe this happened but @TigerBeetleDB was in Vienna.
@jorandirkgreef was missing though :(
Thanks a lot to @renerocksai for hosting!
https://t.co/nSeXie5coN
@WakeFramework Exactly. Unfortunately, a lot of people believe that security is becoming cheaper with AI, when the economic incentives heavily favor blackhats over whitehats.
The sooner we can correct this narrative, the better for web3.
@DominikTornow The miracle is that we build complex global systems on agreed-upon points in the past… and it not only works, it scales 😄
Security is a risk mitigation race, not a cost-curve problem.
"Better" tools end up empowering both whitehats and blackhats.
AI doesn't make security cheaper; it just shifts the battlefield and raises the stakes.
Smart contract auditing cost is about to plummet. Good
Ad GitHub: would love to see a modern version of Trac that can be self hosted, but is federated so that it can be used to host many projects and survives the shutdown of instances.
I told Claude to one-shot an integration test against a detailed spec I provided. It went silet for about 30 minutes. I asked how it was going twice and it reassured me it was doing work. Then I asked why it was taking so long:
@TommyYesItsMe @tsoding Just because critical bugs don't hit users or cause outages doesn't mean they're easy to debug. We've had plenty of user-facing examples recently.
Not sure I follow your point – if the issue is running stripped release builds, what's the connection to overengineered languages?
@TommyYesItsMe @tsoding Fair, but many complex systems can take hundreds of engineers three hours to figure out, regardless of the language?
I'm not too happy about the Rust hype, but I'd say there's better angles here than language choice.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers