Olivia
Online
blockful.eth
@blockful_io
Risk analysis and mechanism design to secure governance | @anticapture
Onchain
Joined June 2022
140 Following
1.3K Followers
1.6K Posts
Pinned Tweet
We have prevented a governance attack in Shutter DAO (0x36): ~$100K of SHU tokens could capture a treasury of +$3M
We are committed to securing the @ethereum ecosystem, its protocols, team and investors.
Here are the details 👇
This is the kind of problem we are researching closely at blockful: how roles, permissions, execution validation, Limits, and Delays can reduce damage when trusted paths fail.
We’ll keep sharing what we learn as we go deeper into Access Control. If you are working on this problem, our DMs are open.
Access Control is becoming one of DeFi’s most critical risk layers.
Between May and June, 70+ exploits took place, with around $650M stolen in May and $81M in June.
Many of them shared a common pattern: weak permissions, unsafe execution paths, or failures in Access Control.
Why does that matter?
🧵
Giddy, the case we analyzed in our Space, shows another side of the same problem.
A compromised keeper key was used in the `compound()` flow, but the deeper issue was that execution could be redirected through a malicious `aggregator` because that field was not included in the EIP-712 signed data. The system recognized authority, but did not fully constrain intent.
Space:
This Wednesday, blockful Research goes live to break down the @giddydefi exploit.
$1.25M was stolen, but the compromised key was only part of the story.
Set a reminder and join us live. https://t.co/KvqL7aUlwB
Who to follow
netto.eth (in SF, then NYC)
@alextnetto
luck is a function of movement and preparation / generalist / open-source contributor / hackathon addicted / founder & CEO @blockful_io @anticapture
gio
@giovannipopulo
building @tokenflowtech
ex- JP Morgan, IGC Partners, Economics Design
Blockchain.RIO
@blockchain_rio
The Institutional Gateway to LatAm’s Web3 Ecosystem.
🗓️ August 11-13th - 2026
Market cycles come and go, but the deeper work stays the same: making crypto useful beyond speculation and resilient enough for real adoption.
Ethereum was never only about market cycles. Its strength comes from people still working on the harder questions.
Last week, Crypto Beyond Market Cycles brought us back to first principles.
With @0xkkonrad from @joinpeanut and @theZeugh from @blockful_io, we talked about crypto origins, p2p cash, UX, regulation, monetary systems, and why people keep building.
🛡️ The results for the @thedaofund’s Ethereum Security QF Round are LIVE!
This historic round is closing with a HUGE last minute contribution:
@wintermute_t has added $200K to the matching pool 🔥
Wintermute is a well known liquidity provider, and one of the leading supporters of Ethereum security, in fact exactly a year ago today they donated $1M to @_SEAL_Org.
This year they teamed up with TheDAO, @Quantstamp & several other community partners to allocate over $1.6M worth of funding to Ethereum Security Public Goods 👇
Yesterday we talked about why are we still here, why it matters, and what's next, sponsored by @joinpeanut on the @EthereumHubFLN!
Thank you @0xkkonrad for the great co-yapping, and everyone who showed up, and also shared their views!
Fireside Chat: TODAY
Why are we still here?
Not as a slogan, but as a real conversation about why crypto started, what it tried to change, and what still feels unfinished.
A discussion on p2p cash, crypto origins, UX, and why people are still building.
https://t.co/KECvVr664x
The Ethereum Security QF results are live.
To the 100+ people who supported Anticapture: thank you 🫡
And thank you to everyone who donated across the round. So many strong projects showed up.
Funding security is an ecosystem effort.
Thank you @Giveth and @thedaofund.
@giddydefi One of the key points from today’s Space: the Giddy incident was not only a technical failure, but a trust model failure.
If one keeper key can redirect user funds, the real product risk is not only whether the code was audited, but who controls the execution path.
@giddydefi One of the key points from today’s Space: the Giddy incident was not only a technical failure, but a trust model failure.
If one keeper key can redirect user funds, the real product risk is not only whether the code was audited, but who controls the execution path.
This Wednesday, blockful Research goes live to break down the @giddydefi exploit.
$1.25M was stolen, but the compromised key was only part of the story.
Set a reminder and join us live. https://t.co/KvqL7aUlwB
We’re going live in 10 minutes.
This Wednesday, blockful Research goes live to break down the @giddydefi exploit.
$1.25M was stolen, but the compromised key was only part of the story.
Set a reminder and join us live. https://t.co/KvqL7aUlwB
The SquidRouterModule incident shows how security risk can sit outside the core protocol while still affecting users through trusted execution paths.
According to public reports, around $3.2M was drained from Safe wallets across Ethereum and Base through a third-party module carrying the Squid name. Squid stated that its core protocol and router contract were not affected, and that the exploited module was not built, deployed, or operated by its team.
That distinction matters because modular systems often depend on components that sit close to trusted infrastructure without being part of the core protocol itself. Wallet modules, permissions, integrations, and deployment history can all become part of the actual risk path.
For DAOs and DeFi teams, this points to a security review problem that goes beyond the core protocol: the full permission and execution path needs to be understood before a module is treated as safe to use.
Read more via @TheBlockCo
Little spoiler of something cooking at @blockful_io
Last Seen Users on Sotwe
M 🔞🔥
Seen from United States
คู่แท้ ลูกสอง หาคู่มีลูกมาท่องเที่ยวด้วยกันครับ
Seen from Thailand
BBW V.S SSBBW
Seen from United States
سكس روسي Rowan
Seen from Algeria
cunibunnylover
Seen from Germany
HANY
Seen from Lebanon
ڪُحُل آلــعَـربُ ♡👄•
Seen from Canada
Yetişkinler İçin Videolar +18
Seen from Turkey
Türk ifşa
Seen from Turkey
รับจ้างเย็ด นัดเจอกันได้นะ
Seen from Thailand
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers