Olivia
Online
dr497_
@dr497_
Joined March 2022
294 Following
163 Followers
54 Posts
Pinned Tweet
https://t.co/U49R3iqYZm
@cavemanloverboy How did they almost get you? Social engineering?
https://t.co/ouhkJldvan
Who to follow
illiquid
@slace_ngl
I have no monies
Jenny
@JENNY10495568
💓Tesla💯holder😎Space x❤
long term✨📈only good vibes
🎈Ape🙊#AMC 😻#GME☘️#BBBY🌟#BTC #DOGE #XRP🚀 #Airdrop🇺🇲Trump won#MAGA
✝️JESUS IS LORD🙏한미동맹수호🇰🇷🇺🇲
Ruchit Dalwadi
@ruchitdalwadi
You're not behind on AI. You just haven't started yet.
I'm a Senior PM building 3 AI products on the side - sharing everything I learn so you can too. No hype.
@AlasdGem fact
Advent of Bugs Day 22: Rent is not linear
One simple mistakes that devs make when calculating the rent of accounts is to assume that rent is linear.
The assumption is that 10 bytes cost X rent, and 20 bytes in the same account therefore must cost 2X rent.
However this isn’t correct, because we have a base rent that needs to be paid even for accounts with 0 bytes of data.
This means that rent(0) = β (base rent).
And this implicitly means that when we combine two accounts into one, or we want to extend one account with additional data of size diff, to calculate the new rent, we should not do rent(old_size) + rent(diff).
Because imagine diff is 0, this would yield us rent(old_size) + β, meaning we get charged more for 0 added data.
Instead, we need to calculate rent(old_size + diff). This way, β will only get taken into account once, as intended.
-@dr497_ and @r0bre
Advent of Bugs #4: Bananas and Oranges
Everybody knows you can't add bananas and oranges together. The same principle holds for smart contracts, you can't mix quote and base currencies. Except you can when they're all u64.
This bug occurred in an AMM swap function with 4 code paths:
- Buy ExactIn
- Buy ExactOut
- Sell ExactIn
- Sell ExactOut
The first paths look fine. The code is repetitive, so you're tempted to assume the rest is correct too.
But Sell/ExactIn was comparing base amounts to quote amounts, like comparing bananas with oranges. The slippage check would pass even when it shouldn't.
Why did this survive 3 audits? Base and Quote are both stored as u64, so no compile-time or runtime error when comparing different units
A good way to prevent these bugs is to use newtype structs instead of type aliases to represent these different units in arithmetic operations.
- @dr497_
It's easy to fall for rent(a + b) = rent(a) + rent(b), however this is not true. Rent is not a linear function on Solana due to per-account overhead costs.
In some cases you'll just over-allocate the account (like in the example from above, coming from a multi-audited mainnet program), but in other cases it might lead to the account being underfunded.
Can you spot the bug? It's an easy one to fall for
🎄 Advent of Bugs 2024
'Tis the season for security bugs! Starting December 1st, we're unwrapping 24 interesting vulnerabilities we found auditing Solana programs this year. Think of it as an advent calendar, but instead of chocolate, you get real bugs.
Broken account checks, logic flaws, math errors, SVM footguns... grab some hot cocoa and join us for daily lessons from the trenches.
24 bugs. 24 days. First gift drops tomorrow 🎁
- Your Accretion Team: @brymko, @0xmahdirostami, @dr497_ , @r0bre
@r0bre Fact
https://t.co/ZO2BVTIH30
TL;DR: (1) Missing access control on resize function (2) anyone could delete your order history (3) replay signed message orders
The article also includes a framework for thinking about what I call "degrees of freedom" in Solana programs to prevent similar bugs.
The replay protection looks solid... wait, who can resize this list?
My new blog article dives into a subtle access control bug in the @DriftProtocol that let an attacker replay your signed messages.
Full article & technical deep dive in comments ↓
@OnSwig Full writeup with PoCs: https://t.co/YhnP1y7Ngu
🧵 The Difficulty of Enforcing Spending Limits
I found two spending limit issues in @OnSwig, both reveal interesting lessons about invariant enforcement that Solana dev should know about.
Let's dive in 👇
Both issues were disclosed privately and promptly fixed.
Thank you @OnSwig for building in the open and making such a cool product 🫡
Key Takeaways:
- What can overflow WILL overflow → use checked arithmetic unless you have ironclad bounds
- Invariants enforced only at endpoints miss everything in between
- Multi-step transactions create subtle bypass opportunities
Similar pattern to the @kamino deposit cap bug.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers