Olivia
Online
Fred Gitonga
@fredgitonga_ke
Maths and Code.
Building @topizzy_
Ambassador @Cyfrin
Joined December 2022
360 Following
207 Followers
277 Posts
Pinned Tweet
1 bug. 10 years ago. 3.6 million ETH stolen.
That was The DAO hack. June 2016.
And the bug had already been identified before the attack happened.
I am 24% done with the @CyfrinUpdraft Smart contract Security course and @ethereum history is unraveling.
May is almost done.
46% into the @cyfrinupdraft Smart Contract Security course.
Started the month at 24%. Slow? Maybe.
But every percent is a concept that will protect real money. Here is what I learned this month
New month 😎. New opportunities. 🚀
Starting June with an exciting challenge: joining @iCog_Labs as an AI Intern on the Hyperion MOSES Team.
Time to learn, build, experiment, and get deep into Symbolic AI, MeTTa, and Hyperon.
Let's see where this journey leads.
Friends🥰
@Blockchain047 @CyfrinUpdraft @ethereum That was a great question, just googled that testnet was launched in 2021.
1 bug. 10 years ago. 3.6 million ETH stolen.
That was The DAO hack. June 2016.
And the bug had already been identified before the attack happened.
I am 24% done with the @CyfrinUpdraft Smart contract Security course and @ethereum history is unraveling.
@Mutisyia Fair question😁
Tbh the products are already on our timelines daily
checkout @Topizzy_ , @minisendapp ,
communities like @Web3WayAfrica @Web3Clubs visit @Web3Clubs , hub for founders and builders
A Space is a great idea
1 bug. 10 years ago. 3.6 million ETH stolen.
That was The DAO hack. June 2016.
And the bug had already been identified before the attack happened.
I am 24% done with the @CyfrinUpdraft Smart contract Security course and @ethereum history is unraveling.
May is almost done.
46% into the @cyfrinupdraft Smart Contract Security course.
Started the month at 24%. Slow? Maybe.
But every percent is a concept that will protect real money. Here is what I learned this month
co-authored: https://t.co/EUJivBS6OH
3. I had a big audit mindset shift:
I stop asking "does this function work?" and started asking "what assumptions break when the components interact?"
The "two rights make a wrong" lesson.
Component A and Component B works perfectly separate. Together they create a vulnerability.
The Sushi batch() vulnerability showed how dangerous this gets.
Imagine buying unlimited coffee for the price of one.
ETH sent: 1
ETH credited: 3
delegatecall preserved msg.value across every call. Same ETH counted three times.
2. There is delegatecall.
Normal call creates a new execution context.
delegatecall preserves the caller's context, i.e the msg.sender, msg.value, storage all stay the same.
Think of it as: run another contract's function without leaving your own house.
Every input is either user controlled or validator influenced.
The Meebits exploit proved it.
Larva Labs used on-chain randomness to assign rare NFTs.
An attacker figured out the pattern:
Mint → check rarity → bad rarity? → revert() → retry
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers