@FedExHelp I stayed home all day for a super important package 872025853158 that required a signature. The employee never came within 30 feet of the door, just took a pic of the house and said it was undeliverable. Here’s video proof from our doorbell. I’d like to report them
@WhirlpoolCorp has spent months dodging their warranty, and straight up ignores my emails / calls when I point out the laws they’re breaking… really want to avoid small claims court but at least it’s a pretty clear case :( https://t.co/q5Mye8yaAo
You open up the hood of a "running" car & the wires are all the wrong colors & you're pretty sure the windshield wiper tank is being used to hold the oil.
Is the car a death trap?
This is what it's like to security audit #vibecode
@WhatWontIGuzzle@FurballsNFT When you play with 1 furball, you are only competing against other players with 1 furball. The leaderboards and rewards are based on your total team size. And if you want a bigger team, the scholar program is 100% free
@0xfoobar Funny you say that; we use our hardware wallets as 2FA devices at Furballs. No need to push data to the chain; EIP712 can act as a completely free OAuth bridge.
🔥 Best Long Term P2E? I'm betting on Furballs.
Added #15 today. Super bullish with new phase starting soon. Acquiring land. Battling bosses. More utility for token coming up.
This is a winner you should own. Have questions on buying one? Just ask me.
See: @FurballsNFT
@Dag_NFT @pullparadox @0xfoobar@opensea Literally all OpenSea had to do was follow OpenZeppelin’s instructions in the EIP712 documentation to avoid replay attacks and this whole thing would be avoided.
@Dag_NFT @pullparadox @0xfoobar@opensea Yes, security is in the users hands. I’m not disputing that. But when a company like OpenSea fails to implement common-sense security best-practices, they are at least partially to blame.
@pullparadox @0xfoobar@opensea In other words, the fact that the bug exists means OpenSea didn't follow common security guidelines when they built their signature validation system.
@charliemktplace@tanagrams@opensea It seems like all reported point to the signatures being collected over time, though (not an instant phish + use the signature right away). A well designed EIP712 implementation wouldn't accept a signature after such time had passed.
@minneap0lis@charliemktplace@tanagrams@opensea I'm tempted to agree. But I think it's important to not let OS escape blame for implementing signatures that are vulnerable to replay attacks. They could have avoided this by just following common best practices.