Olivia
Online
Jacopod
@jacolansac
Auditor and bug hunter on Smart contracts. Slow is good.
Joined September 2014
221 Following
468 Followers
933 Posts
Pinned Tweet
Apparently, the @spillways10 staking contract was hacked, and funds have been draining for the last 200 days. I was approached by a stakeholder to investigate the hack and I happily agreed. A thread:
One year ago "how-to" was a valuable skill.
Now with Claude code, "how-to" is cheap and has barely any value.
Now, "what-to" is the important skill.
https://t.co/M2BtVDdhkM
Crypto Drainers using React CVE-2025-55182
We are observing a big uptick in drainers uploaded to legitimate (crypto) websites through exploitation of the recent React CVE.
All websites should review front-end code for any suspicious assets NOW.
@HatsFinance Sad news for the industry. Even more for me, cos here is where I got my first #1 in a public audit contest. Great job to the team for the platform. See you in the next venture
@riftdex Very cool product. I'm confused about something though: is it undergoing audits right now while the protocol is active?
@samczsun Perhaps it is not the protocol who should decide to allocate funds to a security fund. Perhaps it should be the users of the protocol through governance or similar
@sherlockdefi Damn ... that's a major industry shift
So well deserved
Crossed $150M TVL today🎉
Honestly so proud of what our team has built at @origami_fi over the past year
>$108M TVL in hOHM (attracting almost 1/3rd of the gOHM supply!)
>$15M+ in oriBGT (50% of all staked iBGT!)
>$13M in incredibly well-loved @InfraredFinance LP auto-compounders and auto-stakers
>The #1 place for $SKY staking and the best risk-adjusted $USDS yields
>Most hyped Boyco vault attracting $69M USDC
Crazy to think the next 12mos may just be even bigger and better
The paper has been creased
Still early🌱
@0xFlint_ So you need to learn English before being good at security :p
Jokes aside, I agree. I wouldn't say grammar errors, but natspec errors in general, pointing to codebases being shipped fast / not paying enough attention to details
@Jeyffre I haven't looked into it myself, but I heard that Panoptic competition (code4re a) was quite interesting. Using uniV3 Lp for an options market because the underlying math was equivalent. Perhaps a nice extension to the existing Uniswap content
@aviggiano Interesanting. What kind of output would you expect? A paginated API endpoint, a huge file... To get a better idea of what you want
@Jeyffre Good tip. There should be a phone app that has gestures-actions so you can start/stop the cronos from a blocked black screen
@shafu0x What do you use remix for that you can't use foundry/cast?
@0xMackenzieM WHAT. That's crazy
Here is one of the latest audits I've done, for @iMacroMillions.
The most interesting issue is [C1]. Not because it is critical, but because it is a small edge case magnified to the point of breaking the entire protocol. The team response was great, and they fixed all essential issues.
https://t.co/b1drsNoVNo
See my complete audit portfolio: https://t.co/55z1FoQTpJ
![jacolansac's tweet photo. Here is one of the latest audits I've done, for @iMacroMillions.
The most interesting issue is [C1]. Not because it is critical, but because it is a small edge case magnified to the point of breaking the entire protocol. The team response was great, and they fixed all essential issues.
https://t.co/b1drsNoVNo
See my complete audit portfolio: https://t.co/55z1FoQTpJ](https://pbs.twimg.com/media/GxhxgKJWAAEyQdQ.png)
Legendary stats of a legendary engineer. Looking forward to seeing what you do next
After 4.7 years as a security focused smart contract engineer, tomorrow will be my last day at Origin Protocol.
7 products spread out on 5 chains, mid 9-figure TVL, 540+ deploys and upgrades, with 0 user funds lost since I started that role. 1/8
Audits are really expensive, but you already knew that?
Yet you still do nothing to minimize the cost of your audits...
You're throwing money at the problem and hoping it'll magically solve everything...
A lot of elite teams do a simple trick that saves them thousands and it's called "internal reviews".
This is when the developers audit their code. This is not them casually looking around for anything interesting during development - this is a dedicated, structured process they schedule.
Here is how they do it:
Before the actual audit set a reasonable time frame (50% of what the auditors quote you for as the devs already know the code).
During that time only review the code, don't add new logic, don't add new mechanics, only focus on security and reducing complexity/unnecessary code.
This might seem trivial, but will actually save you a ton, especially if your code is littered with bugs.
Here are the benefits:
1. Your reports will look better, as they will have fewer bugs
2. You will catch most simple bugs allowing auditors to focus on the more complex parts
3. Audits will be faster as there will be fewer fixes, allowing you to launch sooner
4. You may only need 1 audit, whereas without this prep you might need multiple
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.5M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers