Why We Ship: The Non-Technical Developers of @DoubleZero & @MalbecLabs_xyz@CailinDoran came from theater and @eden_ from ocean conservation, two routes nobody plans into crypto infrastructure. Now they're the storytellers at DoubleZero and Malbec Labs, translating deeply technical work and bringing infrastructure once reserved for big tech and Wall Street to the Solana ecosystem.
When Hyperliquid has to clear bad debt, who covers it?
We reverse-engineered the closed-source risk engine, verified some core properties & compared it to other perps. It's not neutral: the more leveraged and profitable your position, the sooner it's closed.
Full breakdown ↓
The Open Protocol Security Coalition (OPSeC) is a new initiative by @fund_defi, in partnership with @_SEAL_Org and Asymmetric Research.
What it does:
→ Curates existing, free cybersecurity resources
→ Hosts educational events
→ Engages with policymakers and regulators
New research: We were able to access camera permissions and obtain user GPS coordinates across 20+ major mobile wallets by exploiting WebView misconfigurations. Here's how ↓
Crucible just got its first native integration: it now ships inside the Anchor CLI.
Every command runs under anchor fuzz (init, run, tmin, show) with no separate setup needed.
The writeup is here. We achieved RCE in Minecraft Bedrock, turning a 4-byte heap overflow into complete client compromise.
@ryaagard details a universal, Bedrock-specific technique for bypassing ASLR and achieving arbitrary read / write primitives.
Pragma is one of Starknet's main oracles, pricing collateral and liquidations for lending protocols holding tens of millions on-chain.
@u_0x8888 explains how a missing access-control check could have let anyone disable its core price feeds for a few cents.
Today we're launching Crucible, a coverage-guided fuzzing framework for Solana programs. Built for Anchor, with v2 support from day one.
Just one example of what Crucible can find: a years-old bug in Solana's stake program, surfaced in seconds ↓
We're excited to announce The Pod.
3 hours of technical programming featuring the deepest dives, happening alongside Accelerate.
p-token, post-quantum, RPC 2.0, Quasar, agentic infra, security, and more.
If you're a dev working on Solana's hardest problems, this is for you.
Powered by @Rockaway_X
We found a critical soundness bug in dusk-plonk that let a malicious prover forge proofs for arbitrary false statements.
The result: an attacker could mint arbitrary amounts of DUSK out of thin air and bypass every check protecting Dusk's shielded transactions.
The pre-release version of Anchor v2 is out.
v2 is over 90% smaller and 3-6x faster than v1, and represents months of work focused on speed, extensibility, and security. This is a major architectural change from a dense macro-based framework to a more easily extensible trait system, with security built in from day one.
Excited for teams to give it a try. Still a few rough edges, but please DM/comment with any feedback!
CU optimizations come with risks.
@_fel1x discusses a critical bug we found in p-token before mainnet, subtle enough to survive in a heavily scrutinized codebase.