Olivia
Online
Swaroop Maddu
@madduswaroop
🦀 Solana Dev ⚓️ | Rust 🦀 | Web 3 | Developer @osec_io 🦦
Prev Research Engineer @strawhatxyz
Hyderabad
Joined July 2014
2K Following
404 Followers
377 Posts
Anchor is moving to a permanent home at otter-sec/anchor as we take over its stewardship.
Solana's ecosystem has been core to our work for years. Anchor has always been security-forward, and we're committed to keeping it that way for the developers who build on it.
Introducing Hacktron Review: an AI security reviewer for your pull requests.
It understands your whole codebase, builds a threat model, takes your feedback, and catches exploitable vulnerabilities before they reach production.
Try for free: https://t.co/ZHfG7cvXRe
.@Solana Anchor v2 pro tip #1: Slabstraction
`Slab<Header, Entry>` account abstractions overload everything you need for dynamic lists, shrinking blocks of CPIs into a single attribute
Shout out to @NotDeGhost for this, and for fixing everything I find in beta testing
The pre-release version of Anchor v2 is out.
v2 is over 90% smaller and 3-6x faster than v1, and represents months of work focused on speed, extensibility, and security. This is a major architectural change from a dense macro-based framework to a more easily extensible trait system, with security built in from day one.
Excited for teams to give it a try. Still a few rough edges, but please DM/comment with any feedback!
CU optimizations come with risks.
@_fel1x discusses a critical bug we found in p-token before mainnet, subtle enough to survive in a heavily scrutinized codebase.
I'm going to be clear because this is getting out of hand:
1. I am not pressuring Quasar to be discontinued in favor of Anchor V2. In fact, we help with funding for both Quasar development and Anchor V2 today
2. I would rather have "one framework to rule them all" that tackles performance, safety, and best-in-class DX for all developers than two frameworks that fragment the ecosystem.
For 2, I lean Quasar instead of doing the work on Anchor V2. It's already built, higher performance, and great DX. If I can get audits and safety on Quasar once stable, it's a win-win for developers everywhere. It also dramatically simplifies developer docs and onboarding new developers.
Anchor V2 has a clock of now 2 more weeks to prove that there's enough of a difference to care about it and otherwise I will drop the support of development in favor of Quasar.
Anchor v1.0 is here! 🎉
Update via AVM:
cargo install avm --git https://t.co/RfRyI7Pia1 --locked
avm update
Or directly via cargo install:
cargo install anchor-cli --git https://t.co/RfRyI7Pia1 --locked --tag v1.0.0
We achieved a guest-to-host escape by exploiting a QEMU 0-day where the bytes written out of bounds were uncontrolled.
Full breakdown of the technique, glibc allocator behavior, and our heap spray/RIP-control primitive ↓
@amaan8429 You can’t receive any new emails
Proposal to reduce rent by 50% has been approved
Look out for halved rent in 4.0 🎉🎉🎉
https://t.co/GaIZHiSK9g
Our community CTF is now live at @SolanaConf 🔥
Come by the Dev Cave on the mezzanine level, hosted by OtterSec, @anza_xyz, @asymmetric_re, @jump_firedancer, and @raikucom.
Drop by to work, meet other builders, and grab some swag.
We’re excited to announce a shared leadership structure with @asymmetric_re! Teams today face risks that span audits, research, engineering, and incident response, and clear coordination is important.
NEW: ERC-4337 paymasters unlock powerful UX by abstracting gas costs, but they also add complexity and subtle bugs.
We break down common pitfalls in real-world implementations and how to design production-ready paymasters.
https://t.co/YLoWOdXq4T
Knowing the code of programs you're interacting with is important
Not only can you view program's code on the explorer, but you can now view the full list of verified programs
Verify your programs today!
@radhika_bajaj Just sneak into his Amazon wishlist and grab something he’d love 😄
anchor init in Anchor 1.0 will now generate a better formatted Solana program for you instead of everything in lib . rs
This will teach better practices on formatting your program for newer Rust devs
You can still use the old way with --template single
NEW: OAuth misconfigurations show how common dev settings can lead to account takeovers.
Our second deep dive breaks down real cases where overlooking differences between desktop and mobile environments left SDKs, exchanges, and wallets open to exploits.
https://t.co/QWABEOXcSU
@cneuralnetwork Hauser XO
NEW: The recent supply-chain attack on NPM exposed a fundamental vulnerability in the open-source ecosystem and the risks that lurk within our dependencies.
We break down how the malware worked and practical defenses every dev should know ↓
https://t.co/ZeqAkFR2jo
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.7M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.4M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.1M followers
CNN
@cnn
61.9M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.5M followers