1/9
Ever wondered how leveraged positions work with real-world assets (RWAs) on-chain? It's trickier than you'd think, and @3f_xyz has a clever solution, called Grunt. 🧵
After months of development, Mento V3 begins rolling out today.
The FX layer of the internet is entering its next phase.
See what's live and the full rollout plan↓
1/7 🧵 We recently discovered how @protocol_fx could have been exploited for $2M+ through nested flash loans, allowing attackers to front-run users and gain control over their positions.
The f(x) team resolved the issue promptly by removing the affected flash loan integration.
https://t.co/BCEK3dBskc
ChainSecurity is hiring.
A high-impact role—diverse, fast-paced, and built for long-term growth. Work with top-tier teams, travel globally, and become a key player in Web3 security.
Know someone who fits? We'd love to talk to them!
https://t.co/Lm3rCZuuks
"[AI agents] are threatening to break the blood-brain barrier between the application layer and the OS layer."
Signal President Meredith Whittaker (@mer__edith) warns of "real danger" in agentic AI hype.
To be "magic genie bots" (concert booking etc.), they need root access to all your data: browser, cards, messages.
Cloud-processed & unencrypted: "privacy & security guarantees" at profound risk.
Great news! We're excited to announce that @ethereumfndn (via @EF_ESP) has provided funding to support our mission. This grant covers a portion of our 2025 budget, bringing us closer to our goals for advancing secure and accessible smart contract development.
Yesterday’s issue with the Stability Pools (“Earn”) on Liquity V2 has been confirmed.
Users are strongly advised to close their Stability Pool (“Earn”) positions in Liquity V2. To the team’s knowledge, no users have been impacted and the issue is isolated to the Stability Pool (“Earn”).
All other parts of the system are unaffected (“Borrow”, “Multiply” and “Stake”) and BOLD remains fully backed and redeemable.
The Liquity V2 protocol will be redeployed with a patch.
We will update via our official channels (Discord, Twitter) next week.
The Liquity team was informed of a potential issue affecting Liquity V2 Stability Pools (“Earn”), and is currently investigating a potential impact.
The team is currently working on confirming this potential issue and solutions. The protocol continues to work as expected and to the team’s knowledge the potential issue has not impacted any users.
Out of an abundance of caution, a Liquity V2 user should close their Stability Pool (“Earn”) positions.
Based on the current understanding, the following parts of the system aren’t affected:
- BOLD remains fully backed and redeemable
- Borrowers can withdraw their collateral assets
- Staked LQTY positions are not impacted
We will keep you updated via only our official channels (Discord announcements and Twitter).
The risk of politician coins comes from the fact that they are such a perfect bribery vehicle. If a politician issues a coin, you do not even need to send *them* any coins to give them money. Instead, you just buy and hold the coin, and this increases the value of their holdings passively.
Furthermore, there is deniability: holding the coin is, in terms of financial effect, a linear combination of donating to the issuer and gambling. Hence you can have the intention of doing the former but when challenged claim that you are doing the latter.
You can even hold the coin privately, and show that you are holding it to whoever you need to show; you do not need any zero knowledge proofs, you just send a test transaction.
This is all risky to democracy, for reasons very similar to what I wrote in https://t.co/nEc5VWj34s , https://t.co/w2LeAoV0D7 and elsewhere. TLDR: the economic arguments for why markets are so great for "regular" goods and services do not extend to "markets for political influence".
I recommend politicians do not go down this path.
1/10
Just wrapped up a successful audit of @LiquityProtocol V2 ! 🚀
Here’s the most interesting bug we found—and how it got fixed. 🧵👇
https://t.co/gXvQA6klKJ
Crypto users are some of the most privacy and security minded users on the planet. There are also places on the planet where is it physically dangerous to access a crypto exchange without a VPN masking their destination from the local ISP.
You are making some of your users choose between financial freedom and physical safety.
Introducing Solar ☀️
Solar is an implementation of the Solidity compiler, in Rust; licensed Apache/MIT.
Solar is built for the future of smart contracts, in a world where developers seek customization, and assume great performance, safety, and developer experience.
Something is broken in the contest model.
More and more time is devoted to argue on finding an angle to get paid.
We are rewarding debate skills over value provided to the protocol.
Contest pots that grow with the highest reported severity make it only worse.
Hardhat has a brand new Ethereum runtime written in Rust! 🚀
Performance improvements, a blank slate for new features, and new information about the upcoming Hardhat 3.
Check it out https://t.co/SEJoPPI4Vi
I wrote a blog post on the topic of convexity, capital efficiency and confounding in futarchy markets and how they can lead to distortions if not mitigated correctly.
https://t.co/YhPN0IDwew
If you're a Python dev doing web3 stuff, beware of the breaking change introduced in hexbytes v1.0. The `hex()` method no longer prepends '0x' to the hex string, so if you're doing keccak hashing be aware that it'll be all screwed up. The new method `to_0x_hex()` preserves the behavior.
Wasted the better part of a day debugging why my bundles were being rejected.
Data = Beautiful
I've been diving in and doing data analytics on audit contest data, finding all sorts of interesting things.
Continue reading for a tl;dr on my research up to now:
👇 🧵