Olivia
Online
petar | Spectra
@petercalic99
sc lead @spectra_finance 🚀simplicity is key! Prev @Ledger innovation lab. AI Msc @ScienceSorbonne
France
Joined August 2021
316 Following
163 Followers
172 Posts
Pinned Tweet
Buckle up
@spectra_finance
Just finished reading @Morpho midnight's whitepaper.
A recommended read for every engineer in defi:
A smart and simple design when possible, every complex component earned its place and is justified.
The code reflects those principles. Every component was well thought through.
Setting a min on the release date in the npm config and disabeling scripts should be the default setting today.
Still doesn't solve the security issue but raises the bar.
‼️🚨 BREAKING: A new npm supply-chain attack uses a dead-man's switch. The payload plants a watcher on your machine that nukes your home directory the second you revoke the GitHub token it stole from you.
The compromise happened today, across 42 official tanstack npm packages, 84 malicious versions in total. tanstack/react-router alone pulls more than 12 million weekly downloads.
The attacker forked TanStack's repository and pushed a single hidden commit. From there, they tricked TanStack's own release system into signing the malicious packages as if they were the real thing. To npm, and to anyone checking the cryptographic proof of origin (SLSA provenance), the poisoned versions looked 100% legitimate.
Maintainer Tanner Linsley confirmed the whole team had 2FA enabled. It didn't matter. This is the first documented npm worm in history that ships with a valid, signed certificate of authenticity, the same one defenders rely on to know a package wasn't tampered with.
I tried a few courses but they don't train the brain for auditing really as its more about practice and intuition than theoretical knowledge. For me the best way to progress is to try to audit real contracts and read reports later like previous contests etc. For beginners small contracts with simple logic. Often there are easy non critical bugs to be found.
Who to follow
Paul-Henry Kajfasz
@phklive
Founder & CEO @unlink_xyz
🇫🇷🇺🇸 | @a16zcrypto & @paradigm & @ethereum fellow | Ex-Head of DevRel @0xMiden | Ex-pro soccer ⚽️ | Angeling in the ambitious 🚀
elias tazartes 🥕🧑🌾
@ETazou
engineering @zama | formerly cofounder @kakarotzkevm
Trinityy
@0xTrinityy
Web3 Dev - Smart-contract - Zk Based - Ethereum and L2s / prev @kasarLabs
There is no compromise with security, only highest standards are acceptable.🫡
Spectra is kicking off a security audit with @Certora
Scope covers core infrastructure ahead of upcoming releases.
Full details to be shared upon conclusion.
The Spectra team and I are at @EthCC Cannes, meeting with existing and new partners to discuss how Spectra, including the recently launched MetaVaults, can accelerate their business.
Find me today at the Poolside event hosted by @greenfield_cap @StakeCapital @lo_tech, Proof of liquidity, and Cinq à Sèpt by @StellarOrg @hypepartners and @WalletConnect
Tomorrow you'll find me at @Vault__Summit throughout the day.
DMs open!
https://t.co/wcrKW5wiA6
Join me (02/04, Redford, 10h45) if you're curious about the different flavours of clear signing and if they make good CROPS, how 7730 sausages are made, or what happens when you pay Jean Claude to make a hardware signer but forget to ask for no mistakes https://t.co/5zWscqKApU
I thought i was leveraging skills well but turns out i there us much more we can do.
Here are my fav advices shared by Claude engineers:
- Skills can be much more complex structures than just md files. Make folders with examples, templates and boilerplate functions to help claude focus on the right tasks.
- Improve skills with Gotchas, on the fly add things Claude doesn't get right.
- This one takes experience but avoid suffocating Claude with information, he needs freedom to maneuver well but at the same time some guardrails help him
focus on the right stuff.
- The skill description is a trigger for the model, not a summary or context.
- Cool examples of skills like /freeze and /careful let you constrain Claude only when it matters
- Don't over complexify the skill to extend its reach. Better to have multiple specialized skills that interact than one swiss knife.
https://t.co/45C3gKydTK
Great transparency by the CoW team and technical details.
Most important thing to improve now is the robustness of the solver competitions.
Some elements like the gas limit were obviously a mistake but as a whole the backbone of the protocol is the auction system and it didn't perform well.
Aave should also propose different provider routes for more competitiveness and decentralization.
https://t.co/1JJhoyi3Pd
“vaults of vaults” are becoming the new DeFi primitive
Spectra MetaVaults have been live and growing:
+156% TVL in the last 7 days
automated rollover
curated strategies
continuous liquidity
new infrastructure takes time to propagate
over the next few weeks you'll see the integrations start to roll in
https://t.co/jrrkkAPQsf
@JuliaEMcCoy On the contrary education is now important more than ever. Unless you want your kid to be completely at the mercy of probabilistic algorithms
I appreciate how real this response feels, and I think I see the angle you're going for. Seems like the goal is to define a "safe" way for the DoW to work with leading AI labs?
My biggest issue is with the last part.
I try really hard to avoid bringing politics into discussions where it doesn't below. Sadly, the DoW does not do the same.
In the official "Artificial Intelligence Strategy for the Department of War" strategy doc, they try to credit Trump for the creation of ChatGPT. This is all political chess to them. There are additional call outs about "woke AI" throughout the document.
I wish this could be simpler. I wish the people appointed by our elected leaders would act more honestly. Their behavior is not reasonable, it's punitive, and I'm concerned that you're just a pawn on their board.
@GiulioRebuffo I am more surprised bythe bad timing/approach of oAi. After days of drama because Anthr imposed strict conditions, oAi jumps in with a more flexible arrangement the same day. Doesn't feel right, the subject is too delicate to be treated like simple trade deal.
What do you think?
@Fricoben @eniwhere_ Would be cool to have statistics per specific fields, as this gap becomes more precise. For example in our company in the last few months we went from 50% devs using agentic workflows to 100%. Would be curious if there is a gap in big corporate companies for example.
We must not forget:
Llm's are probabilistic, you can't predict the outcome and explain the output.
Compilers on the other hand are deterministic.
AI as is will hardly replace critical tasks because of this before some big tech advancements.
When the AIs start producing pure binary from our prompts, we will lose the ability to engage with the code. So it would be a good idea to get used to that now.
@pashov The oracle seemes to have had some averaging but liquidity was so low for long it didn't help. Still some sanity checks would have helped..
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.3M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
87M followers
Taylor Swift
@taylorswift13
80.8M followers
Lady Gaga
@ladygaga
72.4M followers
Kim Kardashian
@kimkardashian
69.5M followers
Virat Kohli
@imvkohli
68.8M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.4M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.1M followers