Olivia
Online
Moody ๐ญ
@sendmoodz
dev @EkuboProtocol
Miami
Joined October 2015
1.7K Following
8K Followers
1.1K Posts
IMO Disable separate approval transactions and do approve(0) after the swap. This adds pressure to the wallets to do the right thing. Permit creates signature fatigue.
On the other side, attack the problem with ERC-8255 for other wallets and apps that won't implement batching.
We reached out to @griffgreen from @thedaofund to seek funding for making token approvals safer with ERC-8255. We intended to direct 100% of any funding towards victims of the recent @EkuboProtocol exploit.
It looks like we will not be receiving any support--not even inclusion in current or future quantitative funding rounds. It appears @thedaofund is not focused on solving real security problems under leadership of @griffgreen. The entire conversation is attached.
We will still be pushing to get ERC-8255 as widely adopted as possible. However, I have no faith in @thedaofund's ability to distribute funds faithfully according to their mission. Token approvals are even mentioned specifically in Ethereum Foundation's Trillion Dollar Security initiative: https://t.co/epzPOFvEJ7
If you wish to donate to the development and adoption of this ERC, you can send any tokens or ETH to erc8255.eth. Any funds received will be directed towards reimbursing victims of the recent @EkuboProtocol exploit.
Read the ERC here: https://t.co/0ObJZQ5AKy
Check out our draft implementations:
โข OZ: https://t.co/n467VX2nvC
โข Solady: https://t.co/oaFs366t2i
Need ERC-8255 but for NFTs
It's even easier to implement
In block 25081689, 0xD79b paid 28 eth to close out a loan and recover Punk 5032.
3 blocks later, the punk was stolen using an open approval.
How?
1/๐งต
I wrote ERC-8255 one week ago. If USDC immediately adopted it, it would've saved one user $456k already.
The victim did their approve(max) 51 days ago.
If you are writing a token, implement ERC-8255!
https://t.co/lswwrGIekO
๐จ JUST IN:
@Aurellion_Labs was exploited on Arbitrum for ~$456K.
due to uninitialized Diamond proxy / unprotected initialize().
Attacker added a malicious facet, abused existing USDC approvals, and swept funds from usersโ wallets.
Revoke approvals: https://t.co/8712or8PHr
For those saying I was trying to circumvent the process, I asked two times to be included in the next round and the second time I was blocked.
We reached out to @griffgreen from @thedaofund to seek funding for making token approvals safer with ERC-8255. We intended to direct 100% of any funding towards victims of the recent @EkuboProtocol exploit.
It looks like we will not be receiving any support--not even inclusion in current or future quantitative funding rounds. It appears @thedaofund is not focused on solving real security problems under leadership of @griffgreen. The entire conversation is attached.
We will still be pushing to get ERC-8255 as widely adopted as possible. However, I have no faith in @thedaofund's ability to distribute funds faithfully according to their mission. Token approvals are even mentioned specifically in Ethereum Foundation's Trillion Dollar Security initiative: https://t.co/epzPOFvEJ7
If you wish to donate to the development and adoption of this ERC, you can send any tokens or ETH to erc8255.eth. Any funds received will be directed towards reimbursing victims of the recent @EkuboProtocol exploit.
Read the ERC here: https://t.co/0ObJZQ5AKy
Check out our draft implementations:
โข OZ: https://t.co/n467VX2nvC
โข Solady: https://t.co/oaFs366t2i
For those saying I was trying to circumvent the process, I asked two times to be included in the next round and the second time I was blocked.
For those saying I was trying to circumvent the process, I asked two times to be included in the next round and the second time I was blocked.
@trenchobserver @permaOx @griffgreen @thedaofund @EkuboProtocol What part of "regardless, next question" is not accepting his original response? Ever heard of disagree and commit?
@griffgreen @thedaofund @EkuboProtocol 6 years of contribution to Ethereum => treated like a beggar
@trenchobserver @permaOx @griffgreen @thedaofund @EkuboProtocol Last thing I asked is not to prevent us from being included in the next one, and he proceeded to block me.
@trenchobserver @permaOx @griffgreen @thedaofund @EkuboProtocol The post he linked said funds are used for retroactive grants. I also asked to be included in the next round or at least for him not to prevent us from being included and that was apparently the final straw
Agreed and difficulty of review/audit is one of the reasons this happened. We couldn't reuse code from our audited smart contracts to write the huff router.
If we had AI agents reviewing with the same rigor that attackers review we can use low level languages more safely, but it's an arms race and they are currently winning
Last Seen Users on Sotwe
Cinema Hub
Seen from Singapore
ๅฉทๅฉท๐ธๅจ็ฆๅทๅฆ้จๆตทๅฃไธไบๅ่ฅๅๅฎๅๆ็ณๅฎถๅบ่ดต้ณๆตๅ้ๅฒๆๆ้ๅทๅคชๅๅธธๅท็บฝ็บฆๅจ่พนๆ้ ็งๆๅ
Seen from United States
ุฑูู
ุงูู
ูุง
เธเธฑเธเธฅเธฑเธเน
Seen from Thailand
DM BROKE DM @BAPROUNDS FOR PROMO
๐๐๐๐๐ โฐ
Seen from France
Pรลล
mฦกvรฏes ๐งก
EลฤฐMDEN GฤฐZLฤฐ
Seen from Turkey
Unsimulated Scenes
Seen from Turkey
๐ณโซ๏ธ
Seen from Singapore
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.3M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers