We're proud to join the new @encryptmempool Coalition!
We're pushing to integrate an EIP to encrypt the mempool in Ethereum's I* Hardfork - to stop toxic MEV & real-time censorship in a decentralized & credibly neutral way. Toxic MEV is adversarial and must be solved at a whole system scale!
Join the coalition 👇
https://t.co/TOxkm98cbO
The ETH Yield-Machine
✅ 10% on ETH
✅ Grows BOLD supply
✅ Improves BOLD liquidity
✅ Pays bribes to LQTY stakers for 3 months❗
A new PIL initiative has been proposed to boost the new ETH carry vault on @ipor_io, which has quickly attracted $1.5M in TVL
Let's break it down
Tomorrow at 4pm UTC
Ethereum Builders Live with
@jchaskin22 and @SamExotic3 of @LiquityProtocol
We’ll dive into how Liquity built a fully immutable protocol for minting the decentralized stablecoin BOLD and explore the different ways users can earn yield with BOLD.
https://t.co/qLLEoYNwfE
This is ultimately good news
People like me have been highlighting this possibility for years but close to no one gave a fuck. Some teams even said it would never happen
Once a possibility turns into a precedent, the story changes completely, as seen with ARB/L2 censorship
Just a thought but if I was running a security audit company, I would probably not post publicly that the entire space I've been auditing for years is probably full of bugs
5 ways Tether Gold (XAUT) can have a fund loss 🧵
Gold is regarded as a safe-haven asset, but our analysis suggests otherwise about XAUT with counterparty risks, and hidden legal clauses👇
@Figue_me I also remember some Security Researchers recommending a switch to closed source, even though it has never been easier to decompile code using AI
Lido: 6 ways to have a fund loss, most of them with mitigations
Binance Staked ETH: 10 ways to have a fund loss without any mitigation
I still wonder how we have $8B BETH supply with such risks
An angle that could be added to this list: Frontend implementation
95%+ of DeFi users are using a frontend to interact with protocols. So if the frontend is shut down / censored, almost all users can't access to their funds anymore.
Worse: the frontend can be compromised (DNS hijack, supply-chain attack on the front-end, malicious update), leading users to sign malicious transactions.
The best-case scenario would be multiple independent frontends, including ENS + IPFS ones
Who is building like us?🧵
DeFiScan is built to provide insights and awareness of the risks users take when using a DeFi protocol.
This is the reason why we are participating in the Ethereum Security QF Round on @Giveth, thanks again to them for inviting us💙
That said, we can also see other initiatives in this QF round aiming to bring greater transparency to their respective fields👇
Some highlights we warned users about recently:
- Aave Umbrella module new admin 🧐
- Steahouse USDC Morpho Vault fee switch enabled from 0 to 5% 🤑
- Sky/Spark Governance timelock upped from 24 to 48 hours. 🥳 (when 7d?)
- Kelp DAO rsETH mint limit upped from 5'000 to 10'000 ETH 🤯
DeFiScan has been rebranded and DeFiScan V2 is now live at https://t.co/ckj3B5vdLX.
The focus is not on polished scores (those will continue to evolve).
The real product is the granular, on-chain data: explicit trust graphs that trace every permission, admin, dependency and oracle straight to user funds.
So far we have 1,146 contracts tracked, and 154 admins detected on the $81B TVL we are continuously monitoring.
Join our Telegram feed for continuous updates: https://t.co/gKUztivWXo
The full methodology, pipeline and dataset are open source under MIT license: https://t.co/r4jjV41PvS
We built on @l2beat — the gold standard for continuous risk monitoring.
Protocol builders, researchers, DeFi users, and institutions — the data is public.
Feedback and contributions are welcome!
Stay safe.
🚨 Everyone @EthPrague tomorrow!
Our researcher @mmilien_ is presenting:
“How Many People Can Rug You? Quantifying Trust in DeFi”
→ Sladkovsky Stage at 10:50am
We’ve all heard “don’t trust, verify.”
But how can we check all the signatures, multisigs, or hidden admins which can actually rug an entire protocol?
@mmilien_ has been mapping centralization vectors across DeFi for years.
Tomorrow he’s revealing more about DeFiScan V2 -our advanced automation, continuous monitoring, and the power to verify your exposure to trusted code, so you can better protect your capital.
Don’t miss it! 👀
Bookmark on @fileverse's amazing app: https://t.co/58qeHkH4wf
9 ways Spark can have a fund loss🧵
Since the KelpDAO exploit, Spark has gained momentum amid DeFi’s “flight to safety”.
Even though Spark is known for its conservative design, there are several risks worth noting.