An AI read 270 Code4rena post-mortems, built a map of how DeFi gets exploited, then found every high-severity bug in 12 production contracts.
Full breakdown →
https://t.co/1bxvcvpbZk
Real data from 2,092,522 mainnet EVM calls: median stack depth is 8. The p99 is 32. The limit is 1,024. Solidity's "stack too deep" error is a compiler layout problem, not a VM constraint. The EVM has headroom nobody's using.
Ethereum's opcode gas prices are 78.6% too high.
Not from congestion: benchmarks calibrated on decade-old hardware. EIP-7904 re-ran every opcode across all execution clients at 60 Mgps. First systematic repricing in years.
The EVM has had a quadratic control flow problem since 2015. ZK provers have been paying for it ever since.
Three new opcodes fix it, cutting proof size by 50%.
Full breakdown →
https://t.co/FXguntN5WZ
The UMA attack on Polymarket wasn't a bug. It was governance working exactly as designed.
When your oracle is a token with a market cap, it has a price. And if resolving a bet wrong pays more than the token is worth, someone will do the math.
Full investigation →
https://t.co/8FDhTiOJr5
If you want to dig deeper:
https://t.co/l3vK9SDCUX (DAO-to-DAO voting study)
https://t.co/BLcPU0M6E9 (ERC-8185 off-chain registry)
@SnapshotLabs@OpenZeppelin
Liquity cast 1 vote on Aave Proposal 95. It represented 17% of total voting power.
61 DAOs are secretly governing each other. A 2026 study mapped 72 cross-DAO voting relationships. No current tool shows this.
The governance layer has a governance layer.
663 smart contract accounts engaged in governance across these DAOs. Index Coop alone referenced Aave in 669 proposals, Compound in 179, Uniswap in 114.
Metagovernance is how DeFi actually runs. https://t.co/l3vK9SDCUX
The EIP-8105 team dropped their own proposal to back LUCID, targeting Hegota (H2 2026). @ShutterNetwork covered it.
EIP-8182 adds a protocol-native shielded pool upgradeable only by hard fork. No admin keys. No proxies.
The opt-in era is ending.
Encrypting transactions doesn't fully protect you.
GhostPool (March 2026) showed encrypted mempools still leak your IP address, gas budget, and ciphertext size, enough to fingerprint the sender.
You can hide the payload. You can't hide the metadata. https://t.co/71tU44o0UQ
$60M/year stolen from Ethereum users. 80% of transactions already hide from the public mempool via private RPCs.
The remaining 20% keeps getting sandwiched. Private RPCs are a workaround. LUCID makes encryption the protocol default.
Foundry won the vibe war, but that doesn't mean it's the right pick for every team.
Survey data, real trade-offs, and a decision framework broken down by team type.
Full breakdown →
https://t.co/J4pqB2hRT7
$4.2 billion drained from DeFi since 2020. Every protocol had passed an audit.
Median time between passing an audit and getting hacked: 47 days.
'We got audited' is a starting line, not a finish line.
@openai + Paradigm's EVMbench: AI agents detect 45.6% of smart contract bugs, exploit 72.2% in lab tests.
A follow-up re-evaluation on real incidents: best agent still misses 50%+ of bugs. Zero end-to-end exploits.
Benchmarks ≠ real protection. https://t.co/GsQa2oFcY5
Choosing a block explorer for an Arbitrum Orbit chain is a real decision. Arbiscan, Blockscout, Ethernal, and Routescan each land differently on bridge UI, AnyTrust support, setup time, and pricing.
full breakdown →
https://t.co/i13vo3y3M0
Six tools that all claim to trace EVM transactions, but they're not interchangeable.
Call tree depth, state diffs, gas profiling, setup time, pricing: they diverge pretty fast once you dig in.
Full breakdown →
https://t.co/WdA093kHiA