Olivia
Online
wip
@workinpro
building (redacted)
Joined February 2017
1K Following
1.1K Followers
3.3K Posts
Can we get a prediction market on if the Orchard vulnerability has been exploited (by proxy of this proof)?
cc @Kalshi @Polymarket @Trueo_
@TomZarebczan @1MILLIONMRR @robustus We can do a network upgrade which trustlessly proves the effective circulating supply without waiting for coin holders to move their coins!
@shitcoin_maxxi @trading_axe >****** Foundation finds undetectable infinite mint in ZEC
> Drum up ****** influencers to relentlessly shill ZEC to increase EL
> ???
> Profit
@Apeguru I fully agree, I was just illustrating a point, and this isn't how you'd go about auditing an entire codebase.
If you or anyone else is willing to sponsor the compute needed to replicate this with the whole repo, I'm more than willing to do it. I think it would be quite trivial.
I was able to replicate finding the Zcash Orchard vulnerability using GPT 5.5 without a harness and little to no steering (except for passing the files).
GPT 5.5 is consistently able to find this vulnerability.
Opus 4.8 released on May 25th, and the vulnerability was found one day later, on May 26th. GPT 5.5 released on April 23rd, meaning someone could’ve found the vulnerability using GPT 5.5 for an entire month.
(Link to chat in next post)
bro basically said "look for bugs that could exploit zcash"
that's the prompt that found an exploit in a 10 billion dollar protocol
@Apeguru @AriDavidPaul @CraigSalm @zooko I’m assuming this is about my post.
The prompt of course contains the code that is known to be vulnerable. But the prompt doesn’t have to be biased. Any prompt works. Like “find the scary vulnerability pls”.
https://t.co/QAXE5xHRnX
Addressing some criticism from the comments:
The model uses search:
Search is turned off in settings. The model is prompted to not use search. Thinking traces can be checked to see if search was used.
Brute-force prompts until one sticks:
The prompt doesn't matter. GPT 5.5 can consistently find it using any prompt (see attached picture). The only thing that matters is the code supplied. Which could be found by using a harness and enough compute.
@btcplanet I have a masters degree in secure software and have audited multiple crypto projects.
This is from the bug report by Taylor:
@0xdoug You had a whole month between GPT 5.5 release and the bug being found
https://t.co/OEzXQegyeC
I was able to replicate finding the Zcash Orchard vulnerability using GPT 5.5 without a harness and little to no steering (except for passing the files).
GPT 5.5 is consistently able to find this vulnerability.
Opus 4.8 released on May 25th, and the vulnerability was found one day later, on May 26th. GPT 5.5 released on April 23rd, meaning someone could’ve found the vulnerability using GPT 5.5 for an entire month.
(Link to chat in next post)
@Apeguru How does it work?
https://t.co/K9E3GjwNEf
Addressing some criticism from the comments:
The model uses search:
Search is turned off in settings. The model is prompted to not use search. Thinking traces can be checked to see if search was used.
Brute-force prompts until one sticks:
The prompt doesn't matter. GPT 5.5 can consistently find it using any prompt (see attached picture). The only thing that matters is the code supplied. Which could be found by using a harness and enough compute.
Addressing some criticism from the comments:
The model uses search:
Search is turned off in settings. The model is prompted to not use search. Thinking traces can be checked to see if search was used.
Brute-force prompts until one sticks:
The prompt doesn't matter. GPT 5.5 can consistently find it using any prompt (see attached picture). The only thing that matters is the code supplied. Which could be found by using a harness and enough compute.
https://t.co/JyTiJ03Z9Q
@btcplanet Supplying the code location is a fair criticism, which I highlighted in my original post, but can be trivially solved using enough compute and a harness
As for brute-forcing pompts, see:
@layerfoo I've turned search off in the settings
@veinvariance @EggNamedCregg Your only challenge would’ve been to find the relevant pieces of code and filter false positives
@btcplanet You can check the prompt for yourself, I didnt give it the bug
@zeroSp3c The hard part is finding the relevant pieces of code, but this can be solved by using a simple harness.
Any medium technical person could’ve found this bug imo
Thats not how it works. You can check the thinking traces to see if search was used. Thats why I provided the chat link. This is the same way the erdos problem was solved by a teenager without a mathematics background.
The knowledge cutoff of the model also doesn’t change.
https://t.co/gxtARohh3D
Thats not how it works. You can check the thinking traces to see if search was used. Thats why I provided the chat link. This is the same way the erdos problem was solved by a teenager without a mathematics background.
The knowledge cutoff of the model also doesn’t change.
https://t.co/gxtARohh3D
@Polymarket GPT 5.5 consistently finds it as well, which is concerning as GPT 5.5 released a month before Opus 4.8
https://t.co/5ehpI8dhQ0
I was able to replicate finding the Zcash Orchard vulnerability using GPT 5.5 without a harness and little to no steering (except for passing the files).
GPT 5.5 is consistently able to find this vulnerability.
Opus 4.8 released on May 25th, and the vulnerability was found one day later, on May 26th. GPT 5.5 released on April 23rd, meaning someone could’ve found the vulnerability using GPT 5.5 for an entire month.
(Link to chat in next post)
I was able to replicate finding the Zcash Orchard vulnerability using GPT 5.5 without a harness and little to no steering (except for passing the files).
GPT 5.5 is consistently able to find this vulnerability.
Opus 4.8 released on May 25th, and the vulnerability was found one day later, on May 26th. GPT 5.5 released on April 23rd, meaning someone could’ve found the vulnerability using GPT 5.5 for an entire month.
(Link to chat in next post)
I was able to replicate finding the Zcash Orchard vulnerability using GPT 5.5 without a harness and little to no steering (except for passing the files).
GPT 5.5 is consistently able to find this vulnerability.
Opus 4.8 released on May 25th, and the vulnerability was found one day later, on May 26th. GPT 5.5 released on April 23rd, meaning someone could’ve found the vulnerability using GPT 5.5 for an entire month.
(Link to chat in next post)
Last Seen Users on Sotwe
الشيطانه ريم
Seen from Egypt
มุมส่วนตัว
Seen from Thailand
Serkan
Seen from Turkey
Dinasty Prayoga
Seen from Singapore
NAPI BIAK
Seen from Austria
İzmir yasak ilişki
Seen from Turkey
bbwDailyVideo
Seen from Turkey
Gay NSFW Tik Toks
Seen from United Kingdom
Rey
Seen from Singapore
Breastfeeding
Seen from Turkey
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers