Olivia
Online
zkoranges
@zkoranges
Engineering | Security · DeFi · Cryptography · AI @PhilidorLabs
Joined May 2021
493 Following
378 Followers
138 Posts
More granularity added into our «Asset Composition » risk analysis
Having a single asset that dominate vault allocation or using the same underlying asset gives penalties on your risk score 👀
This @SteakhouseFi vault on @Morpho is still considered as a Prime tier
Google experimenting with zkPoEX: a reminder that groundbreaking technology doesn’t always find its purpose overnight.
Sometimes, even the most powerful innovations take years before the right use case reveals their true value.
Awesome to see @Google using SP1 to generate a ZK proof of the quantum circuit at the heart of their Shor’s algorithm attack on ECDSA.
Beyond the landmark quantum result itself, this is a genuinely novel application of ZK, one that we should expect to see a lot more of.
ZK lets you prove that you know a protocol is insecure without revealing the underlying attack. This opens up a new paradigm, “ZK disclosure”, whereby frontier labs can surface dangerous vulnerabilities without handing a loaded weapon to the world.
Quantum computing is a great first use case, but the same logic applies wherever there is a gap between “proving something is broken” and “responsibly sharing the proof”. This includes AI alignment, zero-day exploits in critical infrastructure, and biosecurity.
Exciting times for ZK and cryptography more broadly!
Securing user funds: this is what matters most in DeFi.
Hey Phil, can you tell me the list of vaults affected by $USR exploit?
Who to follow
Lumi
@zkLumi
Senior Product Manager, Core Protocol (@Arbitrum) | ZK, Scaling, Privacy 🦇🔊 | Prev: Senior Product Manager, ZK Stack (@ZKsync) | My views are my own.
Kacper Koziol
@kacperkozi
Co-Founder of @HerodotusDev 🛰 Building trust minimized solutions for the sovereign future
Fede’s intern 🥊
@fede_intern
talk is cheap. part of @ergodicgroup, @class_lambda, and @alignedlayer. I work on the core of @ethereum and I build startups.
Crypto projects love to advertise TEEs and zero-knowledge proofs, which often makes users assume they’re inherently more secure.
But without proper due diligence, there’s a good chance these claims are more marketing than substance.
Spent the weekend auditing TEE-based crypto projects on mainnets.
It’s worse than I expected.
“Remote attestation” is mostly just theatre.
With one exception (Flashbots), users are being sold security properties that simply aren’t there.
Regarding the USR exploit:
Philidor Vaults are NOT exposed.
In addition, all of the vaults exposed to USR were marked as “Edge” by our transparent risk methodology.
The problem with promoted “Core” vaults: they’re often Edge in practice
Gauntlet USDC Core, marketed as core, shows up as Edge (~4.9/10) on @philidorlabs when you apply a transparent methodology and look at collateral exposure, not the label
Don’t trust,
Verify
Also, some morpho vaults were hardcoded = 1
Instant rekt. We need a better way of monitoring oracles.
At @philidorlabs we’re working on this.
This is a weird 'exploit'.
id=30, exploiter sends 100k USDC, mints 50m USR
id=31, random guy sends 100k USDC, mints ~100k USR
id=32, exploiter sends 100k USDC, mints ~100k USR
id=33, exploiter sends 100k USDC, mints 30m USR
Only a single SERVICE_ROLE that can fulfill these mint requests. There's no guardrails, no mint limit, it can freely choose what to mint. Insanity.
We also suspect this is Resolv's no KYC mint ("slippage free swap") they offered on their website early last year, and it was later removed from the frontend: https://t.co/W7PwL6aq7J
The options on what happened here to cause the abnormal mint are, based on what we can see:
- bad internal oracle (manipulated/compromised/etc.)
- insider job
- key compromise
So glad I didn't waste my time learning React, now that it doesn't matter anymore
It could happen to you
@Zdeadex
@StaniKulechov Interface shouldn't display swaps with such high price impact though...
Try it on claude code:
claude mcp add philidor --transport http https://t.co/hoiO2Ar1jX
Philidor is now available as an MCP server: plug institutional-grade DeFi risk data directly into your LLM provider.
757 vaults. $57B TVL. Risk scores, comparisons, breakdowns, all from natural language.
Can we agree to abolish light mode? My eyes hurt.
Playing with @philidorlabs skills, soon gonna release more details on how DeFi managers, Institutions and more can use them to allocate in DeFi
Start by checking your portfolio
philidor portfolio 0xxxxx
open-source models are the only ones we can reliably trust from here on out: the weights and code can be inspected, audited, and self-hosted (although not cost-efficiently yet).
U.S. AI stocks look increasingly fragile: faster-moving chinese model releases raise the competitive bar, while shifting U.S. policy adds real uncertainty to the market.
It’s all open source models from here.
American AI companies are simultaneously fighting Democrats (by automating blue jobs), Republicans (by rankling the US military), and China (by fruitlessly combating distillation attacks).
Solve for the equilibrium: open source models become the only trusted models. Centralized American AI burns bright, makes a ton of money, but eventually gets outcompeted by the privacy, freedom, and trust of decentralized local AI.
@_Akanoa_ Must-have to reduce context usage
1/ Most DeFi risk scores are a single number with no explanation. Some are gated behind a pro account.
A "7/10" tells you nothing. Is it the collateral? The contracts? The governance? Without decomposition, you're trusting a black box that masks the one dimension that could cause total loss.
7/ We're still working on the fine-tuning of the risk methodology and more updates are coming.
If you have any comments or questions, DM or comment.
Happy to share ideas.
6/ Every weight, threshold, and override rule is published. Same on-chain inputs always produce the same output.
No editorial discretion. No "we know the team" adjustments. A risk framework that can't withstand scrutiny is not a framework: it's an opinion.
759 vaults scored, open: https://t.co/TBmpyJHUSu
Last Seen Users on Sotwe
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.1M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers