Birbtography @birbtography
@bonecondor takes pictures and posts them here. Shot on iphone and canon eos rp // twitter destroys high res pictures Joined December 2022-
Tweets74
-
Followers210
-
Following2
-
Likes21
Philodendron hederaceum (“Micans”)
Philodendron hastatum (“Silver Sword”)
Cryptanthus zonatus, Zamioculas zamiifolia ‘Raven’, Pachira aquatica
Begonia corallina (?)
Begonia rex var. imperator
Philodendron brasil
Gynura aurantiaca
peperomia obtusifolia
Chairman Birb Bernank.. @Bonecondor
27K Followers 5K Following seeking win-wins || financial ms. frizzle || BD @osec_io || mischief and BD @westhamgcCaitlin Cook 👁️�.. @DeadCaitBounce
30K Followers 4K Following The get outside girl // TradFi turned DeFi // Marketing & Comms Overlord contributing to @HxroNetwork // Advisor @ThePepperDEX // @moonwalkfitness loverSarah Katilyn @Sarah_Katilyn
24K Followers 337 Following Madam Trash Panda • Swing Trader Biotech Investor • Penny Picasso Bibliophile - Literally literarily obsessed ☆Citizen of the Month - March of '97☆Joel Rubano @TCK_JRubano
7K Followers 2K Following Commodity trader. Trader education & development at Instradev, LLC. Author - Trader Construction Kit. https://t.co/FD3r6FlcCAThe Senior Risk Manag.. @salr_nyc
7K Followers 2K Following I trade options and other volatility products across several underlying asset classes. I don't give investment advice, just my personal opinions. DMs open.crime bird @2birb2furious
17 Followers 120 Following this is absolutely not an alt. i don’t know why you would think that. are you feeling ok, anon?nobi @0xnobi
4K Followers 2K FollowingA Large Quantity of U.. @DeskPopper69
105 Followers 1K Following I'm going to lock you up in The Federal Reserve.clay tyler @theclaytyler
569 Followers 2K FollowingDave Waters @alluvialcapital
26K Followers 2K Following Purveyor of fine tweets/xeets. Alluvial Capital Management, LLC since 2014. I buy weird, weird stuff. DMs open. Pittsburgh! https://t.co/2ryxQtceTv⚠️adastroworld @adastroworld
390 Followers 466 Following @ me for my take on housing, transit, mobility, the welfare state in any threadFakeSkymiles @FakeSkymiles
842 Followers 3K Following Parody Account. Proud Million Miler. Opinions are my own and do not represent my wife .danny @1dannymc
298 Followers 414 Following Here: SMBs, snark, sports. Day jobs: PE / @harvardhbs / @bcg / @vassar. 802 for life.Brendon @systemlayers
163 Followers 684 Following Participant in the human experiment awaiting results. Interests: armchair economics/psychology/climate/etc, music Bad at trading. I hope everyone finds peace.bbodd @_bbodd
2K Followers 2K Following we spread a little misinformation // Building Blocks Operations and Design Director @ https://t.co/KuDAK9Yupv //Sean @Sean37275853
44 Followers 179 FollowingSam Shore @SShore
217 Followers 1K Following Financial markets enthusiast and avid sports fan. Opinions are my own. Retweets ≠ endorsements.Nick Skewes-Cox @nickskewescox
28 Followers 283 Following California is a single state, and I am from its entirety.watchingTheClouds @sheepinacloud
118 Followers 333 Following There are no libertarians in a banking crisisRicardo Sanchez @VIXisfraudulent
283 Followers 764 Following "Ask not what the market can do for you—ask what you can do for the market." -BuddhaCryptofungus @Cryptofung
6K Followers 1K Following ⚔️Arena: https://t.co/Pw5it11hu3 | simps: https://t.co/sWN1jNkvIBLewis @ctjlewis
27K Followers 15K Following Founder @SpellcraftAI. Prev @Walmart @McDonalds. Almae matres @Wikipedia @YouTube @Coursera.mumbles @bluespanx
0 Followers 783 FollowingJack Kennedy @jrkisbad
308 Followers 2K Following get off this terrible website and be happy i beg of you it's too late for me.Goan @YahwehOrBust
3K Followers 1K FollowingCosta 🦋 @costa11235
777 Followers 4K Following 🇪🇺🇩🇪, YIMBY, sailing, Taylor Swift, €federalist, 🌐, supply side liberalism, mx browns, cooking, megafaunaenjoyer, energy abundance and FukuyamapilledEx-Dividend Ivan @IvanRasskazov7
828 Followers 733 Following Past Coherence is no guarantee of Future Sanity - Personal Account for an Impersonal Time. The Second City is Second to None, in every way.Turdus merula @FdeSMello
142 Followers 2K Following Wandering (and surfing) silently. | Temporarily (I hope) lost. | The universe doesn't care, but we do.Miτch RΣidt @youknowitstime
12 Followers 625 Following A haunted house with a picket fence to float around and ghost my friends.rosey🌹 @thechosenberg
26K Followers 2K Following How odd I can have all this inside me and to you it’s just cringeJason Van Thiel @jasonvanthiel
141 Followers 591 Following Spent some time in fintech, asset management, and corporate strategy, now helping push financial advisory services forward.Alex @ChiTownTrader
624 Followers 4K Following Real estate developer. Car enthusiast. Pilot in training.Chairman Birb Bernank.. @Bonecondor
27K Followers 5K Following seeking win-wins || financial ms. frizzle || BD @osec_io || mischief and BD @westhamgcclay tyler @theclaytyler
569 Followers 2K FollowingOur next thread will cover OtterSec's proof of concept that helps demonstrate the issue, and our patch to fix it. Thanks for reading!
This can be useful on 2 occasions: forward blocked RPC methods and make requests in `snap.request` only intended to be done within `ethereum.request` (w/ `endowment:ethereum-provider` enabled). This vulnerability allows the snap to perform ethereum requests without permissions.
The bypass is made by setting a `toJSON` function in a legit `snap.request` argument: 1. assertSnapOutboundRequest(args) -> pass the assertion 2. sanitizedArgs = getSafeJson(args) -> toJSON returns malicious object 3. originalRequest(sanitizedArgs) -> forward malicious object
Safe JSON Exploit Digging into `getSafeJson` function, defined in `@metamask/utils` package, we found this: This function performs a `JSON.parse(JSON.stringify(value))` in the argument sent to `getSafeJson`. This is how we found a way to exploit the assertion limitations.
Now that we've covered providers, you can see in the code that the execution flow follows this pattern: 1. Assert if args are valid 2. getSafeJson to get sanitizedArgs 3. originalRequest(sanitizedArgs) Obs: `originalRequest` makes the RPC call to metamask service work.
Both providers (`snap` and `ethereum`) are built outside the SES container with a `request` function: In particular, this functions is from the `snap` provider, but the only thing that changes between this one and `ethereum` is the assert function in the first line.
On the other hand, the `ethereum` provider only blocks methods starting with `snap_` and the blocked methods. However, it requires the `endowment:ethereum-provider` permission in snap manifest.
This function is called by the `snap` RPC provider, so, it can only send methods starting with `wallet_` or `snap_`. In addition, there are some blocked RPC methods that immediately throws an error when encountered.
Let's start with provider limitations: A snap has 2 interfaces that can be used to communicate with metamask RPC interface: `snap` and `ethereum` (EIP-1193). They differ because each one can only send a subset of the available RPC methods:
We went through all these vulnerabilities assumptions and found a minor permission bypass bug. To understand the exploit, we need to dig into the snap’s RPC interfaces exposed via endowments. We'll dig in to provider's limitations, execution flow, and a safe JSON exploit.
While searching for vulnerabilities, we enumerated some features that can be broken and lead to security issues: • Broken SES Container isolation • Insecure endowments in Containers • Incorrect RPC permission checks • Insecure snap installation/update
Now that we've covered some of the basics of Metamask Snaps, let's talk about some of the research OtterSec has done on vulnerabilities and possible attacks. This is thread 2 in our series. If you missed our introduction, start here:
Been hearing a lot about Metamask Snaps? Let's take a look at what they are, how they work, and some of the vulnerability research OtterSec has done, including a bug we found in the sandboxing layer. More technical details can be found in our blog post: osec.io/blog/2023-11-0…
At DevConnect? Come listen to @NotDeGhost as he takes a deep dive into compiler safety and security.
Vyper Fuzzing: A Differential Approach by Robert Chen (founder of OtterSec) More speakers? Yes more speakers! We're proud to host @NotDeGhost, founder of @osec_io! He'll be talking about Vyper compiler/interpreter differential fuzzing and doing a deep dive into how to ensure…
@0xstormborn it’s a silver sword philodendron i love her x.com/birbtography/s…
Philodendron hastatum (“Silver Sword”)
Pilea peperomioides (“Pancake Plant”) pups
Saturday Morning Plant Study
Pilea peperomioides (“Pancake Plant”) pups
@Bonecondor @birbtography Fake account. One person can't possibly be in all those places at once. Even if the Earth was round, which it clearly isn't. 😘