Daniel Von Fange @danielvf
Skilled Professional (most days). Defends against the bad guys. East Coast Joined September 2006-
Tweets2K
-
Followers9K
-
Following867
-
Likes11K
This is beautiful. But you have just taught me how to do horrible things with solidity.
Does anyone have any recommendations or links on writing out and tracking plain text invariants for further use in code reviews / fuzzing / verification? Just rolling my own at the moment.
Some awesome analysis of audit contests! Go read the amazing python notebook / paper, not just the thread.
Some awesome analysis of audit contests! Go read the amazing python notebook / paper, not just the thread.
The triple dog defense against reentrancy: 1. Methods that would be inherently safe against reentrancy 2. nonRentrant modifiers on state changing methods 3. Don't add reentrant tokens to the protocol Overkill?
Mad props to these guys for finding the "Ping of Geth" - a major bug in Geth that would have let an attacker easily knock all public RPCs offline across Ethereum.
Mad props to these guys for finding the "Ping of Geth" - a major bug in Geth that would have let an attacker easily knock all public RPCs offline across Ethereum.
Lol, looks like I'm not the only one getting bogus LLM powered smart contract bug reports. However, I can tell when I've been handed security word salad discounted from reality, but apparently the paper authors can not, nor their conference reviewers.
Lol, looks like I'm not the only one getting bogus LLM powered smart contract bug reports. However, I can tell when I've been handed security word salad discounted from reality, but apparently the paper authors can not, nor their conference reviewers.
Extraordinarily well written post-mortem.
I did the math this morning. I have code in production that I wrote in 31 different programming languages. (using the TIOBE top 100 list) Plus another 15 other languages used in hobby projects. Plus the obscure ones that are not even on that list.
Georgios Konstantopou.. @gakonst
108K Followers 2K Following very greek accent. cto & research partner @paradigm. optimist and rustacean 🦀 // team lead of reth, foundry, alloy. join us.sudo rm -rf --no-pres.. @pcaversaccio
16K Followers 373 Following 𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111FPatrick Collins @PatrickAlphaC
84K Followers 4K Following Co-founder of 🛡️@cyfrinaudits | 🟪 @soloditofficial | 🦅 @codehawks | 🎓 @cyfrinupdraft Building the Web3 we promised.cygaar @0xCygaar
86K Followers 438 Following I explain crypto topics in simple terms. contributing to @frame_xyz. advisor @MocaverseNFT.Trust @trust__90
14K Followers 453 Following Head of Trust Security, DM for booking | Master of hand-to-hand audit combat | C4/Immunefi/Sherlock VIP | Hacked Embedded, IoT, iOS in past lifedevtooligan @devtooligan
8K Followers 421 Following blocksec🧐 buidlr💻 makr🤖 ascii artiste🎨 chief pharmacist @huff_language💊 mid @rustlang🦀Immunefi @immunefi
44K Followers 638 Following The leading bug bounty platform for blockchain with the world's largest bug bounties. More than $90m paid out to whitehats and $156m in rewards available.Paul Razvan Berg @PaulRBerg
16K Followers 1K Following Co-founder @Sablier. Interested in crypto, longevity, physics, and epistemology.vectorized.eth @optimizoor
24K Followers 8K Following Protocol lead: @soundxyz_ Maintainer: https://t.co/1tzvfSxd7S , https://t.co/jUXGtgtthn Building: @asterixlabslaurence (dubai varia.. @functi0nZer0
40K Followers 4K Following “a scholar” - coindesk; “an absurdist” - bloomberg; “a disappointment” - my mom // creator @wildcatfi, spad @eulerfinance, exhausted @law_leedsMudit Gupta @Mudit__Gupta
64K Followers 1K Following CISO @0xPolygon labs | Tech @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor | Opinions are my own 🦇🔊@bytes032.xyz @bytes032
16K Followers 838 Following Smart contract security @RenascenceLabs | Connecting you with 100's security providers for free @FindAuditdcbuilder.eth @DCbuild3r
33K Followers 3K Following 22. 🇨🇿🇨🇺. math. Ethereum. ZKML. Rust. @worldcoinfnd. accelerating @worldcoin. angeling in friends. Hopeful about humanity.🦇🔊🦀🛡libevm @libevm
18K Followers 2K Following @crypticwoods_ | dev-rel @0xMantle | professional retard @alfalfacapitalMylifechangefast.eth�.. @mylifechangefa1
453 Followers 695 Following 19 - whitehat web2/web3, QA Tester, member @verylongAnimals, securing @usesendtokens and focusing on projects built on @layerzeromaezloke @MarianoLK
7 Followers 229 Followingarun @arundotai
961 Followers 1K Following token enjoyer 🤗 co-founder/CTO @magna_digital (backed by YC & Tiger, $2B+ managed) + LLM researcher @penn (published AAAI, EMNLP, NAACL). ex quant.Aifos Si Prahs @AifosSi
59 Followers 417 FollowingDarryl Yeo・d/acc @darryl__yeo
2K Followers 5K Following frontend dev @ritualnet・founder/decentralized data wrangler @0xBlockhead・UI/UX abstractionist・DeFi/web3 builder・hackathon bounty hunter・dropout・23・prev @dYdX𝗘𝗣𝗢𝗗𝗢 @epodotcom
5K Followers 2K Following ₿ilingual creative helping others achieve their goals | Rugpull survivor 🐺 🔥 now surfing and creating on crypto 2.0🍀🟪 🌋🩸devops199fan 🔪📜.. @devops199fan
15K Followers 441 Following #DeFi and money legos are cool building @cove_fi @stormlabs_xyz 👩🚀 @egirl_capital prev. @saddlefinance @uber @squareGustave Eiffel mondor.. @MondoreMoussa
626 Followers 5K Following Gustave Mousa Manager principal publiques conseiller pédagogique économiques chef partie Géopolitique Républicaines de Rénovations laïque Des esprits LTD0x59901R @0x59901R
6 Followers 209 Following_murmur @murmur117015
32 Followers 720 FollowingMeaGhan Giga11 @MGiga113958
2 Followers 6 Following Writer, editor, tech enthusiast. Seeking powerful collaborations. #contentcreator #creativethinkerDetee @Detee346960
1 Followers 336 FollowingRahim @rahimx28
99 Followers 670 FollowingMary_US_ @MaryUS71052805
1 Followers 345 FollowingThomas Hauer Jr. 🛡.. @thomashauerjr
877 Followers 414 Following Security @coinbase since 2018 | Discussing online safety, current security topics, and other crypto industry wide observations | Join me on Farcaster!CryptoTicky @TickyCrypto
132 Followers 644 Following Whitehat @Immunefi | Smart Contract Engineer & Auditor| Lending & Borrowing, AMM, Yield aggregator, NFT Guardians of @GMX_IO and eBTC (@BadgerDAO)Melva Felecia @MFelecia87976
10 Followers 101 FollowingPalenfo bernard @PalenfoBernard
33 Followers 180 Followingzero @0xAddressZero
14 Followers 65 Followingbflorez @bflorez
14 Followers 24 FollowingDand__elion @ElionDand10481
38 Followers 709 Followingblazebear @blazebear90
0 Followers 16 FollowingRussell @Russellanzh
7 Followers 152 FollowingLuna @Luna1635103683
43 Followers 668 Followingjovial @grepNstep
19 Followers 2K Following0x躺平 @0xtangping
436 Followers 4K Following #Bitcoin| #ETH | #Web3 | #NFT | #GameFi|币圈热点丨项目分析丨空投交互丨 Web3 Advisory & Marketing | DM for ads/Promo 📩|合作私信|Jasmine @Jasmine46263207
5 Followers 899 FollowingRonald van Spronsen @rvspronsen
11 Followers 31 FollowingGoldRay @GoldRay37825
27 Followers 852 FollowingLeonardo Zizzamia @Zizzamia
5K Followers 412 Following 🌕 Onchain DevX @coinbase & @base 🔭 Best cappuccino and cocktail seeker ☕ Building https://t.co/nR9diQWGZE & https://t.co/mSELfVFAVZ ⛵️Jr @__R0ng
716 Followers 164 Following_d_isappear @IsappearD33689
21 Followers 716 FollowingNayan Swarnkar @0x4Nayan04
11 Followers 225 Following A student at IITR, learning security researcher in web3.Tamerlan @MikeTamerlan
152 Followers 893 Following Sold everything. Moved to Latam. Learning smart contract security.Evgeniy Shishkin @UnboxedType
1 Followers 12 Followingsamczsun @samczsun
143K Followers 203 Following hunter @paradigm, powered by @openai. art by @Keiseeaaa,@vincywp. reach out via telegram https://t.co/1IDOUbRX6vGeorgios Konstantopou.. @gakonst
108K Followers 2K Following very greek accent. cto & research partner @paradigm. optimist and rustacean 🦀 // team lead of reth, foundry, alloy. join us.sudo rm -rf --no-pres.. @pcaversaccio
16K Followers 373 Following 𝐖𝐨𝐫𝐤𝐢𝐧𝐠 𝐨𝐧 𝐰𝐡𝐚𝐭'𝐬 𝐧𝐞𝐱𝐭. ꟼGꟼ: 063E 966C 93AB 4356 492F E032 7C3B 4B4B 7725 111FTrust @trust__90
14K Followers 453 Following Head of Trust Security, DM for booking | Master of hand-to-hand audit combat | C4/Immunefi/Sherlock VIP | Hacked Embedded, IoT, iOS in past lifedevtooligan @devtooligan
8K Followers 421 Following blocksec🧐 buidlr💻 makr🤖 ascii artiste🎨 chief pharmacist @huff_language💊 mid @rustlang🦀@bertcmiller ⚡️�.. @bertcmiller
56K Followers 36 Following ⚡️ @ Flashbots // Optimist who is always learning.Immunefi @immunefi
44K Followers 638 Following The leading bug bounty platform for blockchain with the world's largest bug bounties. More than $90m paid out to whitehats and $156m in rewards available.Paul Razvan Berg @PaulRBerg
16K Followers 1K Following Co-founder @Sablier. Interested in crypto, longevity, physics, and epistemology.Mudit Gupta @Mudit__Gupta
64K Followers 1K Following CISO @0xPolygon labs | Tech @Deltabc_fund | Blockchain Security Researcher | Ethereum & Web3 dev | Advisor & Angel Investor | Opinions are my own 🦇🔊Code4rena @code4rena
30K Followers 393 Following Web3 security, on demand. ‣ $20M+ in rewards paid ‣ 950+ High Severity vulns found ‣ Start your audit in 48 hrs: https://t.co/tD4F3jaqFmSunSec @1nf0s3cpt
11K Followers 792 Following CISO @xrexinc | Co-Founder @UnitasProtocol | Founder of DeFiHackLabs Web3 Security Community.BlockSec @BlockSecTeam
25K Followers 272 Following Smart Contract & EVM Chain Audit | Boost Web3 through Next-Gen Security & Usability Innovations @Phalcon_xyz @MetaSleuth @MetaDockTeam 👉TG: https://t.co/owokTLaVkDbrock @brockjelmore
16K Followers 1K Following @nascentxyz, ex: foundry core dev, forge-std creator, early MEV extractor, yield optimizertincho 🪷 @tinchoabbate
10K Followers 114 Following ethereum security @theredguild - creator of https://t.co/ov1UsNPxigPhilip Brohan @PhilipBrohan
534 Followers 392 FollowingDave Kasten @David_Kasten
783 Followers 3K Following Do what seems cool next. Formerly: McKinsey, VaccinateCA, Activision Blizzard.rpolysec @rpolysec
874 Followers 197 Following Head of Security @Scroll_ZKP | Blockchain Investigator | Threat Hunter | Contact Email: [email protected]Sebastian Bae @SebastianBae
14K Followers 4K Following Research Scientist & Wargame Designer @CNA_org. Adjunct Professor @GeorgetownCSS & @GUWargaming. Former US Marine. Opinions own.Nick L. Franklin @0xNickLFranklin
490 Followers 421 Following I've studied and analyzed all blockchain hacking transactions for 2 years. Now I'm ready to struggle for the peace of blockchain ecosystem.Antigone Journal @AntigoneJournal
21K Followers 64 Following An open forum for Classics—Ancient Greece, Rome, and their influence. We publish original articles by academics, students, and enthusiasts, for all worldwide.Jason Matthyser @pleasew8t
557 Followers 246 Following Security research. Clear my bash history when I die.Sholto Douglas @_sholtodouglas
15K Followers 850 Following Scaling Gemini @Deepmind - working towards intelligence too cheap to meterMartín Triay 🇦�.. @martriay
6K Followers 666 Following @openzeppelin before it was cool. opinions bla bla dictator at @webtresclub0xladboy | Sparkware @Xc1008Cui
2K Followers 1K Following @code4rena @sherlock blockchain security researcher hunting bugs Security researcher in @spearbitdao and trust security @cantina Co-founder of SparkwareJoe Morrison @mouthofmorrison
25K Followers 2K Following “Controversial industry figure” -@gridnews. VP @umbraspace 🛰 Satellite imagery for mapping 🗺, monitoring 📈, and 'mergencies 🚨Tristan Semmelhack @4TristanS
1K Followers 311 Following co-founder & cto of Reflect Orbital. on leave from Stanford. https://t.co/0hPrDbC9mbTom - Morpho @TomReppelin
558 Followers 1K Following je relation les développeurs chez @MorphoLabs 🦋Ubicloud @UbicloudHQ
2K Followers 4 Following Ubicloud is an open, free, and portable cloud. Think of it as an open alternative to cloud providers, like what Linux is to proprietary operating systems.VERA @verifalliance
595 Followers 11 Following The Verifier Alliance is an ecosystem collective aiming for easy, unified, and open access to the source-code of EVM smart contracts.Kidd Poteet @KiddPoteet
7K Followers 148 Following Mission Pilot of Polaris Dawn 🚀, retired United States Air Force Lieutenant Colonel, former Thunderbird #4 Demonstration Pilot.ciamac moallemi @ciamac
2K Followers 1K Following professor @Columbia_Biz / research advisor @paradigm / interested in stochastic control, quantitative finance, market microstructure, blockchainmonetsupply.eth @MonetSupply
28K Followers 3K Following work @BlockAnalitica. Ðao appreciator. $SOCKS keep feet warm. pfp by @badkidsart. not financial advice.Richard Fuisz @richardfuisz
2K Followers 782 Following Asking biotechnology (politely) to do useful things. | Future House, Arcadia Science, Templa Nucleics.giraffe @giraffe0x
2K Followers 2K Following Security Researcher @GuardianAudits | Sharing about the EVM, Solidity and Security | Ex-Air Force Pilot 🚁Arthur Mensch @arthurmensch
40K Followers 868 Following Co-founder and CEO @MistralAI. Apply https://t.co/yHGRZAtjcxSecurity Alliance @_SEAL_Org
6K Followers 72 Following Securing the future of crypto | Cover art by @yueko__cts🌸 @gf_256
46K Followers 620 Following Co-founder @zellic_io & @pb_ctf | YT: https://t.co/nlNai6iiMP Prev: Vector35, Grayshift, Two Sigma, Dfsec | 23yo hacker femboyiamzim @zimbeme
120 Followers 304 Following Blockchain dev @eulerfinance Buidling on Ethereum and EVM since 2017gretzke.eth @gretzke
500 Followers 161 Following Software Engineering Lead (Smart Contracts) @0xPolygonmerkle_bonsai @merkle_bonsai
1K Followers 241 Following Smart contract & blockchain whitehat. #32 on @immunefi. Feel free to DMcdrsalamander @cdrsalamander
21K Followers 1K Following Owner of the milblog CDR Salamander and co-host of the Midrats podcast (https://t.co/0kyfyL3EVn). Views my own, but really should be yours.Michael Bentley @euler_mab
10K Followers 2K Following CEO of Euler Labs @eulerfinance. Dynamical systems and evolutionary game theory @UniofOxford. Opinions my own.léo @leoovct
265 Followers 597 Following 🇫🇷 25yo | infra/software eng scaling ethereum at @0xPolygonLabsatiselsts.eth @atiselsts_eth
1K Followers 795 Following Independent researcher. Unıswap🦄, DeFı, security. Farcaster: atiselsts Uniswap delegate: https://t.co/JOYrLy0dLeRaoul @RaoulSaffron
580 Followers 887 Following Formal Verification @rv_inc Building Simbolik: The Solidity Debugger with built-in Symbolic Execution. EVM | Solidity | Debugging | Formal Methods𝔸𝕟𝕥𝕙𝕣�.. @anthropicprince
296 Followers 791 Following Freak Observer/Boltzmann Brain. We're not necessarily doomed, the universe is just much bigger than we realize. MathPhD, quant. "Warmongering ghoul"Sal Mercogliano (WGOW.. @mercoglianos
47K Followers 2K Following Chair Dept of History, Crim Justice & Pol Science, Faculty Athletic Rep @campbelledu, Maritime Historian, Mariner, Firefighter & What's Going On With Shipping?Adri @adrianromero
995 Followers 319 Following independent security researcher | resident auditor @yAuditDAO | top warden @code4renaChaofan Shou @shoucccc
8K Followers 2K Following phd student @ucberkeley working on security (#fuzzing #plse #llm) / intern @hackthedefiDHH @dhh
488K Followers 52 Following Creator of Ruby on Rails, Co-owner & CTO of 37signals (Basecamp & HEY), NYT best-selling author, and Le Mans 24h class-winner. No DMs, email: [email protected]polarzero @0xpolarzero
1K Followers 1K Following EVM developer (smart contracts, frontend, tooling).U.S. Central Command @CENTCOM
687K Followers 1K Following Official Account of U.S. Central Command (CENTCOM).SECURITY ADVISORY Zellic discovered two critical issues in certain forks of Gains Network. We worked with the teams to responsibly disclose these issues. The issues allowed attackers to create trades that always made 900% profit (the max allowed). Here’s how the bugs worked:
@hudsonjameson House #6. @tayvano_ would keep us all sane and alive.
Totally agree. Solady aims to deliver the cutting edge with DevX, UX, safety.
When building security tooling, effort spent on ease of use could easily 10x the impact of the tool, vs being 5% better at finding bugs.
Fiat-backed stablecoins have now passed Norway in US govt debt holdings according to my rough estimate, thanks to an increase in stablecoin issuance combined with a decrease in debt holdings by Norway from Jan-24 to Feb-24.
Here's the script I've been using to make both Echidna & Medusa work with external libraries. gist.github.com/aviggiano/d0c3… This is useful so that you don't need to manually edit your `cryticArgs` or `deployContracts` config parameters. Also, it converts all external libs to…
🔐Blockchain Security Series Episode 5: Daniel Von Fange @danielvf (Smart contracts @ Origin Protocol) This is one of the interviews where I learned the most! Topics: - 00:00 - His path in crypto and security. Origin Protocol - 12:45 - How to do code review. - 20:00 - Upgrading…
So true, my brain cannot do a simple css style after working and testing out how to make sure my smart contract can’t be hacked through a transfer hook.
me working with typescript/nextjs after spending the past few years on the smart contract layer
A good team has: 1. tech minded ppl that stick to tech issues and may /may not be introverted. 2. Tech ppl that are good at interacting with other folk and don’t mind solving non tech issues. A person that is good at 1 usually hates being forced to be 2. Judges what do☹️?
A tribute to the genius of Albrecht Dürer and the power of @matplotlib
totally agree, trying to do this with halmos everyday open to suggestions btw
When building security tooling, effort spent on ease of use could easily 10x the impact of the tool, vs being 5% better at finding bugs.
@danielvf This is a difficult topic. A lot of people in crypto have a romantic view of brute forcing through the security review "manually" (whatever that means). I often find broken parts of code in different tooling, going unnoticed for months because it's so rarely used.
@danielvf Another thing is how much of an effort goes into well-working and useful tools (slither,forge etc). It's hard to built the really prod-ready DevEx tool without some backing. But I do think that your chart represents the best of routes for cryptosec. x.com/blackbigswan/s…
hacks like kyberswap FL manipulation are more likely to be mitigated by throwing money on better security tooling and DevEx related projects over 'moar auditors' or 'moar $$$ for auditors''. it should be obvious that moar-auditors industry-wide strategy plateaued some time ago.
This is why we built github.com/nascentxyz/sim… Checklists are easy to use and impactful
Controversial take: Tooling is far more impactful for security than teaching/writing. People use stuff that makes their life easier. Low-skill devs may not read about the safe way to handle ERC4626 rounding, but they will grab OZ's code all day long.
🥳Try it out! Meet forge clone in foundry🤭: our PR (authored by @i2huer and me) of cloning on-chain verified contracts as a foundry project has officially merged into the main foundry repository. github.com/foundry-rs/fou… This is the first step of integrating on-chain contract…
Agree on the main points, tooling is a great vertical to 10x outputs in security. Any friction added to introducing bugs to a production system is a plus over all. But also the best tooling without good skills behind the keyboard will fail always. SC dev is a high impact role.
No amount of tooling will ever make things secure without skilled developers and good processes on a project. But *we can* move the entire industry, bit by bit, into fewer bugs and less money out the door to bad guys.
@danielvf by the way i don't think it needs to be framed as laziness even. even the most skilled and diligent developers have finite bandwidth. everybody benefits from easier-to-use tools, nobody can afford to spend a large fraction of their time fighting with tooling.
The nerdsniped engineer in me hates to read this, but it's true Making an accessible tool is much more important than one that's stronger but a pain to use
When building security tooling, effort spent on ease of use could easily 10x the impact of the tool, vs being 5% better at finding bugs.