100proof.org
@1_00_proof
Followers
4K
Following
2K
Media
166
Statuses
2K
Interested in software correctness. Cryptocurrency security researcher - https://t.co/eZHZozB05V - https://t.co/bLGkkx5E0e
0.0.0.0
Joined July 2022
I truly believe that we *can* make protocols rock solid. It's not impossible. It's just a lot harder than people think it is. Make them boring. Don't ever upgrade without proving the whole system from scratch again. Have a prover that you can run as part of development.
The Balancer v2 hack isn't about lost funds. It’s a trust collapse. A protocol live since 2020, audited and widely used, can still suffer a near-total TVL loss. That’s a red flag for anyone thinking DeFi is “stable.” No serious capital allocates into systems that fragile.
3
4
43
I’m starting to think there’s one or more entities out there that have developed strategies with AI assistance to find & exploit old protocols. The bar to build, sample, test, exploit strategies has never been lower. Protocol age used to be a sign of security but in this
The latest @ribbonfinance attack appears to be a oracle configuration fault. 6 days ago, the owners updated the oracle pricer which uses 18 decimals price for stETH, PAXG, LINK and AAVE. However, other assets like USDC price still at 8 decimals. creation of OToken is not a
4
4
37
Bug bounty hunting isn’t about getting good at one hard thing. It’s about learning new things and getting good at them again and again and again. Each year feels a bit like starting from scratch again.
4
5
97
I told you guys there were more sources of capital than just project treasury, but wasn't expecting it like this. 😅
Ribbon Finance suffers $2.7 million exploit, plans to use "dormant" users' funds to repay active users December 12, 2025
1
2
15
I made the mistake of complaining too much this year. From now on I will focus on constructive ways to move forward, and align incentives for everyone.
4
1
44
You have done everyone an incredible service here @00xSEV The number of incredible contributions made by people throughout history who did NOT fill every waking hour with their passion is too large to believe the *falsehood* that grinding is the only way. We only have one life
Some thoughts on the number of deep work hours, focus, and specialization (my replies to a DM) > 1. I see everywhere that you need to work 8-10 hours, > 7 days a week in order to succeed now > but you mentioned only 4 hours of focused + 1-2 hours shallow 5 days a week. > Is
0
2
45
Some thoughts on the number of deep work hours, focus, and specialization (my replies to a DM) > 1. I see everywhere that you need to work 8-10 hours, > 7 days a week in order to succeed now > but you mentioned only 4 hours of focused + 1-2 hours shallow 5 days a week. > Is
en.wikipedia.org
6
4
85
@hrkrshnn The default setting for many BBPs is to treat reporters as adversaries. Which makes it unfair to expect a very collaborative approach from SRs. Also the framing of the relationship is fundamentally different. With a customer you typically spend relatively few resources before a
0
3
41
"The biggest example is escalations Thirty minutes of escalations can burn like 60% of my daily energy" 💯
I started using story points (~effort) to estimate how much energy different tasks take It's been a good exercise; I realized that the most draining work for me is adversarial or risky interactions with people (high chance of hearing no or being ignored), saying no myself,
0
1
19
I would happily hunt with the current rewards but with 90% guarantee I'd get paid. It's maybe 25% or less at this point. That's my gut feeling.
Bounties are Low, and we got plenty of proof of it. It's just a matter of incentives on a system with asymmetric rewards. With the huge TVL values we have today, and the low bounty amounts, there are more blackhats looking at your live code than whitehats.
1
0
32
@the_weso wow its really funny that you say this. but when you had this continuous audit and i personally caught 3 crits, you all of a sudden didnt feel like paying all of them out?
3
2
138
Good summary. But they *need* to honour their program.
@the_weso The fair payout is whatever the protocol has advertised as the max payout on their bug bounty program; they simply need to honor their program. A trickier question is what is the $ amount "sweet spot" that incentivizes top researchers to hunt on that program as opposed to doing
1
0
12
p.s. Everyone should subscribe to @DefimonAlerts , and even pay for their premium service. It's incredible.
0
0
3
Messages like this abound on the Ethereum blockchain. This one is particularly heart rending. You'd think this would be a good enough inoculation against turning blackhat.
14
1
13
On the other hand, if you don't have the moral fibre to stay white, get out now please.
1
1
8
Absolutely awesome to see @MitchellAmador go out to bat for us whitehats at @summit_defi
https://t.co/FWjq4wKyR2
1
2
27
Work, at its best, is transcendent not base. Hustle culture just makes it sound base.
I am urging you to read more poetry and fiction so you can stop using the language of hustle culture to talk about work
0
1
10