Torgin (not your keys not your coins)
@MTorgin
Followers
2K
Following
14K
Media
276
Statuses
5K
Auditor at @chain_security. Opinions are my own.
Joined February 2021
Lots of Alpha in my talk on MEV and block production from @EthereumZurich this weekend. Check it out! https://t.co/l8skmWepAo
13
24
134
DeFi composability is the future of Finance. @CurveFinance and @frankencoinzchf, both audited by @chain_security ๐
๐จ๐ญJust discovered that the fastest crypto-native way of paying CHF bills is this: - Buying ZCHF on @CurveFinance; - Sending those to @mtpelerin; - Paying CHF from there, conversion is 1:1! Powered by our FX pools apparently
0
0
3
Did not know this before!
Inaccurate gas estimates on @ton_blockchain can lead to critical security issues. ๐ก๏ธ Today, our TON specialists share the knowledge gained from vulnerabilities uncovered during recent DeFi audits. Dive into the technical details:
0
0
1
Looks siiiick ๐๐๐
0
0
2
Briefly checked this one. Still not everything clear to me, and @yearnfi team told that the official post-mortem is still to be made only after they understand everything. But two takeaways for buidlers: - Be careful with unsafe math. It's unsafe unless you proved it is safe; -
yeth exploit post mortem https://t.co/vZFr6d4uGQ
10
17
209
๐งตHola Buenos Aires! ChainSecurity is in town for @EFDevcon & @partyactionppl ๐ฆ๐ท From talks, panels, MC duties, and community events, hereโs your full chronological guide to where you can catch our team ๐
3
8
17
So important and often missed these days. If you don't fully understand what this means, I highly recommend looking into it.
Regular reminder: A key property of a blockchain is that even a 51% attack *cannot make an invalid block valid*. This means even 51% of validators colluding (or hit by a software bug) cannot steal your assets. However, this property does not carry over if you start trusting
1
0
4
Always happy to help ๐
@MTorgin @Dialectic_Group you just got the Dialectic intern fired ๐... at least you know its a human that wrote it and not AI.
0
0
3
before: open pr on eth-phishing-detect, ping seal 911, wait for it to get picked up across wallets, slow and requires human review now: submit verifiable phishing report, automatically sent to the biggest wallets and blocked in real time, instantaneous and no humans required
We are launching a global real-time phishing defense network alongside @MetaMask, @WalletConnect, @Backpack, and @phantom! This allows us to create a decentralized immune system for crypto security where anyone from around the world can prevent the next major phishing attack
16
25
198
How to protect your dapp's users from Google Ads scams ๐
1/13 @GoogleAds phishing is at an all-time high. Even if youโve never run ads, attackers can buy them in your name. As an ex-Googler, here's what's allowed, what's not, and how to protect your brand.๐งต
0
0
3
Was a pleasure to work on this!
1/8 ๐งต We recently audited @makinafi, a cross-chain asset management protocol focused on operational security by design. Makinaโs core principle: even if an operator is compromised, user funds should remain safe. More info in this thread ๐ https://t.co/IgcfXSWGQJ
1
0
6
โฅ๏ธ
From @compoundfinance to now @m0, Iโve been working with @chain_security through the years. Every serious protocol needs serious auditor ๐ watching it.
0
0
4
Chad move
I went to bed at my usual time. Even with a crazy deadline, I knew Iโd still come out ahead by resting. When I woke up, I knew how to solve the problem. The solution was similar to drawing a diagonal line on a computer screen - which is a really easy problem. 9/18
1
0
5
Part 2 here: https://t.co/XXqOQfrH7Q
Do you feel tired often? Do you want to be more productive? Turns out the solution could be doing more... nothing. This has improved my life significantly, check it out:
0
0
0
You should always have an incident response plan. Even if you did multiple audits and have a running bug bounty program. It's not a guarantee that there are no bugs in your code. Hopefully, you never have to rely on it. But you should have a plan.
3
2
16
1/7 ๐งต We recently discovered how @protocol_fx could have been exploited for $2M+ through nested flash loans, allowing attackers to front-run users and gain control over their positions. The f(x) team resolved the issue promptly by removing the affected flash loan integration.
1
7
24
One of the most interesting people I've met in my life. May he rest in peace. โค๏ธ๐
0
0
2
๐ก Oracles: Risk vs. UX. @MTorgin, @chain_security and @Davidutro, @ajnafi break down the trade-offs in oracle-free systems, where removing oracles boosts resilience, but shifts complexity and risk to users. Catch the BOS24 clip ๐
1
1
8
You use Chrome. Imagine for a moment that Chrome sent ๐๐ซ๐๐ง๐ฎ ๐๐๐ ๐ฎ๐ค๐ช ๐ซ๐๐จ๐๐ฉ๐๐ to g**gle. That would be outrageous, right? web3 is about doing better than this. Well, what if your wallet did the very same thing? ๐
33
64
452
And that's why you should run my fucking script:
github.com
This Bash script calculates the Safe transaction hashes by retrieving transaction details from the Safe transaction service API and computing both the domain and message hashes using the EIP-712 st...
17
26
464