Emiliano Bonassi
@emilianobonassi
Followers
11K
Following
19K
Media
1K
Statuses
11K
head of product @conduitxyz | Web3 builder, researcher and investor with interest in security | fmr: @immunefi @awscloud @yearnfi | opinions are my own🦇🔊
Joined June 2008
Today marks a new era for Web3 DevEx and Conduit 🔥. Introducing Conduit Marketplace📱. Deploy apps on your rollup in 1-click, all from your console. You click a button, Conduit does the rest!. Lower entry barrier for users, instant distribution for apps 🚀.
We’re excited to introduce Conduit Marketplace!. Conduit chains can now get best-in-class tooling from 48 providers directly from the Conduit platform. Apps listed on Marketplace get instant distribution to every chain deployed with Conduit. Learn how it works below ⬇️
4
2
38
can a painting be censored?. tornado cash as a painting
67
221
2K
After the bybit hack. the only TRUE WAY to make sure your Safe transactions are 100% safe is to calculate the hash manually, OFFLINE! am i the only one doing this? 😁
159
103
1K
“Where can I find real-time metrics for L2s and L3s?”. We hear you, so we built it. Introducing – real-time performance metrics for rollups. 🧵👇
81
179
831
Lisbon is going to be the new San Francisco. Join the European Capital for DeFi. @0xliscon @ETHLisbon
22
31
355
Here my hack for .@__zkhack__ . Welcome zkSafe 🎭🟩. Account abstraction made easy with .@safe and @Sismo_eth . Control your Gnosis Safe with web2 credentials via Sismo zkConnect SSO and extend its capabilities with the power of ZKP (e.g. social recovery, cross-chain exec). A 🧵
9
68
328
This is the complex exploit I've ever seen. It used 2 FLASHLOANS, one with @AaveAave (80k ETH) and one using flashswap with @UniswapProtocol (116M DAI). In the image the steps!
22
82
312
Recent events shown us how security is important. There's a lack of supply compared to demand. In web3 I am still struggling to see a good model for audits and reviews . That's why I come up with a place for peer to peer reviews. Welcome Reviews DAO. 👇
15
68
284
After the recent events, I want to share my personal notes about web3 security. ✨ My Hitchhiker's Guide to Security 🔒. A 🧵 (20).
15
86
280
In personal news, I'm pretty excited to share I'm joining @immunefi as Head of Research, guiding strategic development of products and features ✨🫡. A great group of amazing people!. It matches my obsession for security and building 🏗️👏.
30
7
285
1/ I'm sorry to announce that Rentable is shutting down. We did not find product market fit, and our runway ended. After many careful considerations and conversation, we preferred to go in this direction instead to do further funding or pivots. TLDR 🧵.
40
25
275
New release for 🏗️. We heard to your feedbacks! . Enriching real-time performance with:.- scaling factor for high level metrics 📈.- more dimensions (stack, DA, settlement) 🎯.- filters 📊. 🧵👇
19
41
230
I have the feeling that after @Uniswap V3 release we are going to see something very good to be released too by @CurveFinance 👀. Just a feeling.
10
15
199
Experimental @0xPolygon @idlefinance @iearnfinance DAI strategy ready to go, harvesting $MATIC via @AaveAave liquidity mining (but soon maybe other incentives 👀)
6
42
200
Here we are!. One of the @CoverProtocol exploits, replicated and explained. Available for everyone to deep dive!. Further analysis is coming, war-room with Cover team still in place ;). As always a pleasure to work side by side with @bantg .
4
34
192
I'm proud to release Yearn V2 Vaults Swap. a collection of smart contracts to simplify the swap between @iearnfinance V2 Vaults with the same token (underlying). It supports permit to allow 1-tx operations. 👇 How to use it (for dev currently)
12
26
180
looks like @base is crushing TPS and Mgas/s today (>180TPS). congrats @jessepollak and team - only up 🚀
13
11
176
We made it!. At @ETHLisbon me and @0xGiovanni kicked off Rentable (@rentableworld), the Renting Protocol for NFTs 🪐✨. Rent NFTs with no collateral at fraction of their market price 😉. Bringing efficiency on scarcity. A thread 🧵
17
35
180
Proposal for @ensdomains - The Decentralized Verified Badge for Identity. A community owned mechanism based on @Kleros_io Generic Token Curated Registry to decentralize Proof of Authenticity of your avatar (and then any claim about your identity) via ENS Metadata Service. 🧵.
9
42
174
how to confidentially run a verifiable computation on private data in public?. ZKP 🤝 FHE. welcome 🔐 zkFHE 🌚. A PoC to demonstrate an approach for private computation on a public environment w/o give up data availability. powered by @RiscZero. 🧵
10
39
175
gmodular brussel 🌅🇧🇪. "What’s the best DA for my use case?"."Should I launch as an L2 or L3?"."What will cost if my chain grows 10x?". We hear you, so we built it. Introducing Blobs. Explore DAs in real-time and estimate your costs!. 🧵👇
19
48
176
Reading a lot these days about privacy concerns and performance challenges for Ethereum RPCs. Welcome Loadbalanceeeer ⚖️🔏. a local JSON-RPC load-balancer with opt-in anonymizer via Tor. 🧵.
4
40
157
I'm proud to release Gas Saver. a smart-contract library to leverage @1inchExchange $CHI tokens in your contracts and save tons of gas (up to 50%) when you or your users interact with them. Below how to use it 👇
8
27
152
Looking how to create a shareable short lived ethereum testnet?. Welcome 🧪 🏗️. A simple serverless testnet as a service based on Foundry Anvil and AWS. 1. Click create.2. Copy the rpc url.3. Share it and enjoy your testnet together. More on the 🧵 👇
12
33
155
London is imminent, what’s the website to track ETH burned? 🤝.
5
9
136
Exploring @iearnfinance vault v2 strategies for one of my beloved projects @synthetix_io ⚔️😍⚒️. What about a simple 50% sBTC 50% iBTC strategy? 0% exposure on BTC and APY 101% as rewards in SNX.
6
17
131
A dive deep on the Binance Bridge hack to shed light on open questions around the exploit and open points 👀 🕵️.
3
30
140
Testing on mainnet my very first @iearnfinance v2 strategy for @idlefinance on my personal test custom vault. Results: deposited 12 hours ago, harvested a few mins ago, it's working!
6
6
133
how many times you were out and an exploit occurs w/o access to your hw wallet? 🫠. account abstraction fixes this ✅. welcome 🔏 Revoke .@safe Module 🧯. delegate your hot wallet or a 3rd party to revoke permissions on your behalf. a 🧵
6
19
138
And remember, you don't need to sell $ETH, you just have to print more $DAI if you need. Thanks @nanexcool for @MakerDAO . (NO FINANCIAL ADVICE).
5
11
135
'If you don't have access to KYC documents, how can you claim that you know your customers?'. Welcome 🥷 IYKYK 🎭. Prove your identity w/o doxxing yourself 👀. Powered by @Sismo_eth and @Sumsubcom. A 6-thread 🧵.
9
38
134
It’s never too late to be what you might have been - a whitehat
Dear hacker, you've got an incoming message.
13
26
131
this is one of the clearest review about zk tech i've ever seen. explains architecture, backend, frontend, pro/cons of approaches, math behind, open challenges in an unbiased view. definitely worth to watch. h/t @wehack247 @Scroll_ZKP @yezhang1998
5
25
138
I'm proud to release Gas Saver Gnosis Safe Module. a user smart-contract module for @gnosisSafe wallets which let you interact with . *ANY* protocol . and save tons of gas leveraging @1inchExchange $CHI and $GST2. Below how to use it and examples 👇
3
26
117
I am proud to release @iearnfinance V2 strategy (0.3.1) for @idlefinance @synthetix_io $sUSD ⚒️🎩⚔️. Composing the protocols I like most! 😎. => Starts with 50k limit and then 🚀. Currently ~50% APY (via @AaveAave v1). h/t @fameal @arbingsam @fubuloubu
7
24
118
nice, this is mine @celestia @MammothOverlord 😎
We waited 10,000 years for this. What does Mamo look like?. Like this. Show your mamo. Mammoths 🦣
8
5
120
eth 4844 blobs are on fire 🔥. they are not free anymore $0.30/kb.
3
15
113
In personal news, I'm very excited to join @conduitxyz which is enabling players like @ourZORA, @pgn_eth to scale via rollups with confidence and swiftly 🙌. My goal is accelerating tech and push product 🫡. Very glad to work with @KAndrewHuang, @optix2000, @bertiecorrie et al.
10
3
109
Executing whitehacks is hard also for security professionals 🤖. But there are three important rules:. - test and don't change before execution.- execute in a single tx.- execute privately ( reorg 🤞). Here a starter foundry repo 🫡.
5
19
107
I'm proud to release Gas Saver Deployer. a smart contract generic deployer which let you deploy (and execute) new contracts saving tons of gas leveraging @1inchExchange $CHI. Inspiration from @dapphub ds-proxy. Below HOWTOs and the example @iearnfinance
3
19
103
And @iearnfinance @reflexerfinance RAI vault is live with version 0.4.2 and health checks!. Leveraging the latest strategy based on @idlefinance which deploys capital (and rebalance) to @CreamdotFinance and @RariCapital . But this is just the first strategy. 👀. Enjoy it! 😉
5
17
94
After a week in Lisbon at @0xliscon and @ETHLisbon .I recharged myself (finally). DeFi is more than Decentralized Finance, it means. D, diversity and dreamers.E, enchanting and exceptional .F, fairness and friends.I, inclusion and innovators. It was nice to have met you IRL 🧵👇
5
2
106
Go decentralized, go fully decentralized also for code management. @iearnfinance @idlefinance strategies are now on @radicle
4
17
97
How to create a shareable ZK Rollup for tests?. Welcome 🧪 🏗️. A simple ZK Rollup as a service based on Kubernetes, AWS and @blockscoutcom. Create a rollup in 1-click!. Currently supporting only @zksync Era. A 6-thread 🧵 👇. PS: it's open-source, really!
6
11
86
Putting aside the tech issue, @CoverProtocol event showed again how this ecosystem is cohesive and supportive. We are and we will stay anti-fragile ⚔️😍💕💪⚒️. I am pretty confident that after this event not only a new solid Cover will emerge but more importantly. .
4
13
86
The first part of the journey to the protocol. Welcome NFTSet, bringing composability to NFTs. NFTSets are NFTs which can manage your NFTs, tokens (ERC20, ERC1155), ETH. Imagine empowering your Meebit so it can hold @lootproject and DAI tokens. 🧵👇
I am working on an NFT DeFi protocol. I am splitting the releases in 3 phases. I do because facilitate the understanding of its mechanisms. So in the next weeks, starting from today, I am releasing 2 byproducts. Stay tuned!
9
17
83
Thursday strategy day! (3/3). Proud to release @iearnfinance V2 strategy via @idlefinance for @circlepay $USDC. Attached to production USDC vault, max cap 10% total AUM (currently ~$1M of $10M), current APY ~47%. Already in $270k. h/t @arbingsam
5
17
83
we’re going to cook something this week 😎. 🛫🇺🇸🏗️
41
1
83
> 2000 TPS - Is this Solana?. Nope, it's a @conduitxyz G2 powered rollup 🚀. You want max performance, you go Conduit
9
5
84
Many times we discuss about reliability and seriousness of projects. @CurveFinance and @idlefinance handled very professionally the issue I've reported. Their users are in very good hands!. Thanks @bneiluj for the connection 😉, Ben and Michael to be always ready also on XMas 🙌.
@harvest_finance @CurveFinance We would like to thank @emilianobonassi, that helped Harvest address the issue and notified this to Curve this morning (whitehacking even on Christmas!) 🙏. He is one of the best minds in DeFi ecosystem and we are proud to have him in this space 👏.
2
9
77
hey @LineaBuild @MetisL2 @taikoxyz @Scroll_ZKP . you should take a look at now. we hear to your AddRollup.exe, just listed 🚀. anyone else not yet there?. just ask
24
13
75
Correct if am I wrong @Uniswap but with the V3 if all the LPs concentrate the liquidity close to 1:1 price (e.g DAI/USDC) we could get a price behaviour similar to @CurveFinance ?.
3
2
78
Looks like @celestia casually 2x the bandwidth and reduce SSF to 6s. That's a great improvement for the DA landscape!. All the rollups on @conduitxyz are benefiting immediately!. Looking for 🦣
Ginger (v3) is live on Mainnet Beta 🫚. 2x data throughput and 6s single-slot finality. 1.33MB/s 🔜
3
13
82
When you choose a protocol, you choose also a team and their friends. They may fight on 'TVL', 'User Adoption' or what ever. But in the moment of need, they are there ⚔️🤝. I love this industry!.
7/ Thanks to @peckshield for their quick notification and actions to investigate!. Also, thanks to all parties in the war room for the help! . cc. @CreamdotFinance, @iearnfinance, @bantg, @Daryllautk, @poolpitako, @emilianobonassi, @calchulus + many more.
1
7
78
blobs space mainnet is on 🔥. calldata is cheaper. who said data availability is solved? 😄
10
3
77
.@SuccinctLabs proofs trend is up only 📈. ~20Trillion of Cycles. @PhalaNetwork with their mainnet on @conduitxyz contributing for 7T 🔥. Yeah, this is not just marketing, we are grinding proofs for real 🪖
12
10
75
Closed the war room with @picklefinance team. Soon there will be (good) updates 💪. h/t @bneiluj @bantg @samczsun.
6
6
72
for historical reasons smart contract testing started with js, we had a lot of boilerplate ready to go and make a lot of sense. now a group of ppl did a great heavy lifting to test natively in solidity, tried during the weekend. it's time to use foundry!. kudos @gakonst and team.
5
7
70
past: you control your money.present: banks control your money.future (web3): everyone except you control your money.
1
7
69
@picklefinance affected logic is now disabled, we can publish the full disclosure. It was exciting and a pleasure to work with @bantg @samczsun @bneiluj and @vasa_develop . @bantg is the peer you want to have in any journey. I loved to do pair reverse engineering with him 😎.
Was in a 5h long late-night/early-morning war ⚔️ room where reverse engineering took place last night with @bantg @emilianobonassi @bneiluj @samczsun and the .@picklefinance team. One of the most intricate hacks till now in the ecosystem 🤯. Diagram showing the series of events👇
1
10
67
How to bring privacy-preserving logins to any web2 app with no integrations?. Welcome zkOIDC 🎭 🔑. Privacy-preserving sign-in with @Sismo_eth Connect via OpenID Connect. Enable any app to offer privacy-preserving logins to their users. A 6-thread 👇
2
36
67
I am proud that after 14 days @iearnfinance $WBTC vault reached the cap of 14 WBTC running only on @idlefinance strategy 🥳 with a good 3.61% APY. It's going to be increased allowing new deposits 😎. What could happen when other strategies will be on? @BadgerDAO @MushroomsFinan1
0
17
66
Ciao @StarkWareLtd dall'Italia! 🇮🇹🤌. How to run a StarkNet node in 5 steps in less than 5 mins 👇. h/t for eqlabs/pathfinder
1
13
69
save this picture!. this is the team that last week managed to update. not 1 but 9 op-stacks . for the @Optimism Ecotone hard fork. one of the most awaited and important events enabling cheap txs for rollups. this is @conduitxyz. seamless, yes. easy, not at all 🔥. a thread 🧵
3
6
71
Spotted last night!. My $USDC @idlefinance @iearnfinance v2 strategy is live for testing on Citadel of Test Vaults (but real yield :d). 100k USDC limit, already filled 30k, no guest list 😉
6
7
65
hey folks!. I’ve applied for Optimism Security Council, to support upgrades and incident response management. If you are a top 100 delegate (or know some friend there) consider sponsoring me replying in the topic 🙏. Happy to answer any q!.
3
7
69
I am so bullish on ETH2 and Layer2 solutions because we are going to see the analogous historical series of events which transformed ARPANET to The Internet. I feel we are soo early.
4
5
65
the time you read this. ethereum and its own rollups processed more than 3000 txs. think about it - it’s coming
10
7
63
my bedtime routine. go to and see we are scaling ethereum. every.single.day. abundant onchain compute @conduitxyz
7
5
66
Another day, another strategy!. Proud to release (spotted yesterday) @iearnfinance V2 strategy via @idlefinance on @WrappedBTC . Production $WBTC vault, max cap ~$500k (14 WBTC), current APY ~7%. Already in 1.5 #Bitcoin . h/t @nymmrx @arbingsam @fubuloubu
7
21
61
I love @iearnfinance for the people who are there. You have to experiment directly how this group is so close and accountable 🤝⚒️. You can say whatever you want but none react so fast to an issue. If you wanna learn how to DeFi as a (accountable) developer you must participate.
An issue with YFI MakerDAO strategy has been identified and patched, no funds are affected. Here is the latest report from the war room. Bravo team, handled this great as always.
2
7
65
Confirmed independently, current yCredit deployment is exploitable. It's not hard to execute, it's recommended to withdraw, NOW!. There's still not much but plenty of liquidity.
4
15
57
technically - you can spin up your own degen chain in 30s. with apple pay from your mobile phone. with @conduitxyz . it simplifies the heavy lifting, yours the execution ;)
4
6
58
Lazy Weekend 💤. Off for a few weeks 👋. Have a great weekend 🙌
14
0
59
1/Y A thread on how you can leverage @iearnfinance not only as a yield source provider but also as a very powerful (and simple) framework to develop creative strategies. A pegging mechanism which uses yield to peg @proofofhumanity $UBI to a target supply via a meta-vault. More👇.
4
13
58
@hildobby_ @base well, they are not stopping, they are just switching to calldata because it's cheaper - no finality delay. this unichain for instance switching to calldata temporarily. both op and arb rollups decide in realtime where is cheaper to post, and send data.
3
0
61
prediction. zk tech will be embedded natively in ethereum very soon. otherwise, well, don’t want to think the outcome.
6
6
58
A potential simple threat detection tool. Rules:.1. Transfer out from Tornado Cash.2. Deposit in an empty wallet (nonce < threshold).3. Deploy smart contract.4. Wait source verified in x mins.5. Few test txs involving flash loans (optional).
4
7
59
Simulating on Rinkeby renting of @GodsUnchained cards via @rentableworld. Alpha users rented (for testing) most of the marketplace leaving in few hours just 3 rentables available. It's Rinkeby but it's nice to see enthusiasm for testing a new primitive 🙂
7
13
53
And we have the swap, 10k $USDC for 12.39 @synthetix_io $sTSLA . (on mainnet fork at current block). PASSED! ⚔️😎
Well, we have the smart contract ready to go. Next step meme UI 😉 and some optimizations for UX (ups, $USDC support permit pattern, swap with no approve only one tx 🤫)
2
5
55
It's gonna to happen 😍. @synthetix_io on @enzymefinance .
1/3 📂.Today, we're pumped to be open-sourcing the Enzyme codebase (v2) 🧙♀️. BUT. that's not all. .
1
9
55
Taking a look. This is the second attack whish uses multiple flash liquidity,.flash swaps via Uniswap and flash loans via dYdX. We will see very complex things via @AaveAave V2 batch flash loans :).
The latest flash loan attack?. An account funded by one ETH from Tornado Cash executed a contract that flash swapped $180m from Uniswap and flash borrowed $51m from dYdX. USDC and DAI vaults of Warp, the protocol affected, are empty. $1m in ETH is in an EOA. h/t @CryptoCatVC
2
10
50
💪 we are an ecosystem, each other helps 🤝. I know that in DeFi we are going to see other issues but I am always confident that we are resilient . always. period.
I am extremely grateful for @bantg @emilianobonassi @arbingsam @calchulus @GriphookETH and everyone else who was quick to help investigate and look into the issue. The cross protocol collaboration was heart warming to witness. I will be forever in debt to everyone in the warroom.
1
1
52
No limits and 543% APY for $YFI? 👀 🙈.
A new wild vault has been spotted in the planet of apes! . It's $YFI farming season!🔵💿.
2
10
54