Matt Solomon
@msolomon44
Followers
4,750
Following
1,251
Media
166
Statuses
2,102
Security at @OPLabsPBC . Formerly built @UmbraCash and more at @ScopeLift
Los Angeles, CA
Joined October 2017
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
İran
• 1562367 Tweets
Netanyahu
• 780771 Tweets
The ICC
• 345651 Tweets
International Criminal Court
• 171705 Tweets
Cauca
• 93071 Tweets
Merchan
• 79829 Tweets
Bibi
• 40702 Tweets
Costello
• 36951 Tweets
Red Lobster
• 34127 Tweets
Yildiz
• 30314 Tweets
#KızılGoncalar
• 28392 Tweets
Montero
• 23864 Tweets
Amal Clooney
• 21844 Tweets
Braves
• 21251 Tweets
Kid Rock
• 20937 Tweets
Milli Yas
• 16200 Tweets
ETH ETF
• 14592 Tweets
Zeynep
• 14460 Tweets
BIA GIL
• 14068 Tweets
Memorial Day
• 13952 Tweets
NICOLA EN HOY
• 12962 Tweets
Henrique
• 10711 Tweets
Introducing Multicall3
A modern, efficient contract for aggregating results from multiple function calls
Deployed (almost) everywhere at 0xcA11bde05977b3631167028862bE2a173976CA11
11
78
417
Foundry and solidity best practices were recently released, strongly recommended reading through them
Ethereum development changes quickly so I suspect these will evolve over time. Feedback is definitely welcome
A few highlights below, read them all at:
11
92
401
Introducing EVM Diff: A site to diff EVM-compatible chains in a friendly format.
26
60
336
Say hello to Sweeposaurus 🦖
He'll make it easy to sweep all your ETH and ERC-20 tokens to a new address!
15
62
292
Keeping Up with the Foundry Devs
An ongoing thread of foundry changes so you can stay up to date
12
40
297
Today is my last day at
@ScopeLift
. Working alongside
@BenDiFrancesco
and the team for the last ~3.5 years has been an incredible experience, and I'm grateful to have had the opportunity to work with them.
Next, I'm excited to announce that I'll be starting at
@OPLabsPBC
as a
56
11
278
Here you go:
Can someone make a dapp already that's just one big button that when you press it it finds the current pending transaction nonce in your wallet, and sends a self tx with a higher gas of the same nonce?
So many beginners struggling with pending transactions..
16
13
122
14
54
238
Introducing forge-std v1.0.0 🧵
Strongly recommend updating your forge-std versions ASAP, as there are changes that improve fuzzing so you might find some new failing tests.
Update with `forge update lib/forge-std`
5
37
211
Simulating
@ConvexFinance
`shutdownSystem` call, which unstakes from 61 pools and uses 16M gas:
-
@dapptools
errors with "resource exhausted"
-
@HardhatHQ
finishes after ~14 minutes
-
@TenderlyApp
finishes after ~15 seconds
- Foundry by
@gakonst
and co takes ~10 seconds
12
23
196
In case you're interested, Hardhat's console.sol contract has been deployed to mainnet 1535 times.
Combined, the deployments take up a total of about 567 kB and cost about 163M gas to deploy, which is $54k at current prices
14
13
196
Introducing the Cove alpha release: Simple, reliable, open-source contract verification.
Test it out now at
9
24
164
1/ New `forge script` patterns unlocked thanks to
@devan_non
. No more passing private keys in the CLI:
1. `export PRIVATE_KEY=<key>` in `.env`
2. `uint256 privKey = vm.envUint("PRIVATE_KEY")`
3. `address deployer = vm.rememberKey(privKey)`
4. Deploy with `vm.broadcast(deployer)`
9
20
155
This feature seems to have went under the radar, so here's a guide to clean and simple fork tests with foundry.
No custom profiles, tailored file names/directory structure, or match flags needed 👇️
7
35
151
Pro tip: start a
@HardhatHQ
node by forking from an archive node, and you get debug_traceTransaction for free even if the node you forked from doesn’t support it
@AlchemyPlatform
gives free archive node data which is perfect for this
4
26
140
Hey Solidity devs and Multicall users:
@andreasbigger
and I are deploying Multicall3 soon. It's:
- cheaper to use
- backwards compatible
- will be deployed at the same address everywhere
But we want your feedback before we deploy!
5
29
137
Introducing solidity-generators.
A solidity library offering linspace, arange, and logspace methods to generate evenly spaced arrays.
Check it out here:
5
27
133
Multicall3 is now deployed at the same address on 22 chains
Just deployed to 6 new chains
Multicall3 is now deployed at the same address on 18 different chains. Is this a record? 👀
(thanks
@ahussein
for supplying the funds for the new deploys)
3
2
15
6
14
132
Multicall3 is now deployed at the same address on 50 chains
Introducing Multicall3
A modern, efficient contract for aggregating results from multiple function calls
Deployed (almost) everywhere at 0xcA11bde05977b3631167028862bE2a173976CA11
11
78
417
6
18
124
Multicall3 is now deployed at the same address on 105 chains
Multicall3 is now deployed at the same address on 50 chains
6
18
124
12
9
121
forge-std v1.6.1 released, lots of really useful new cheatcodes 🧵
6
16
119
PSA: Solidity, Foundry, & Hardhat now have a default EVM version of Shanghai
The Shanghai fork introduced the PUSH0 opcode & is supported on Mainnet, Goerli, & Sepolia
If deploying to L2s/other chains with solidity >=0.8.20, you must change the EVM version for contracts to work
We just released Solidity 0.8.20! 🚀
This latest version includes a range of improvements in the via-IR pipeline and improves the list of events exposed in the contract ABI, and, most importantly, support for Shanghai!
📖:
💾:
416
226
586
7
27
117
The
@Uniswap
Seatbelt tool has a new check to warn about selfdestruct and delegatecall usage in contracts touched by a proposal, to reduce the likelihood of governance attacks like the recent Tornado Cash exploit
Here you can see warnings for a current
@compoundfinance
proposal
9
21
115
Stealth addresses are an affordable way to send and receive private payments, & they're live today
But for widespread adoption we need standardization to ensure seamless interoperability between tools and apps
That's why we've written two EIPs that we're looking for feedback on
4
20
112
forge-std v1.3.0 released 🥳
- `InvariantTest` helper contract
- Multicall3 address, interface, and `getTokenBalances` helper method
- StdChains provides access to chain alias
- New parseJson cheats and an `assumePayable` cheat
- New decimal assertions
5
20
112
This is a great tip. Here's how to do this with foundry:
1. Build with `forge build --extra-output ir` OR add `extra-output = ["ir"]` to your config
2. Run `cat ./out/<file>.sol/<contract>.json | jq -r .ir | perl -pe 's/\\n/\n/g' > ir.sol` (file is .sol for syntax highlighting)
Whenever I don’t understand something in solidity I run solc . —ir and the yul helps clarify what’s going on behind the scenes e.g. how does the storage slot of an array get pushed on the stack
1
3
60
6
19
103
🖥Introducing
A simple, customizable dashboard to display whichever Ethereum data is important to you.
Right now it only has some Dai stats, gas prices, and cDAI/cUSDC info.
If you want something added, let me know!
8
20
97
Built a simple Ethereum app template with Vue 3 +
@tailwindcss
that includes:
-
@ethersproject
+ Multicall for polling data
- Onboard by
@blocknative
for connecting wallets
- Dark mode via
@jj_ranalli
's Nightwind
- Vite for fast builds
Check it out here:
4
14
95
For all your on-chain trigonometry needs
8
5
93
Multicall3 is now deployed at the same address on 33 chains
Multicall3 is now deployed at the same address on 22 chains
6
14
132
1
12
91
We modified
@AaveAave
's AToken implementation to support Flexible Voting so you can earn yield on governance tokens and continue participating in governance.
For example, you can supply UNI to Aave to earn yield, and still vote on
@Uniswap
proposals.
🥳Today, we're excited to share our Flexible Voting integration with
@AaveAave
, built with a grant from
@AaveGrants
.
🗳️For a DAO that adopts Flexible Voting, it's now possible to enable Governance participation even with tokens deposited to earn yield.
🔗
1
14
40
5
16
79
Here are a few more details behind the Compound bug from looking at a specific transaction.
Alternatively, this thread is a brief guide to debugging with
@dapptools
Compound Incident Analysis:
Compound upgraded their comptroller contract to which had a one letter bug on L1217.
This led to a reverse rug pull in which Comptroller is giving away more rewards to (past) Suppliers than expected. 🧵👇
15
144
533
2
17
75
My dream of deploy scripts in solidity with deployment as atomic, non-reverting bundles through flashbots is almost here 😍
3
1
76
I like the twitter threads where people read contracts and share their thoughts, so aggregating them in this thread here
Let me know of any others to add
1
10
66
forge-std v1.2.0 released!
- Fix StdChains to speed up via-ir compilation, use new `getChain` helper methods
- New cheats: turn off gas metering, default env var values, get file/folder metadata
- `bound` supports ints
- And more:
3
18
72
This quickly became obsolete as foundry now has a built-in `forge inspect` command which simplifies this, thanks to
@andreasbigger
This is a great tip. Here's how to do this with foundry:
1. Build with `forge build --extra-output ir` OR add `extra-output = ["ir"]` to your config
2. Run `cat ./out/<file>.sol/<contract>.json | jq -r .ir | perl -pe 's/\\n/\n/g' > ir.sol` (file is .sol for syntax highlighting)
6
19
103
0
10
67
forge-std v1.5.6 just released, lots of new cheatcodes and stdCheats since the v1.5.0 release, and some great console.log helpers
You can find the release notes here:
In case you missed previous forge-std releases:
- v1.5.0:
- v1.4.0:
- v1.3.0:
And if you're still on a version before v1.3.0 you should update forge-std more frequently 😛
1
0
1
8
9
65
👉 Renamed "expected/actual" to "left/right" in assertion failures for easier debugging of failed assertions
4
2
64
Request for simple CLI tool or web app: Input an ABI in any format, and output the ABI in various formats
- Solidity interface
- viem human readable
- ethers human readable
- JSON
- Minified JSON
If you do a web app, here's an example output format:
13
4
66
Deployed a long overdue update to
🌈 Improved
@WalletConnect
support (
@rainbowdotme
users should no longer have issues)
💰 EIP-1559 support so cancellations are cheaper (you'll get a refund if you overpay)
📝
@ensdomains
reverse resolution on login
5
10
64
Easily convert solidity arrays to other types with this one weird trick (abi.encode the array then abi.decode it)
5
5
61
forge-std v1.4.0 released:
- Test contracts now include invariant test helpers by default
- Create2 helpers methods added by
@0xkarmacoma
- When using StdChains, you can opt-in to not fallback to the default public RPCs thanks to
@hexonaut
0
13
57
Make sure to `foundryup` tonight, huge new feature release 👀
16
3
52
This is why I still use MM, even though other wallets have slicker UX and nice features.
Security is the most important feature, and without something like LavaMoat it just seems too easy for wallets to get compromised by supply chain attacks.
MetaMask 🦊 is an amazing app for many reasons.
One reason I like especially is that even though it works just fine, the window object of the app is (almost) unusable!
If you're into Browser JavaScript security, come learn about what we call "scuttling" - by LavaMoat 🌋
Well..
54
2K
552
7
7
55
This repo is currently the gold standard in how to setup and run invariant tests with foundry
Awesome work by
@lucasmanuel_eth
and the
@maplefinance
team
Invariant testing is a relatively new framework in Foundry, so I would encourage developers to check out our invariants directory and ask questions/give feedback:
cc
@gakonst
@msolomon44
@brockjelmore
@joshie_sh
2
18
64
2
8
51
@transmissions11
@onbjerg
The last interface command you'll need:
interface() {
if [[ $1 == 0x* ]]; then
cast interface $1 -c ${2:-mainnet} --etherscan-api-key ${3:-$ETHERSCAN_API_KEY}
else
cast interface <(forge inspect $1 abi)
fi
}
2
4
47
First set of charts is up on 📈
Price histories for DAI, ETH, MKR, USDC, and BAT now available.
More charts will be added soon using the same format, so get your feedback in now!
6
14
45
New release of the `foundry-rs/foundry-toolchain` action automatically caches all RPC queries in your CI workflows.
Make sure to set a fuzz seed if your fuzz tests make RPC calls.
Big thanks to
@PaulRBerg
for implementing 🙌
2
3
47
🎨 New `StdStyle` library to easily add colors and styles to your console
- console2.log(("my red string"))
- console2.log((StdStyle.bold("my blue bold string")))
3
1
46
Introducing EIP-5744: A simple interface for tokens that are initially non-fungible and become fungible after a period of time (or once some other criteria is met).
Feedback appreciated!
6
11
42
Truffle was responsible for a lot of the things we take for granted when writing tests these days: fork tests, impersonating accounts, snapshot/reverts, and more.
Amazing to see how far we've come since then. Thank you
@trufflesuite
🫡
No sugar coating this, it's been a challenging few months. The Truffle Suite will be sunsetting over the next 90 days.
To all the developers who've supported us, thank you! It's been an absolute joy to strive with you & the Ethereum ecosystem for the past 6 years. 🧵
477
358
3K
0
2
46
Reminder that EVM Diff has lots of open issues with bounties available.
Learn more here, and DM me if you're interested in tackling one:
1
7
43
Some updates 🧵
Introducing EVM Diff: A site to diff EVM-compatible chains in a friendly format.
26
60
336
2
5
43
Introducing CreateX.
I've wanted something like this for a long time, so a big thank you to
@pcaversaccio
for leading this effort.
Please give the thread a read, review the contract, and share some feedback before we deploy to production!
1/👋 gm to the first of its kind: CreateX – A Trustless, Universal Contract Deployer
A factory contract to make easier & safer usage of the CREATE & CREATE2 EVM opcodes as well as of CREATE3-based (i.e. w/o an initcode factor) contract creations.
11
63
273
3
2
42
Here's a list of various Ethereum security-related resources and tools, including:
- General, high-level guidelines and vulnerability lists
- In-depth explanations of certain topics and vulnerabilities
- Security tools and useful libraries
1
17
42
This is a periodic reminder that `PUSH0` is not yet supported by Optimism or Arbitrum. Please set the `evm_version` to `paris` if you deploy on those chains! If you're not sure about the opcode differences, check out (spearheaded by
@msolomon44
).
3
13
102
3
10
40
Foundry fuzzer just got some big improvements thanks to
@AlexKEuler
🔥
- better random uint generation finds more failures:
- `vm.assume(bool)` cheat code so you can discard fuzz runs that don't meet given criteria:
3
7
39
Figured I'd share some simple bash/seth helpers I use often. Enjoy!
4
8
38
If you want to do this on the command line, cast currently has:
- `cast admin` for EIP-1967 admin
- `cast implementation` for EIP-1967 implementation
- `cast storage` to read an arbitrary slot
Querying storage slots can be a hassle, especially if you are dealing with proxies
Even Etherscan's "Read Contract" doesn't work
✨ That's why I built this tool:
9
68
253
2
1
39
🪙 `dealERC721` and `dealERC1155` cheats that behave just like the existing ERC20 `deal` but for NFTs.
2
0
38
We're announcing two tools today: scopelint, and our Foundry template.
Check out the quoted tweet and the project READMEs for details, and a summary thread is below.
We get to work with great teams across many projects.
As a result, we see the best practices in smart contract development evolve.
Today we're releasing two tools to help share those learnings: scopelint (our opinionated linter) & our Foundry template.
2
7
31
2
6
38
Updated Multicall3 documentation is complete, there's two main updates:
- Better documentation + examples in the repo README at
- Sortable, filterable deployment addresses and ABI in various formats at
Huge thanks to Optimism RPGF badgeholders for supporting Multicall3!
A common request is better docs/examples, so to say thank you I'll finally do that.
I'm planning to add rust/solidity/typescript/python examples, but if you have any special requests let me know here
6
0
21
1
8
36
Live footage of me deploying Multicall3 on it's first zkEVM chain
5
0
37
Ok next pro tip: run your troublesome
@HardhatHQ
transaction against a local node (`yarn hardhat node`), then use seth from
@dapptools
to see a trace or step-through debug that local transaction
(You'll need to bundle source yourself if you want function names or a source map)
Holy freaking shit. This changes everything. How is this not more wildly known.
@HardhatHQ
what else are you hiding from us?
This gives new life to Remix's and Truffle's step through debuggers. Hardhat is great but it doesn't have a step through debugger.
3
8
84
3
3
31
I've been using this
@HardhatHQ
extension for ~2 weeks and it's working great in foundry projects
No remappings file needed, absolute and relative paths both supported, forge fmt support included
Definitely recommend it👌
looks like the hardhat solidity vscode extension supports foundry projects now
it's 100x better than the "normal" one
and if you're working in the seaport repo - it's your only option, since one of the test contracts completely breaks the other ext lmao
4
7
58
1
7
35
Seatbelt now supports
@OpenZeppelin
style governors.
In case you're not familiar with Seatbelt, it's a collaboration between
@Uniswap
and
@ScopeLift
to make governance safer.
It simulates proposals and generates human-readable reports explaining them
4
7
33
Potential hot take: Use fork tests liberally, always prefer them to mocks.
Mocks are required in web2 development, where you have no choice but to mock API responses. But in web3 development everything is on-chain, so just fork the chain instead of risking a buggy mock.
7
1
35
1/2
Every EIP-1559 dashboard I've seen:
-
-
-
-
- (top right corner)
-
-
-
2
15
32
1/ Excited to announce the launch of
@UseFloatify
Floatify makes it easy to go from USD sitting in your bank account to earning 5-10% interest on
@compoundfinance
. No Ethereum knowledge required
Give it a try at and let me know your thoughts!
4
7
30
We've always found it tricky to explain how stealth addresses in
@UmbraCash
work, but
@VitalikButerin
does an excellent job here.
3
5
25
Two great new forge features, make sure to foundryup and update forge-std:
🐛 Set breakpoints in the debugger (h/t
@franfraneth
)
☎️ Expect no calls to be made, or expect many calls to be made (h/t reubenr0d)
Full release notes:
0
2
29
Stealth addresses have been live on
@UmbraCash
for ~2 years, with >65k published public keys & >$100M in private payments sent
To increase adoption & improve flexibility, we want to standardize how stealth addresses work—this is what ERC-5564 aims to do
1
2
29
Someone should write a
@raycastapp
extension for to quickly lookup opcode and precompile info
3
1
29
Created a benchmarking repo here, and with this fresh project Hardhat now only takes 42 seconds 🤷
2
0
28
The Ethereum ecosystem badly needs an audited, dependency free JS secp256k1 library.
@paulmillr
's noble-secp256k1 library can fill that need.
Please consider donating for an audit. We rely heavily on it for
@UmbraCash
& have donated $1000 to the cause
🔗
0
6
27
Small v1.7.4 forge-std release which incorporates some new cheatcodes and cheatcode updates:
2
6
31
7
3
28
@PaulRBerg
Easiest way to deploy a contract at a deterministic address on all EVM chains in a forge script: `foo = new Foo{salt: salt}(constructorArgs)`
The presence of the salt arg tells forge to deploy using create2 via this deployer
4
6
28
@0xkarmacoma
@PatrickAlphaC
@PayPal
@finestonematt
Ah yea you're right, just diffed them and the code in all three (current implementation, prior implementation, and that linked paxos implementation) are all pretty much identical with the exception of naming/revert strings
3
0
25
This is awesome, such a great idea
Introducing Opclave: An Op Stack chain that enables to turn iPhone's into a hardware wallet with fully Account Abstraction support.
90
370
2K
1
1
21
The original Multicall repo seems to be unmaintained in that PRs for deployments on other networks are ignored
So I've forked it, added
@optimismPBC
and
@arbitrum
Multicall deployments, and will continue to update the repo as PRs for new deploys come in
2
0
23
Loved hearing this about the
@gitcoin
grants zkSync checkout UX, so figured I'd share some fun history about how we achieved that UX when we first rolled out zkSync checkout in September 2020
@Red_dot_name
@wmitsuda
@otterscan
@gitcoin
@rotkiapp
@fileverse
@trueblocks
@UmbraCash
@eth_limo
On cGrants, I exclusively used zkSync since it was first available. I have not experienced anything with such smooth on-boarding in the entire web3 space at the time. So, anything that inspires future focus on zkSync I support. :)
1
0
14
5
2
26
Good take
🚨 Solidity devs, we need to have a heart-to-heart. The overuse of modifiers in Solidity is an anti-pattern 🙈
One day, we'll cringe, looking back at our code. Here's why:
7
11
105
4
0
23
The fork feature of ganache-cli by the
@trufflesuite
team seems to be an overlooked but extremely useful feature for smart contract development. Here's a tutorial for anyone unfamiliar with it
1
5
21
ENS supported added to seth, just for you
@gnidan
seth calldata "balanceOf(address)(uint256)" $(seth resolve-name vitalik.eth)
1
5
22
Alpha leak (full tweet thread on this template with more info coming soon ™️ )
.
@msolomon44
has put together a great CI security setup in his Foundry template.
1. Run Slither but don't fail CI on error
2. Upload the Slither results to GitHub Code Scanning
3. Review using the UI; dismissed alerts will be remembered by GitHub
0
6
52
4
1
25
@pedrouid
@VitalikButerin
Venus also has a few other major benefits compared to Mars:
- Similar gravity to Earth
- Easier to travel to
- A lot more solar energy for power
- Much thicker atmosphere for radiation protection
That’s not to say it’s easier to colonize, though
2
0
24
@ernestognw
@danielvf
@0xkarmacoma
@brockjelmore
is working on , which will dump the full EVM state into a dictionary so that it would use the owner address as one of the inputs to find the failure
2
0
24
alias wenmerge="echo $(bc <<< "scale=3; 100 * $(cast block latest totalDifficulty) / 58750000000000000000000")%"
2
2
23
@BenDiFrancesco
@UniswapExchange
@compoundfinance
@MakerDAO
@richatmakerdao
@haydenzadams
@austingriffith
I've found using ganache-cli to run a local fork of the mainnet to be the easiest approach. It also lets you unlock any mainnet account, so you can send tokens from an exchange (or any other account) to your contract
1
0
22
