I am now an LSR (lead security researcher) at @SpearbitDAO. Thrilled and honored.

kudos to @cantinaxyz for evolving into the perfect partner to launch the record-breaking @Uniswap v4 bug bounty.

It was really interesting to take a deep dive into the @safe contracts and @Optimism. Thanks for the opportunity.

Are you using GPT-4 for coding?. Add a custom instruction to always include the code snippet first.

👀.

@LeonSixt @joranhonig also created an awesome list about the topic.

We need a database of bugs and a common evaluation to measure the progress of AI to find vulnerabilities in Solidity/EVM bytecode. @LeonSixt and I started with building a dataset. DM me if you are interested in collaborating.

Can this be improved? How good are models like GPT-4 if you build a prompt pipeline? Which shoots thousands of prompts against a few hundred lines of code. Then try to build a scoring system and present the top bug candidates out of the sea of false positives.

Trail of Bits also wrote a nice blog post about their experiments:.

Early research has shown that LLMs can detect vulnerability types in DeFi smart contracts with a success rate of 40%, but they also have a high false positive rate. @HatforceSec.

Sure. I might have pointed GPT-4 a bit into the right direction or the model got an upgrade. GPT-4 also generates a lot of noise and wrong answers but nevertheless, it can find and explain vulnerabilities.

Asking GPT-4 to think step-by-step and to reason about input validation and require statements can find the bug.😽.

Sehr guter Thread. Kann ich auch aus eigenen Erfahrungen mit internationalen Kollegen in Berlin bestätigen.

RT @joranhonig: Smart contract security is not just about Solidity. It's math, economics, game theory, distributed systems, computer scien….

RT @carlbildt: It’s difficult not to be moved by this. A still sunny days outside the opera in Odessa.

RT @jimmy_wales: What's wrong with twitter in a single screenshot.

Try it out and play around with it. 5/.

Our focus is not entirely on open source projects. We try to build basic building blocks for streaming, membership and redistribution of funds 💦 4/.

If your project found a way to make enough money, you should start sharing profits with your dependencies, which made that possible. Our vision is to establish a new cultural norm of giving. 3/.

Imagine, you can add a file next to your README with a list of projects to distribute a share of your incoming funds. Together, with tools which can help to analyse your project dependencies. 2/.