0age
@z0age
Followers
13K
Following
4K
Media
67
Statuses
1K
There's a well-known phenomenon in software development: often, you'll "plateau" for a while before discovering a new trick, tool, or workflow that radically upgrades your capabilities. Recently discovered one such trick & want to share with my fellow smart contract optimizors 👇.
14
91
674
Big 48 hours for Seaport — after a brief Solidity / Vyper holy war, we're now underway building a Vyper implementation with some of the brightest minds in the ecosystem. Will be fascinating to compare the two holistically once it's complete. Gotta say, I love build-a-bear.
19
30
441
chain abstraction is all the rage right now. value transfer across chains must become totally seamless. this is the vision for cross-chain UniswapX. been building out one of the primitives to help get there — a new protocol for reusable resource locks:. The Compact 🤝. let's 🧵.
21
48
424
I generally stay “in character” and commit to the pseudonymous crypto dev bit. but recent events are too painful not to share. our home and entire community has been absolutely obliterated by the Palisades wildfires. overwhelmingly grateful for everyone’s safety in evacuating in.
56
7
419
Today, we're open-sourcing an early proof-of-concept implementation of Seaport Gossip, a peer-to-peer network for discovering and broadcasting Seaport listings. What is Seaport Gossip, why is it important, and how can you get involved in building it alongside us?. Let's dig in:.
12
45
329
Leaking some alpha on how to easily mine create2 salts to deploy contracts to efficient addresses. I've been using my trusty eGPU for years to great effect, but it's actually very fast and inexpensive to use the cloud (h/t @arr00 for the demonstration). Here's how to do it 👇.
17
34
329
The Seaport version 1.2 contract is now deployed to many EVM chains! . 0x00000000000006c7676171937C444f6BDe3D6282. The current Seaport contract (v1.1) is still usable & will be as long as whatever chain it's on keeps chugging; v1.2 is a new contract. So, what's v1.2 all about? ⤵️.
24
49
316
Introducing ret↩rn.eth . 0x00000000000061aD8EE190710508A818aE5325C3. A generative audiovisual work where all metadata is stored & rendered onchain — i.e. a Music NFT™. An ERC721A contract, minting as an Ξ0.05 open edition for 72 hours. Here’s the story & tech behind it. ↵
29
42
304
Overwhelmed by the response to the Seaport protocol — want to take a moment to thank my coauthors, @d1ll0nk + @transmissions11, for their truly exemplary contributions, and to @emo_eth, @_LeFevre_, @stephanminkj, @Slokh, and many others at @OpenSea for getting us to this moment.
9
15
274
I've been "wearing" a green rectangle for half a decade, and by now it has become a core component of my pseudonymous identity. With the help of StableDiffusion, I've created a new NFT collection to better express my personal aesthetics with 64 variations on the theme: ⬛🟩⬛.eth
29
11
245
Ever find yourself curious what the current memory layout looks like on a contract, but don't have ready access to more advanced tools? You can just set `bytes` as the return value to the function in question, then drop a call to this little function at your preferred breakpoint
2
32
231
Here's an easy way to distinguish intermediate Solidity devs from advanced devs:. How well do you understand default ABI encoding?. If you can describe how to encode an array of structs that themselves contain arrays of structs, you're advanced. (GPT-4? Intermediate Solidity dev).
13
10
207
open-sourcing another piece of the cross-chain swap puzzle. a framework for settling swaps on destination chains, handling disputes between fillers & redirecting MEV to swappers in the process:. Tribunal ☝️. let's get into what Tribunal's about 💬.
11
24
189
Sharing an update on an issue (now resolved) that briefly impacted the @OpenSea Shared Storefront contract. TL;DR: a configuration issue made it possible in some instances for sellers to accept offers on Shared Storefront items and receive payment without owning the NFT.
5
48
186
Yesterday the @blur_io marketplace contract used ~1.4x of the gas the Seaport v1.1 contract did. But Seaport moved ~1.5x of the NFTs that Blur moved. Topping the Etherscan gas guzzlers can indicate lots of usage (props to Blur on that front). It can also indicate lots of wastage.
8
4
181
open-sourced another building block on the path to cross-chain swaps:. a reference implementation of a minimalistic server-based allocator for The Compact. it's called Smallocator 🤏. if you're wondering "what the hell is an allocator" then read on. ↓.
12
17
152
Lots of good (and plenty of bad) info on replay attacks in an ETH POS/POW chain split scenario heading into the merge. Here's a definitive breakdown on the NFT-specific situation & what to watch out for when interacting w/ Seaport / @OpenSea, @LooksRare, @the_x2y2, & @sudoswap 👇.
3
41
172
Excited and humbled to be joining OpenSea as Head of Protocol Development. To everyone who's been a part of the journey at Dharma — thank you for your trust and support!.
1/ On behalf of the entire Dharma organization, we are thrilled to announce that we’re being acquired by @OpenSea.
21
6
173
Crowd-sourcing some solidity code snippet optimizations — whoever comes up with the most gas-efficient optimization gets bragging rights. First challenge: get some fraction of a number and revert if the result isn’t exact (i.e. significant digits are truncated during division).
18
24
161
Seaport v1.4 has been deployed and is ready for production use!. 0x00000000000001ad428e4906aE43D8F9852d0dD6. Version 1.4 addresses a few issues on Seaport v1.2 & v1.3, "developer preview" versions not recommended for production use. Let's go over v1.4 changes & lessons learned ⤵️.
8
19
157
Anybody that’s still authoring ownable contracts without a two-step ownership transfer process (e.g. transferOwnership + acceptOwnership) has clearly never needed to transfer ownership of a contract with significant value.
14
8
147
open-sourced an indexer for The Compact built alongside the gigabrains at @ponder_sh . very clutch for anyone building a frontend, tracking analytics, or running a filler or an allocator (link to hosted version in the README). h/t @typedarray @kyscott18.
7
15
152
Seaport v1.5 has been deployed across a multitude of chains & testnets. 0x00000000000000ADc04C56Bf30aC9d3c0aAF14dC. @OpenSea will begin migrating to v1.5 starting next week; more precise details to come. Huge thanks @eth_call, @d1ll0nk, @emo_eth, @dan_OpenSea, & @stephanminkj.
9
16
144
The Seaport @code4rena competition has now ended — thanks again to the many reviewers who participated! . A summary of relevant findings will be made available soon, but I'd like to share some key findings and give a heads-up that we'll be deploying Seaport v1.1 to address them.
2
25
133
Basic: If you write your contracts in assembly, nobody will review it. Based: If you take the time to write your contracts in thoughtful, readable assembly, everybody will review it. Massive appreciation for all of you Seaport reviewers — this is how we learn and build together.
4
6
130
> TypeError: Function declared as pure, but this expression (potentially) reads from the environment or state and thus requires "view". 🤔 "requires" ? 🤔. (Keeping those pure functions pure wasn't easy and I'll go to ridiculous lengths to avoid having to even temporarily change
10
2
132
Huge relief that the ETH POW fork is modifying the chainID, which keeps most of the chaos on the forked chain from bleeding into the main POS chain via replay attacks; Seaport listings will also be replay-safe. Still, the safe play is to avoid signing anything on the POW chain.
ETHW Core just released its ChainIDs -.Mainnet: 10001.Testnet: 10002 - 10005.
6
13
124
The @optimizoor just made finding your next efficient create2 deployment address 20% to 25% more efficient. 👑.
9
5
128
This is undoubtably going to be the most intense day yet in my quest through the metaverse. Countless talented people have put in a colossal amount of work preparing to perform nearly-simultaneous @OpenSea and @Dharma_HQ protocol upgrades ~4 hours from now.
4
12
116
Back with another episode of "debugging without advanced tools available" — say you want to quickly see what data a particular bytes array contains (or could also provide a grab bag of variables via abi.encode). Pass it to this function and it'll get spit out as a revert string
4
13
117
Time to start advocating for this EIP if you're not already; obviously all eyes on the Merge but TSTORE should be next in the hopper.
9
17
116
Is anyone actually still confused on how to pronounce ETH?. It’s obvious, really. Same vowel sound as read, lead, and tear.
20
3
119
We need better comparisons of feature support and respective gas usage across NFT marketplaces in an objective, reproducible format — @opensea @ourZORA @LooksRareNFT @0xProject @the_x2y2 et al, let’s all collaborate on getting each of our marketplaces into a public repo this week.
11
3
118
Seaport is MIT licensed; anyone can fork it and redeploy it. However, there are a *lot* of reasons not to fork it. With that said — if you *do* decide to fork. For the love of Satoshi, USE THE CANONICAL CONDUIT CONTROLLER. That way you can migrate back to the canonical Seaport.
4
5
115
Just spent >1.2 ETH to deploy two view-method-only contracts to mainnet. AMA.
19
1
112
Seaport v1.1 has been live for over 5 months. Since then, our ecosystem has developed a deeper understanding of it. It's time to apply what we've learned in building the next iteration of the Seaport Protocol!. Some data, proposed key features, and a call to join the discussion:.
2
12
107
It’s been over 3 years since this contract was used. Shame, as it’s a pretty awesome concept. It’ll scan the bytecode of a contract, ensure that there are no reachable SELFDESTRUCT / DELEGATECALL / CALLCODE opcodes, and register it as indestructible.
5
4
108
Phase 1: I don’t understand this assembly, but someone smarter does so must be safe. Phase 2: I understand this solidity, but not enough other reviewers do so must be unsafe. Phase 3: *nobody* understands the solidity compiler but I understand this assembly so it could be safest.
8
4
110
Highly advocate that anyone leveraging upgradeable proxies with an initialize function use a pattern where initialization is only permitted during contract creation (e.g. ensure that address(this).code.length == 0) rather than based on a value held in storage (prone to collision).
Audius post-mortem suggests it was exploited because of a storage slot collision in their contracts which used OpenZeppelin Upgradeable Proxy. The twist is their contracts were audited by none other than OpenZeppelin themselves.
3
14
107
Devcon has been fantastic thus far, so good to see everyone. Just have one major beef. Why is EIP-1153 / TSTORE not getting more love?!.
8
10
105
Grateful to now have the opportunity to publicly thank everyone who was involved in identifying this vulnerability and successfully executing on its remediation before any exploit was performed.
2
17
104
We won 0xMonaco and in this moment I am EUPHORIC. Can’t thank @transmissions11 @_Dave__White_ @sina_eth_ @ttobbaybbob @TylerCrimm and the whole @paradigm_ctf squad enough for coming up with such a compelling concept and executing on it so well.
Additionally, congrats to the winners of 0xMonaco, our first PVP CTF challenge. We can't wait to see your write-ups!
9
3
106
I’ve been beating this drum ever since this feature was rolled out — it is structurally unsafe to sign an opaque hash representing arbitrary listings. The @blur_io marketplace is upgradeable — it is imperative that they move to signing readable, typed data like Seaport does ASAP.
Blur signatures are now being used to steal NFTs ☠️. These are even more dangerous than the Opensea/Seaport signatures because the message is unreadable. We've already added a security measures to keep you safe.Here's a quick rundown 👇
6
5
100
We've found a minor bug in Seaport v1.4 that only impacts potential future integrations. Due to the low severity, @OpenSea will stay on v1.4 for now. We've prepared a fix for v1.5 & are writing more tests before deploying. Let's dig in to the bug & the path forward from here ⤵️.
3
8
99
Getting lots of questions on what’s next on the “roadmap”. I’ll tell ya what’s next:. Deploying the most flexible, efficient, and secure NFT marketplace yet. Seaport v1.2 is gonna bang.
12
2
94
More tests starting to come together in the marketplace benchmarks repo; This is the “direct” comparison (i.e. contract-to-contract)
4
15
94
Realized that I don’t think I’ve ever seen an NFT contract written in anything but Solidity. Shill us your favorite Vyper / Huff / raw EVM NFTs.
16
3
63
So thrilled to see this launch — Seaport was designed from the very start with this use-case in mind. Looking for more onchain NFTs to add to the collection if anybody has their eye on one of mine and wants to make deals!.
8
4
66
Big thanks to my fellow coauthors and contributors in the Seaport Working Group for making this release a reality. Excited to see what you all build using Seaport Hooks!.
OpenSea and the Seaport Working Group are thrilled to unveil Seaport 1.6 — the latest generation of the most advanced NFT marketplace protocol in the EVM ecosystem. Seaport 1.6 introduces a new capability enabled by the recent Ethereum Dencun upgrade called Seaport hooks 🪝.
11
4
79
Let's assume that it's somehow possible to bypass `require(msg.sender == address(0))` on mainnet (can of course bypass using eth_call or a cheatcode). Aside from obvious stuff like draining the null address, what else would break horribly?. Bonus points for a proof-of-concept tx.
18
7
79
Seaport v1.2 has been deployed for two weeks now, giving integrators a chance to play with it. In that process, @androolloyd uncovered a notable limitation. So, we decided to skip over v1.2 and go straight to a newly-deployed v1.3!. 0x0000000000000aD24e80fd803C6ac37206a45f15. ⤵️.
3
6
76
OK, at this point I'm starting to get a bit nervous about this whole thing. (appreciate the kind words though, shibboleth friend)
6
0
77
Seaport 1.1 has been deployed — huge thanks to all the contributors, reviewers, auditors and integrators who made this release possible.
3
7
78
Doesn’t get much more “Dark Forest” than using a metamorphic contract to mount a governance takeover of TC.
Next, how did this happen?. Well, when the attacker created their malicious proposal, they claimed to have used the same logic as an earlier proposal which had passed. However, that wasn't exactly the truth, because they added an extra function.
1
6
72
Here's a transaction-level reentrancy lock that ensures a given function is only callable once per transaction: in the function, deploy a contract via CREATE2 with init code of `caller selfdestruct`. The contract is only destroyed (and redeployable) at the end of the transaction!.
3
1
73
Finally own an NFT from my all-time favorite collection, “Series 4: Glitchbox” by @_deafbeef. A monumental work: generative, self-contained, interactive, historic, cohesive aesthetic, plays to the unique strengths of the medium, code <=> art at its finest.
12
1
73
The ultimate eth-maxi move: shaving off 1 gas and a byte of runtime code from your contracts by using `CHAINID` in place of `PUSH1 0x01`.
1
10
71
Imagine just a function that you call with no arguments and that always returns some value that it's never returned before. Obviously this could just be a counter, but that costs an SLOAD + SSTORE. can we do better? Anyone have ideas for a cheaper implementation?.
16
6
72
Phase one: the architectoooor. Phase two: the optimizoooor. Phase three: the standardizoooor. (Seaport entering phase three very soon!).
3
2
73
Today marks the public launch of the new Dharma - and we also just open-sourced all of our smart contracts! Come peek under the hood and see how the Dharma Smart Wallet works behind the scenes:
2
16
73
Even after adding all the new features, the candidate implementation of Seaport v1.2 is appreciably more gas efficient than v1.1. (this is looking at the cheapest example in the test suite for each function; the % improvement is even better for the more expensive tests!)
4
1
70
Woah — I deployed the final discreet.eth contract over a *year* ago. Lots of friends minted a few, but they were mostly unclaimed. That is, until a moment ago; it quickly minted out and briefly entered the top 10 🙃. Wild to see how far fully on-chain metadata has come since then.
3
10
65
Awesome to see @quixotic_io has migrated to Seaport! 🌊🎉. *However,* it appears as though they've committed a faux pas in the process by redeploying Seaport to a new custom address. This is not great as it fragments liquidity unnecessarily; and remember that nobody owns Seaport!.
2
2
69
You know what would be *really* interesting?. Supply some runtime code for a contract that implements some pure function, along with calldata + resultant returned data. Then provide a succinct ZK proof so that the result can be verified without needing to execute the runtime code.
9
6
59
PUSH20 0xffffffffffffffffffffffffffffffffffffffff should be a dedicated opcode; it's present numerous times in every solidity contract that deals with addresses . change my mind (good luck).
8
2
68
But just imagine how much computational effort has been saved on those eth_calls by packing the string length and data into a single mstore!!
9
4
65
Case study in self-cannibalization — All the @paradigm_ctf challenges are *so* good and yet everybody just wants to play 0xMonaco now
1
5
66
Thanks @sinahab for having me on Into the Bytecode — highly recommend giving it a listen if you’re interested in learning more about the technical aspects of Seaport!.
Here is my conversation with @z0age . We dive into Seaport, the new marketplace protocol developed by @opensea -- talking about how the protocol is architected; how conduits and zones work; we even get into some of the low level gas optimizations in the contracts
2
11
65
And so it begins ⛴.
We will be building a UI for @opensea Seaport to enable in-game bartering.
3
1
66
You're likely aware that the Solidity compiler now compiles contracts to Yul, then runs a number of optimizations on that intermediate representation before compiling the Yul to bytecode and doing bytecode-level optimization. What you might not realize is that you can read the IR.
1
8
64
Huge thank you to everyone who participated in the Seaport @code4rena competition. Winner of the highest-signal QA report goes to @eth_call . Working through gas optimizations next, nice reports so far including by @BowTiedDravee . Open PRs with your findings against 1.2 branch!.
8
2
63
It's been a while since I released a new NFT, and (like many of us) I've been thinking about them lately. Played around with some ideas tonight & deployed discreet.eth — a set of 576 unique abstract shapes kept entirely on-chain. Feel free to mint some if you prefer low-key PFPs
13
8
64
calldatacopy, codecopy, extcodecopy, returndatacopy. why no memcopy??. is it not sort of broken that using the identity precompile is the cheapest option for copying a block of memory to a new location?.
5
4
63
Anybody else find themselves applying VRGDA analysis to a bunch of day-to-day decisions all of a sudden?. “Coffee consumption’s running past the target 21 ounces per 24 hours, my body’s gonna pay extra for this”.
5
5
65
@LinearNFT @pcaversaccio @z0r0zzz @transmissions11 @d1ll0nk Just gonna leave this here in case you’re looking for something faster ⚡️
3
4
62
Anyone who successfully deploys Seaport v1.5 to a new EVM chain or testnet & verifies the source gets a follow from me here on Twitter (deployment / instructions referenced here).
2/ Contract tooling. To deploy Seaport 1.5, I used Foundry's cast tool + the deployment docs from the official OS repo. It's always great getting more familiar with cast (incredibly underrated and handy) and @z0age's IC2F which I'm already a fan of***!.
16
5
62
WHAT HAVE I DONE. (To be fair, I did call out the danger in using a generated private key in that very article).
6
3
64
From there, you'll be able to comb through and locate places where things seem messy or inefficient and make tweaks to your upstream code to address those issues. You can also grab whole blocks of Yul code to use as a starting point when rewriting something in assembly
2
1
60
Many thanks to the legend @_hrkrshnn for dropping knowledge on how to generate this output as well as for helping @d1ll0nk + I make sense of the optimization sequences. Looking forward to learning more as we investigate and improve on the Yul compiler optimization process.
3
0
59
So a bump to Solidity 0.8.13 + turning on the Yul IR compilation pipeline means ~3k less gas and a lot less complexity on a key function for a contract we’re working on — looking for a good reason not to use it other than “it’s brand new” (if anyone has thoughts it’s @Montyly).
2
2
57
Then: Who is Satoshi Nakamoto?. Now: Who is The_Duck??. All signs indicating that they are in fact the same entity.
4
3
60
Public goods / protocols with no fees: 😍. Public goods / protocols with reasonable fees that help sustain the public good: 🫡. Public goods / protocols that pay out incentives to draw in + capture users that will eventually pay exorbitant fees to compensate early backers: 🚩🚩🚩.
4
2
59
The Seaport @code4rena competition has wrapped!. No high-severity & just 1 medium-severity finding 🧃. That it was only found by one talented warden, 0xSomeone, and missed by the rest of us really speaks to the impact an individual can make in the health & safety of our ecosystem.
It’s official… one Warden took out the entire H+M prize pool for @opensea’s latest C4 audit!. Huge congrats to 0xSomeone (Alex from Omniscia) who takes home $71.5k for their unique finding 🤩(1/3).
4
1
57
No oracles or fixed collateralization ratios is cool. Next, let’s do one with no protocol fees or governance and cheaper execution. Exciting to watch all the talented teams currently working on lending protocols that are decentralized from the ground up and built as Seaport apps.
Introducing Blend!. @blur_io wanted a lending protocol with:. * Arbitrary collateral, including NFTs.* No oracles.* No expiries.* Market-set interest rates. So @transmissions11 and I worked with them to design a new mechanism. Here’s how it works 🧵.
4
2
56
Happy merge day! 🎉. Or sad merge day and we’ll all be looking for a new line of work? 🤷.
7
3
56
People tend to focus on gas savings (particularly for minimal proxy implementations & similar) or the “flex” of contracts with lots of leading zeroes. There’s another benefit that people tend to miss:. It‘s *much* harder to generate similar addresses that can be used for phishing.
5
1
57
Progress report for Seaport integrators!. Two brand new helper contracts are now deployed to 17 chains & testnets with more to follow. SeaportValidator: 0x00e5F120f500006757E984F1DED400fc00370000. SeaportNavigator: 0x0000f00000627D293Ab4Dfb40082001724dB006F. A quick summary: ⤵️.
4
4
55
There's a wildly popular cross-chain protocol just waiting to be built for offering this as a service (1 ETH in, .01 ETH equivalent value bridged to 100 different EVM chains at once). Would also just be a massive flex should someone be able to execute on a service like this.
5
6
54