0age
@z0age
Followers
11,841
Following
108
Media
65
Statuses
1,303
Head of Protocol Development @opensea (views are my own)
Joined September 2018
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Northern Lights
• 240636 Tweets
オーロラ
• 202844 Tweets
DeNA
• 62036 Tweets
#withMUSIC
• 44840 Tweets
Fulham
• 32294 Tweets
BQUIK X BKPP
• 24972 Tweets
太陽フレアのせい
• 24350 Tweets
NUNEW AT BITEC
• 23656 Tweets
#العين_يوكوهاما
• 21491 Tweets
ベイスターズ
• 18910 Tweets
バチコン
• 18854 Tweets
ハマスタ
• 17752 Tweets
FOURTH SINGING TIME
• 15899 Tweets
マリノス
• 12705 Tweets
自分の魚
• 12465 Tweets
#マルハニチロ
• 12413 Tweets
GenG
• 12299 Tweets
#誕生魚診断
• 11706 Tweets
わたしの誕生魚
• 11570 Tweets
Buju
• 11454 Tweets
There's a well-known phenomenon in software development: often, you'll "plateau" for a while before discovering a new trick, tool, or workflow that radically upgrades your capabilities
Recently discovered one such trick & want to share with my fellow smart contract optimizors 👇
22
93
679
Big 48 hours for Seaport — after a brief Solidity / Vyper holy war, we're now underway building a Vyper implementation with some of the brightest minds in the ecosystem. Will be fascinating to compare the two holistically once it's complete. Gotta say, I love build-a-bear
19
31
447
Today, we're open-sourcing an early proof-of-concept implementation of Seaport Gossip, a peer-to-peer network for discovering and broadcasting Seaport listings
What is Seaport Gossip, why is it important, and how can you get involved in building it alongside us?
Let's dig in:
17
48
338
Leaking some alpha on how to easily mine create2 salts to deploy contracts to efficient addresses.
I've been using my trusty eGPU for years to great effect, but it's actually very fast and inexpensive to use the cloud (h/t
@arr00
for the demonstration).
Here's how to do it 👇
25
35
333
The Seaport version 1.2 contract is now deployed to many EVM chains!
0x00000000000006c7676171937C444f6BDe3D6282
The current Seaport contract (v1.1) is still usable & will be as long as whatever chain it's on keeps chugging; v1.2 is a new contract
So, what's v1.2 all about? ⤵️
25
51
322
Introducing ret↩rn.eth
0x00000000000061aD8EE190710508A818aE5325C3
A generative audiovisual work where all metadata is stored & rendered onchain — i.e. a Music NFT™
An ERC721A contract, minting as an Ξ0.05 open edition for 72 hours
Here’s the story & tech behind it
↵
29
42
309
Overwhelmed by the response to the Seaport protocol — want to take a moment to thank my coauthors,
@d1ll0nk
+
@transmissions11
, for their truly exemplary contributions, and to
@emo_eth
,
@_LeFevre_
,
@stephanminkj
,
@Slokh
, and many others at
@OpenSea
for getting us to this moment.
14
15
280
I've been "wearing" a green rectangle for half a decade, and by now it has become a core component of my pseudonymous identity
With the help of StableDiffusion, I've created a new NFT collection to better express my personal aesthetics with 64 variations on the theme: ⬛🟩⬛.eth
31
11
246
Sharing the winning 0xMonaco car from team
@opensea
— no crazy low-level tricks or pricing techniques, just high-level strategies & tactics that break up the race into phases: sit back early on, maintain forward momentum, go full blitzkrieg at the end
9
32
241
Ever find yourself curious what the current memory layout looks like on a contract, but don't have ready access to more advanced tools? You can just set `bytes` as the return value to the function in question, then drop a call to this little function at your preferred breakpoint
2
32
237
Here's an easy way to distinguish intermediate Solidity devs from advanced devs:
How well do you understand default ABI encoding?
If you can describe how to encode an array of structs that themselves contain arrays of structs, you're advanced
(GPT-4? Intermediate Solidity dev)
13
11
209
Sharing an update on an issue (now resolved) that briefly impacted the
@OpenSea
Shared Storefront contract.
TL;DR: a configuration issue made it possible in some instances for sellers to accept offers on Shared Storefront items and receive payment without owning the NFT.
10
49
190
Yesterday the
@blur_io
marketplace contract used ~1.4x of the gas the Seaport v1.1 contract did
But Seaport moved ~1.5x of the NFTs that Blur moved
Topping the Etherscan gas guzzlers can indicate lots of usage (props to Blur on that front)
It can also indicate lots of wastage
9
4
187
Lots of good (and plenty of bad) info on replay attacks in an ETH POS/POW chain split scenario heading into the merge
Here's a definitive breakdown on the NFT-specific situation & what to watch out for when interacting w/ Seaport /
@OpenSea
,
@LooksRare
,
@the_x2y2
, &
@sudoswap
👇
6
42
177
Excited and humbled to be joining OpenSea as Head of Protocol Development. To everyone who's been a part of the journey at Dharma — thank you for your trust and support!
1/ On behalf of the entire Dharma organization, we are thrilled to announce that we’re being acquired by
@OpenSea
.
58
152
978
22
6
181
Crowd-sourcing some solidity code snippet optimizations — whoever comes up with the most gas-efficient optimization gets bragging rights.
First challenge: get some fraction of a number and revert if the result isn’t exact (i.e. significant digits are truncated during division).
19
24
164
Seaport v1.4 has been deployed and is ready for production use!
0x00000000000001ad428e4906aE43D8F9852d0dD6
Version 1.4 addresses a few issues on Seaport v1.2 & v1.3, "developer preview" versions not recommended for production use
Let's go over v1.4 changes & lessons learned ⤵️
8
19
159
Anybody that’s still authoring ownable contracts without a two-step ownership transfer process (e.g. transferOwnership + acceptOwnership) has clearly never needed to transfer ownership of a contract with significant value
16
9
153
Seaport v1.5 has been deployed across a multitude of chains & testnets
0x00000000000000ADc04C56Bf30aC9d3c0aAF14dC
@OpenSea
will begin migrating to v1.5 starting next week; more precise details to come
Huge thanks
@eth_call
,
@d1ll0nk
,
@emo_eth
,
@dan_OpenSea
, &
@stephanminkj
9
15
147
> TypeError: Function declared as pure, but this expression (potentially) reads from the environment or state and thus requires "view"
🤔 "requires" ? 🤔
(Keeping those pure functions pure wasn't easy and I'll go to ridiculous lengths to avoid having to even temporarily change…
10
2
137
The Seaport
@code4rena
competition has now ended — thanks again to the many reviewers who participated!
A summary of relevant findings will be made available soon, but I'd like to share some key findings and give a heads-up that we'll be deploying Seaport v1.1 to address them.
3
25
133
Basic: If you write your contracts in assembly, nobody will review it
Based: If you take the time to write your contracts in thoughtful, readable assembly, everybody will review it
Massive appreciation for all of you Seaport reviewers — this is how we learn and build together
5
6
134
Huge relief that the ETH POW fork is modifying the chainID, which keeps most of the chaos on the forked chain from bleeding into the main POS chain via replay attacks; Seaport listings will also be replay-safe
Still, the safe play is to avoid signing anything on the POW chain
ETHW Core just released its ChainIDs -
Mainnet: 10001
Testnet: 10002 - 10005
15
19
83
11
16
129
The
@optimizoor
just made finding your next efficient create2 deployment address 20% to 25% more efficient
👑
10
6
129
This is undoubtably going to be the most intense day yet in my quest through the metaverse. Countless talented people have put in a colossal amount of work preparing to perform nearly-simultaneous
@OpenSea
and
@Dharma_HQ
protocol upgrades ~4 hours from now.
4
12
120
Back with another episode of "debugging without advanced tools available" — say you want to quickly see what data a particular bytes array contains (or could also provide a grab bag of variables via abi.encode). Pass it to this function and it'll get spit out as a revert string
4
13
120
Time to start advocating for this EIP if you're not already; obviously all eyes on the Merge but TSTORE should be next in the hopper
9
18
119
Is anyone actually still confused on how to pronounce ETH?
It’s obvious, really
Same vowel sound as read, lead, and tear
22
3
121
We need better comparisons of feature support and respective gas usage across NFT marketplaces in an objective, reproducible format —
@opensea
@ourZORA
@LooksRareNFT
@0xProject
@the_x2y2
et al, let’s all collaborate on getting each of our marketplaces into a public repo this week
11
4
118
Just spent >1.2 ETH to deploy two view-method-only contracts to mainnet
AMA
21
1
119
Seaport is MIT licensed; anyone can fork it and redeploy it
However, there are a *lot* of reasons not to fork it
With that said — if you *do* decide to fork...
For the love of Satoshi, USE THE CANONICAL CONDUIT CONTROLLER
That way you can migrate back to the canonical Seaport
4
5
117
Seaport v1.1 has been live for over 5 months
Since then, our ecosystem has developed a deeper understanding of it
It's time to apply what we've learned in building the next iteration of the Seaport Protocol!
Some data, proposed key features, and a call to join the discussion:
5
12
108
It’s been over 3 years since this contract was used
Shame, as it’s a pretty awesome concept
It’ll scan the bytecode of a contract, ensure that there are no reachable SELFDESTRUCT / DELEGATECALL / CALLCODE opcodes, and register it as indestructible
5
4
109
Phase 1: I don’t understand this assembly, but someone smarter does so must be safe
Phase 2: I understand this solidity, but not enough other reviewers do so must be unsafe
Phase 3: *nobody* understands the solidity compiler but I understand this assembly so it could be safest
8
4
112
Highly advocate that anyone leveraging upgradeable proxies with an initialize function use a pattern where initialization is only permitted during contract creation (e.g. ensure that address(this).code.length == 0) rather than based on a value held in storage (prone to collision)
Audius post-mortem suggests it was exploited because of a storage slot collision in their contracts which used OpenZeppelin Upgradeable Proxy.
The twist is their contracts were audited by none other than OpenZeppelin themselves.
19
53
350
3
15
111
Devcon has been fantastic thus far, so good to see everyone
Just have one major beef
Why is EIP-1153 / TSTORE not getting more love?!
10
10
105
Grateful to now have the opportunity to publicly thank everyone who was involved in identifying this vulnerability and successfully executing on its remediation before any exploit was performed.
3
18
107
We won 0xMonaco and in this moment I am EUPHORIC
Can’t thank
@transmissions11
@_Dave__White_
@sina_eth_
@ttobbaybbob
@TylerCrimm
and the whole
@paradigm_ctf
squad enough for coming up with such a compelling concept and executing on it so well
Additionally, congrats to the winners of 0xMonaco, our first PVP CTF challenge.
We can't wait to see your write-ups!
10
11
93
9
3
108
I’ve been beating this drum ever since this feature was rolled out — it is structurally unsafe to sign an opaque hash representing arbitrary listings
The
@blur_io
marketplace is upgradeable — it is imperative that they move to signing readable, typed data like Seaport does ASAP
Blur signatures are now being used to steal NFTs ☠️
These are even more dangerous than the Opensea/Seaport signatures because the message is unreadable
We've already added a security measures to keep you safe
Here's a quick rundown 👇
208
1K
2K
6
7
101
We've found a minor bug in Seaport v1.4 that only impacts potential future integrations
Due to the low severity,
@OpenSea
will stay on v1.4 for now
We've prepared a fix for v1.5 & are writing more tests before deploying
Let's dig in to the bug & the path forward from here ⤵️
4
9
100
Getting lots of questions on what’s next on the “roadmap”
I’ll tell ya what’s next:
Deploying the most flexible, efficient, and secure NFT marketplace yet
Seaport v1.2 is gonna bang
12
4
98
More tests starting to come together in the marketplace benchmarks repo; This is the “direct” comparison (i.e. contract-to-contract)
5
15
97
Realized that I don’t think I’ve ever seen an NFT contract written in anything but Solidity
Shill us your favorite Vyper / Huff / raw EVM NFTs
17
4
78
So thrilled to see this launch — Seaport was designed from the very start with this use-case in mind
Looking for more onchain NFTs to add to the collection if anybody has their eye on one of mine and wants to make deals!
Introducing Deals: offer your NFTs for theirs, securely on OpenSea.
👉
2K
2K
5K
8
4
73
Let's assume that it's somehow possible to bypass `require(msg.sender == address(0))` on mainnet (can of course bypass using eth_call or a cheatcode).
Aside from obvious stuff like draining the null address, what else would break horribly?
Bonus points for a proof-of-concept tx
18
7
83
Seaport v1.2 has been deployed for two weeks now, giving integrators a chance to play with it
In that process,
@androolloyd
uncovered a notable limitation
So, we decided to skip over v1.2 and go straight to a newly-deployed v1.3!
0x0000000000000aD24e80fd803C6ac37206a45f15
⤵️
5
7
80
Big thanks to my fellow coauthors and contributors in the Seaport Working Group for making this release a reality
Excited to see what you all build using Seaport Hooks!
OpenSea and the Seaport Working Group are thrilled to unveil Seaport 1.6 — the latest generation of the most advanced NFT marketplace protocol in the EVM ecosystem.
Seaport 1.6 introduces a new capability enabled by the recent Ethereum Dencun upgrade called Seaport hooks 🪝.…
100
56
411
10
4
81
OK, at this point I'm starting to get a bit nervous about this whole thing
(appreciate the kind words though, shibboleth friend)
6
0
78
Seaport 1.1 has been deployed — huge thanks to all the contributors, reviewers, auditors and integrators who made this release possible.
4
7
78
Doesn’t get much more “Dark Forest” than using a metamorphic contract to mount a governance takeover of TC
Next, how did this happen?
Well, when the attacker created their malicious proposal, they claimed to have used the same logic as an earlier proposal which had passed. However, that wasn't exactly the truth, because they added an extra function
7
12
200
1
6
74
Here's a transaction-level reentrancy lock that ensures a given function is only callable once per transaction: in the function, deploy a contract via CREATE2 with init code of `caller selfdestruct`. The contract is only destroyed (and redeployable) at the end of the transaction!
3
1
76
Imagine just a function that you call with no arguments and that always returns some value that it's never returned before
Obviously this could just be a counter, but that costs an SLOAD + SSTORE... can we do better? Anyone have ideas for a cheaper implementation?
16
6
73
Phase one: the architectoooor
Phase two: the optimizoooor
Phase three: the standardizoooor
(Seaport entering phase three very soon!)
3
2
75
Finally own an NFT from my all-time favorite collection, “Series 4: Glitchbox” by
@_deafbeef
A monumental work: generative, self-contained, interactive, historic, cohesive aesthetic, plays to the unique strengths of the medium, code <=> art at its finest
12
1
74
The ultimate eth-maxi move: shaving off 1 gas and a byte of runtime code from your contracts by using `CHAINID` in place of `PUSH1 0x01`
1
10
72
Today marks the public launch of the new Dharma - and we also just open-sourced all of our smart contracts! Come peek under the hood and see how the Dharma Smart Wallet works behind the scenes:
2
16
73
Woah — I deployed the final discreet.eth contract over a *year* ago
Lots of friends minted a few, but they were mostly unclaimed
That is, until a moment ago; it quickly minted out and briefly entered the top 10 🙃
Wild to see how far fully on-chain metadata has come since then
3
14
69
Even after adding all the new features, the candidate implementation of Seaport v1.2 is appreciably more gas efficient than v1.1
(this is looking at the cheapest example in the test suite for each function; the % improvement is even better for the more expensive tests!)
4
2
71
Awesome to see
@quixotic_io
has migrated to Seaport! 🌊🎉
*However,* it appears as though they've committed a faux pas in the process by redeploying Seaport to a new custom address. This is not great as it fragments liquidity unnecessarily; and remember that nobody owns Seaport!
3
2
70
You know what would be *really* interesting?
Supply some runtime code for a contract that implements some pure function, along with calldata + resultant returned data
Then provide a succinct ZK proof so that the result can be verified without needing to execute the runtime code
9
6
59
PUSH20 0xffffffffffffffffffffffffffffffffffffffff should be a dedicated opcode; it's present numerous times in every solidity contract that deals with addresses
change my mind (good luck)
8
2
69
What’s this cool green swirly PFP everyone’s rocking? Did I not make the whitelist on the mint or something?
6
1
67
Thanks
@sinahab
for having me on Into the Bytecode — highly recommend giving it a listen if you’re interested in learning more about the technical aspects of Seaport!
2
11
66
Case study in self-cannibalization — All the
@paradigm_ctf
challenges are *so* good and yet everybody just wants to play 0xMonaco now
1
5
66
But just imagine how much computational effort has been saved on those eth_calls by packing the string length and data into a single mstore!!
10
4
66
And so it begins ⛴
3
1
67
You're likely aware that the Solidity compiler now compiles contracts to Yul, then runs a number of optimizations on that intermediate representation before compiling the Yul to bytecode and doing bytecode-level optimization
What you might not realize is that you can read the IR
2
8
65
It's been a while since I released a new NFT, and (like many of us) I've been thinking about them lately. Played around with some ideas tonight & deployed discreet.eth — a set of 576 unique abstract shapes kept entirely on-chain. Feel free to mint some if you prefer low-key PFPs
13
9
66
Huge thank you to everyone who participated in the Seaport
@code4rena
competition
Winner of the highest-signal QA report goes to
@eth_call
Working through gas optimizations next, nice reports so far including by
@BowTiedDravee
Open PRs with your findings against 1.2 branch!
8
2
63
Anybody else find themselves applying VRGDA analysis to a bunch of day-to-day decisions all of a sudden?
“Coffee consumption’s running past the target 21 ounces per 24 hours, my body’s gonna pay extra for this”
8
5
65
calldatacopy, codecopy, extcodecopy, returndatacopy...
why no memcopy??
is it not sort of broken that using the identity precompile is the cheapest option for copying a block of memory to a new location?
5
4
64
@LinearNFT
@pcaversaccio
@z0r0zzz
@transmissions11
@d1ll0nk
Just gonna leave this here in case you’re looking for something faster ⚡️
3
5
63
Anyone who successfully deploys Seaport v1.5 to a new EVM chain or testnet & verifies the source gets a follow from me here on Twitter (deployment / instructions referenced here)
16
5
64
WHAT HAVE I DONE
(To be fair, I did call out the danger in using a generated private key in that very article)
How it started 👉 How it's going
14
19
252
6
3
64
From there, you'll be able to comb through and locate places where things seem messy or inefficient and make tweaks to your upstream code to address those issues
You can also grab whole blocks of Yul code to use as a starting point when rewriting something in assembly
2
1
60
Many thanks to the legend
@_hrkrshnn
for dropping knowledge on how to generate this output as well as for helping
@d1ll0nk
+ I make sense of the optimization sequences
Looking forward to learning more as we investigate and improve on the Yul compiler optimization process
4
0
59
Public goods / protocols with no fees: 😍
Public goods / protocols with reasonable fees that help sustain the public good: 🫡
Public goods / protocols that pay out incentives to draw in + capture users that will eventually pay exorbitant fees to compensate early backers: 🚩🚩🚩
4
2
59
So a bump to Solidity 0.8.13 + turning on the Yul IR compilation pipeline means ~3k less gas and a lot less complexity on a key function for a contract we’re working on — looking for a good reason not to use it other than “it’s brand new” (if anyone has thoughts it’s
@Montyly
)
2
2
58
Then: Who is Satoshi Nakamoto?
Now: Who is The_Duck??
All signs indicating that they are in fact the same entity
5
3
59
No oracles or fixed collateralization ratios is cool
Next, let’s do one with no protocol fees or governance and cheaper execution
Exciting to watch all the talented teams currently working on lending protocols that are decentralized from the ground up and built as Seaport apps
Introducing Blend!
@blur_io
wanted a lending protocol with:
* Arbitrary collateral, including NFTs
* No oracles
* No expiries
* Market-set interest rates
So
@transmissions11
and I worked with them to design a new mechanism
Here’s how it works 🧵
80
122
681
4
2
57
The Seaport
@code4rena
competition has wrapped!
No high-severity & just 1 medium-severity finding 🧃
That it was only found by one talented warden, 0xSomeone, and missed by the rest of us really speaks to the impact an individual can make in the health & safety of our ecosystem
It’s official… one Warden took out the entire H+M prize pool for
@opensea
’s latest C4 audit!
Huge congrats to 0xSomeone (Alex from Omniscia) who takes home $71.5k for their unique finding 🤩(1/3)
22
11
195
4
1
58
Happy merge day! 🎉
Or sad merge day and we’ll all be looking for a new line of work? 🤷
7
3
58
People tend to focus on gas savings (particularly for minimal proxy implementations & similar) or the “flex” of contracts with lots of leading zeroes
There’s another benefit that people tend to miss:
It‘s *much* harder to generate similar addresses that can be used for phishing
5
1
58
There's a wildly popular cross-chain protocol just waiting to be built for offering this as a service (1 ETH in, .01 ETH equivalent value bridged to 100 different EVM chains at once)
Would also just be a massive flex should someone be able to execute on a service like this
5
7
54
It's hard to overstate the impact that this technique has made on my workflow already
Highly recommend if you're working with inline assembly, or even if you just want to get a better sense of how the sausage is made
1
0
55
Progress report for Seaport integrators!
Two brand new helper contracts are now deployed to 17 chains & testnets with more to follow
SeaportValidator: 0x00e5F120f500006757E984F1DED400fc00370000
SeaportNavigator: 0x0000f00000627D293Ab4Dfb40082001724dB006F
A quick summary: ⤵️
4
4
56
When you’re willing to cut a deal with a supernatural entity so that you win the race at all costs
5
2
55
Thanks again to all who have minted Ret↵rn so far & hope you all end up with bangers at the reveal tomorrow
↵
9
4
50
Introducing TPL v1.0 - a method for assigning attribute metadata to Ethereum addresses for use by regulatory-compliant securities tokens and other projects
1
22
50
Am I missing some obvious way to shorten an array in-place?
Zero interest in allocating a brand new array in memory and copying everything but the removed items over
As far as I can gather, you have to use assembly to modify the length
If so... 0.8.18/19 feature request?
10
3
51