cmichel @cmichelio Twitter profile

Last Seen Profiles

@OG_Humble_One

@portalkatyperry

@nobletreeuk

@jantopicecuador

@Tamedamus

@3TL12md5RZvFiDQ

@DipnotY

@lilireinhart

@PanitiaPensi

@PeepshowTO

@Jrwynn2Wynn

@Slatsman

@velvetistired

@FosterWbball

@ursogoregous89

@TempleDietitian

@Laura_M_Groves

@albaberlin

@AlbertSamaha

@tfiZM4EHPk38U87

@PeopleBlockers

@weraax69

@princetenkoo

@F4JN_FocuXP

@SabrinaSalerno

@jandakembangstw

@hair_361horn_

@nancey_to

@RossKeane

@bashapom1

@raadeem

@Astro_Mona

@PrepRedzoneNE

@sammy0069160509

@thectrll

@CSH_02

cmichel

@cmichelio

3 years

@Meta @BALENCIAGA

2

8

2K

cmichel

@cmichelio

2 years

ETH devs: write math libraries in assembly to save gas Meanwhile, CosmWasm devs: I need the fractional part of a decimal number. Let me stringify it, find the ".", put a "0" in front of it and string-parse it again

30

64

893

cmichel

@cmichelio

1 year

if you want to create web3 security content, instead of creating the hundredth auditor roadmap, auditing tips that are just common knowledge, or spot the bug challenge content, try this instead: create cheat sheets for protocols you audited 1/7

48

104

509

cmichel

@cmichelio

2 years

After grinding for 14 months I finally reached my goal of being the first to cross 1M$ on the @code4rena leaderboard. 🥳 Thanks to everyone involved, this has been very fun, lucrative, and I learned a lot by seeing other wardens' vulnerabilities that I missed.

Code4rena

@code4rena

2 years

1/ Code4rena all-star @cmichelio crossed $1,000,000 in Warden payouts: How did he put those numbers on the board? 🧵

7

14

65

32

377

cmichel

@cmichelio

1 year

hot take: even if @CertiK pointed this out 90% of you would still have been rugged because you don't actually read the audits. Trusted third-party issues exist in the majority of protocols, either directly through admin privileges or indirectly through upgradeable contracts 1/6

yieldfarming

@delucinator

1 year

and Certik did audit this, it's not like a swapped out frontend, Certik legit saw the contract allow infinite to some random ass address and gave it a pass

24

33

200

15

52

239

cmichel

@cmichelio

6 months

Dear Lord, please forgive any issues I'm about to submit and any severities I'm about to inflate. I'm just playing this game called competitive audits and it's primarily played for points against a judge bound by a flawed rule book filled with infinite loopholes and vague

7

20

229

cmichel

@cmichelio

3 years

Wrote up my thoughts on how to become a smart contract auditor as I received a few DMs #ethereum

How to become a smart contract auditor | cmichel

From time to time, I receive messages asking me for advice on how to get started as a smart contract security auditor. While there are…

cmichel.io

8

63

211

cmichel

@cmichelio

1 year

I'm auditing in VR, that's my alpha. Pros: Portable, good as a second screen when traveling Cons: The resolution is still too bad (2x more pixels would do) and I don't see my keyboard. Can't do any serious work yet

25

11

203

cmichel

@cmichelio

1 year

What DeFi protocols have USDC price hardcoded to 1$?

23

14

190

cmichel

@cmichelio

4 months

just learned you can shift-click on the line numbers in @github to select multiple lines. all my life I typed #L71 -L84 directly into the address bar 🤦‍♂️

21

5

152

cmichel

@cmichelio

5 years

My 𝗟𝗲𝗮𝗿𝗻 𝗘𝗢𝗦 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗯𝗼𝗼𝗸 is now available on ! 🎉 As the first of its kind, you'll learn how to build dapps on EOS from start to finish and become a full-stack EOS blockchain developer #eos #eosio Thread 👇

Learn EOS Development

Learn EOS is the complete, up-to-date guide to learning full-stack EOS blockchain development

learneos.dev

12

44

146

cmichel

@cmichelio

3 years

Some thoughts on @SushiSwap 's Trident after having looked at the code now. It's a pool creation factory currently supporting 4 pool types: - UniswapV2 - UniswapV3 - Balancer - Curve The new feature is that the pool tokens are used to yield farm in-between trades ("Bento")

3

40

134

cmichel

@cmichelio

2 years

the MEV race to the bottom happened over 9 months after the flashbots adoption in April. over 90% of profit goes to miners. from the awesome flashbot's MEV in 2021 talk

5

13

130

cmichel

@cmichelio

2 years

if you haven't listened to my @summit_defi talk you're in luck and can try solving my CTF challenge without spoilers

GitHub - MrToph/ctf-lending

Contribute to MrToph/ctf-lending development by creating an account on GitHub.

github.com

7

20

131

cmichel

@cmichelio

1 year

yUSDT invests in the highest-APR USDT derivative: cUSDT, aUSDT, bZxUSDT, dydxUSDT. There's a misconfiguration which uses bZxUSDC instead of bZxUSDT. Here's how the attack worked:

samczsun

@samczsun

1 year

It seems like the iearn USDT token (yUSDT) has been broken since deploy, which was *checks notes* over 1000 days ago. It was misconfigured to use the Fulcrum iUSDC token instead of the Fulcrum iUSDT token.

41

90

495

1

27

129

cmichel

@cmichelio

8 months

bugfree contracts have been achieved internally

8

3

119

cmichel

@cmichelio

2 years

My contribution to @artgobblers is GooStew: The protocol optimizes goo production for its users through collaboration. Users deposit gobblers and/or goo and receive more goo than they would have received on their own through goo inflation.

GitHub - MrToph/goostew

Contribute to MrToph/goostew development by creating an account on GitHub.

github.com

Art Gobblers

@artgobblers

2 years

For builder humans: Quote RT this tweet with code for an extension to our ecosystem. Your creation could involve Gobblers, Goo, novel games or protocols that integrate Gobbler assets, or anything else. Those who build the coolest stuff will get a spot on our mintlist.

22

65

263

13

12

116

cmichel

@cmichelio

5 months

@trust__90 We moved on from this narrative. The main point of this industry is and was always to get rich. That's why we clap every time banks enter the industry and want MASS ADOPTION so someone buys our bags. Doesn't matter if we end up with TradFi as long as we are early to NewTradFi.

5

7

113

cmichel

@cmichelio

2 months

I'm starting my own project hiring all these North Korean hackers for token allocation, just waste their time, never deploy anything, and try to get access to their machines and counter-hack them.

cygaar

@0xCygaar

2 months

This is the Github profile of the North Korean dev that hacked Munchables on Blast. Here are all the red flags🚩 for those of you looking to hire in the future: 1) Clear logo farming, very unlikely any dev is super proficient in all of these languages/tools. There are more

209

96

910

8

4

115

cmichel

@cmichelio

7 months

12 hours left to solve my @paradigm_ctf Dragon Tyrant challenge. 6 solves so far. I even spent some time drawing NFTs for you.

0

2

103

cmichel

@cmichelio

3 years

@arush @0xrohan @moo9000 @nathandoctor @0x4C756B65 @chiachih_wu @Mudit__Gupta I started doing this with my "Replaying ETH hacks" series. I explain the protocol code in a blog post and then create a reproduction by building the attacker contract + forking from the block before exploit

GitHub - MrToph/replaying-ethereum-hacks

Contribute to MrToph/replaying-ethereum-hacks development by creating an account on GitHub.

github.com

7

32

101

cmichel

@cmichelio

1 year

Voters are not technical enough to understand the proposals and there's often no incentive to thoroughly check these. If you don't have a core team anymore, should there be a dedicated security person checking proposals in exchange for a token allocation? 1/3

11

13

100

cmichel

@cmichelio

5 months

I wonder if there'd be demand for a niche auditing shop only checking rounding issues. Manual review & building tools like @trailofbits ' roundme. They don't seem to get enough coverage from current auditors but can be critical in hundred finance & kyberswap-style attacks.

11

5

99

cmichel

@cmichelio

1 year

what I mean by cheat sheets are posts like these from @0xreentrant that give an overview of the protocol, the terminology it uses, diagrams of contract traces of the most common user actions, or important math equations 2/7

8

5

97

cmichel

@cmichelio

29 days

EIP discussions are easy mode. Try getting involved in audit competition escalations

jtriley.eth

@jtriley_eth

30 days

don't get involved in eip discussions don't get involved in eip discussions don't get involved in eip discussions don't get involved in eip discussions don't get involved in eip discussions don't get involved in eip discussions don't get involved in eip discussions

10

2

120

9

1

99

cmichel

@cmichelio

1 year

why does EIP-4337 read like a CTF challenge? forbidden opcodes, storage access & code hash restrictions. you even need to break keccak256 if you want to implement the storage check: given a storage slot keccak(A || X) + n, check if A is in some preimage?

7

9

96

cmichel

@cmichelio

2 years

currently on vacation, let's take a break from audits and build something. an idea I had for a while was implementing @instagram filters as NFTs. you can point the filter NFT to another NFT and it will be applied. will be live tweeting as I build

4

7

93

cmichel

@cmichelio

2 years

What's this fetish with writing smart contracts in assembly? First Tezos, now Algorand. It's so easy to make mistakes if you're writing raw assembly. Bearish on any chain that doesn't launch with a proper high-level language

tinyman.algo

@tinymanorg

2 years

1- As many of you are aware an attack occurred on Tinyman Pools on January 1st/2nd. The attack exploits a previously unknown bug in the contract and allows the attacker to withdraw assets from a pool that they are not entitled to.

71

162

425

11

13

90

cmichel

@cmichelio

1 year

now that @yugalabs dookey dash ended, here's my write-up of how the game worked internally, the anti-cheat system that was used, what kind of cheats still worked and my verdict #dookeydash

Dookey Dash - Deep dive into the sewer | cmichel

Dookey Dash was YugaLabs’ latest game. It was a skill-based game using the final rankings to mint a new NFT collection (speculated to evolve…

cmichel.io

3

8

91

cmichel

@cmichelio

9 months

cygaar

@0xCygaar

9 months

I just deployed a smart contract in Rust 🦀. No, that isn't a typo. Arbitrum just launched Stylus, a project that allows developers to deploy more efficient smart contracts written in Rust, C, and C++. A quick overview on how Stylus completely changes contract development 🧵:

54

93

540

5

9

90

cmichel

@cmichelio

5 months

who knew that the array length is a valid array slice start index in #solidity ? The more I think about it, the more it makes sense. inb4 rustaceans all knew about this

5

4

87

cmichel

@cmichelio

3 years

Technical explanation of today's hack on @EOS_Nation 's vaults contract. The biggest hack we've seen on #EOS so far stealing ~13,5M. @SlowMist_Team

EOS vaults.sx hack | cmichel

The vaults.sx contract on EOS mainnet has been exploited through a re-entrancy attack. 1,180,142.5653 EOS (~13M USD) and 461,796.8968 USDT…

cmichel.io

4

31

86

cmichel

@cmichelio

1 year

service tweet: The v4.9 OZ ERC4626 implementation can now use more than 18 decimals (if you want to prevent against first depositor attack). I've seen protocols assume that tokens with >18 decimals aren't used and would break, might want to reconsider

OpenZeppelin

@OpenZeppelin

1 year

OpenZeppelin Contracts v4.9 official release 🔐 OpenZeppelin’s most efficient, lean and secure release is now available for developers to continue to build scalable smart contracts. Read about the latest update to the most trusted open-source libraries:

20

70

472

2

16

79

cmichel

@cmichelio

5 months

Never really liked how aave rounds "half up", imo it just makes it harder to analyze and you always want to be explicit in your rounding direction. Admittely, compound v2 also has this issue but at least there it's more obvious that the code is wrong 😅

PeckShield Inc.

@peckshield

5 months

Today's hack on @RDNTCapital results in the loss of 1.9k eth (~$4.5m). The root cause is not new: It basically exploits a time window when a new market is activated in a lending market (forked from the popular Compound/Aave). The exploitation also relies on a known rounding

15

65

212

2

75

cmichel

@cmichelio

2 years

@anchor_protocol @immunefi 50k for 6 billion at risk is a low incentive to go whitehat. Come on, pump these numbers up to 1M$ for critical issues @stablekwon

7

0

67

cmichel

@cmichelio

2 years

TIL about `cast 4byte-decode <calldata>` for checking what some calldata does. It looks up matching function signatures on , lets you pick one and decodes the rest according to it. often works even if the source code is not public 🤯

3

4

65

cmichel

@cmichelio

6 years

How to cross-post Markdown to @Medium (works with @gatsbyjs 🙂) #javascript #js #medium

1

7

62

cmichel

@cmichelio

3 years

I implemented and replayed the @RariCapital Fuse VUSD exploit. Turns out the attacker did a lot of unnecessary steps when manipulating the UniswapV3 price #ETH

Replaying Ethereum Hacks - Rari Fuse VUSD Price Manipulation | cmichel

A few days ago, pool 23 of Rari’s Fuse platform was exploited. In this episode of the Replaying Ethereum Hacks series, we will look at what…

cmichel.io

2

14

60

cmichel

@cmichelio

2 years

@Mudit__Gupta @code4rena 7) Didn't read the rules and notice too late that @code4rena awards duplicates and judges have the last word. 8) Bounty gets evenly distributed 9) Also notice that you had to pay 20% on top of the bounty as an org fee 10) Cry 😢

6

0

54

cmichel

@cmichelio

2 years

my UST depeg insurance finally paid out. unclear policies written by amateurs, moving goalposts, tedious manual evidence submission process. felt like traditional insurance. not doing this again unless the policy&payout are enforced in a smart contract

4

3

52

cmichel

@cmichelio

6 months

receiving a cease and desist because of code licensing issues "is almost a better certification of a pristine codebase implementation than the contest itself". 🤣 so many bangers in this tweet

0

1

51

cmichel

@cmichelio

4 years

We just released the first version of Hydra! 🎉 You can now conveniently test #EOSIO smart contracts without installing #EOS or configuring and running a local blockchain

4

14

49

cmichel

@cmichelio

4 years

Obfuscating #EOSIO smart contracts #EOS $EOS

3

13

46

cmichel

@cmichelio

2 years

The private keys file was encrypted, not uploaded in plain to the cloud. Law enforcement got access to the file some time in 2021 but took them until Jan 31st 2022 to crack. Probably best to assume your files / wallet passwords are not secure either. Use hardware wallets

2

8

43

cmichel

@cmichelio

8 months

anyone at @token2049 wants to meet?

12

2

45

cmichel

@cmichelio

1 month

@alpeh_v I can be even more annoying. You're thinking of a *collision-resistant* hash function, a hash function only needs to be compressing. All answers are wrong 😁

2

0

44

cmichel

@cmichelio

2 years

Code4rena - First 1M$ stats | cmichel

After 14 months of grinding Code4rena audit contests I’m the first person to hit 1M$ in awards and take the number one spot on the…

cmichel.io

4

6

42

cmichel

@cmichelio

1 year

this doesn't make much sense? an additional bug bounty only has benefits, might have only paid $300k instead of $3M with a 10% bug bounty

Alexey Koloskov

@alexeykoloskov

1 year

Instead of relying on low-impact bounty programs, our own funds were used in our smart contracts as a way to attract Web3's most sophisticated hackers. Of course, we always hoped that a vulnerability would not be found.

2

0

21

3

2

41

cmichel

@cmichelio

1 year

it will help other auditors and future you to grasp the protocol more quickly. docs often fail at explaining the protocol for newcomers because they are written by developers that spent years on it and they assume that the basics are well-known (curse of knowledge) 3/7

2

1

39

cmichel

@cmichelio

8 months

I'm outside at lvl 4 for the next 30-45 mins. Come say hi, I'm the one in the Certik hat

9

1

40

cmichel

@cmichelio

9 months

one would think checking the number of bits of the seed you use to initialize your PRNG was an easy task. apparently not, first profanity, now libbitcoin, probably many more. new bug bounty alpha just dropped #milksad

3

1

40

cmichel

@cmichelio

4 years

Seems like #EOS solved this in a much more beautiful way with inline actions and recipient notifications. Abstract is better here, there isn't even an intrinsic like msg.value. Tokens are not baked into the programming language, they are just smart contracts on top of it

David Mihal.eth

@dmihal

4 years

(5/12) This issue is because there's no such thing as "payable functions" in ERC20. Contracts can execute code when they receive ETH, but not when they receive tokens. ERC777 adds "hooks", which are basically payable functions for tokens.

1

28

1

10

36

cmichel

@cmichelio

2 years

Will be showing some interesting @code4rena findings tomorrow + do a live a contest on code I haven't seen yet 🙈 should be fun

Code4rena

@code4rena

2 years

LIVE at @TheSecureum TrustX C4 Showdown: The Game Show @cmichelio vs @liam_eastwood13 With guest judge @HickupH Hosted by @sockdrawermoney This Friday April 22 at 8:20 UTC In person, streaming, & tape delay

3

8

32

2

7

36

cmichel

@cmichelio

2 years

@0xOptimum Signature should be claimPrize(uint256), it currently calls the fallback

4

0

36

cmichel

@cmichelio

3 years

@paradigm_ctf gg, thanks for organizing! Here's my ([object Object]) writeup for the challenges I could solve. feel free to DM me your solutions #Ethereum #ETH #CTF

Paradigm CTF 2021 Solutions | cmichel

Paradigm CTF 2021 was a 48-hour Ethereum focused security competition held over the last weekend. It consists of 17 challenges, most of them…

cmichel.io

4

8

34

cmichel

@cmichelio

3 years

Lots of OG React devs I followed 4 years ago when I was a frontend dev are now starting to work in web3 🍻 @markdalgleish @dabit3 Probably nothing

Mark Dalgleish

@markdalgleish

3 years

First day at @rainbowdotme 🌈🌈🌈🌈🌈🌈

20

2

405

1

5

33

cmichel

@cmichelio

1 year

is there something like a reverse @RevokeCash ? I enter a contract address and want to see all the (token, owner, amount) tuples that approved the contract

3

1

32

cmichel

@cmichelio

1 year

Recent fails could have been prevented by someone who knows what they are doing, didn't even require a full audit - Aave Polygon lockup could have been prevented by simulating the changes and running the tests - TC proposal uses a metamorphic contract, immediately suspicious 2/3

1

33

cmichel

@cmichelio

3 years

@the_ethernaut This avoids modulo bias. Courtesy of @PoolTogether_ where I've first seen it. Idea behind it is explained here:

2

3

33

cmichel

@cmichelio

1 year

Even RAI is down 7%.

2

1

31

cmichel

@cmichelio

1 year

@trust__90 yep and virgin web2 hackers only steal email addresses and encrypted passwords, how boring is that

1

0

32

cmichel

@cmichelio

1 year

so if you invested without opening the audit report and now, in hindsight, complain about it not being pointed out, you're not intellectually honest with yourself. you'd still have invested even if it was written, you're now just looking for someone to blame for your decisions 3/

2

3

33

cmichel

@cmichelio

4 years

How I gamed $EOS #Defi projects and still got rekt #EOSIO #EOS

6

9

31

cmichel

@cmichelio

6 months

This is so cool. Love the ZuPass zk ticket check. Hope this becomes the default for all events from now on. No more email or ETH address leaks when checking in

Devconnect.eth

@EFDevconnect

6 months

1. Get your Cowork ticket & download Telegram. 2. Click: to open a chat with the ZuKat bot 🐈. 3. Press Start. 4. Select Devconnect Community Hub. 5. Follow the instructions to generate your zero-knowledge proof and join the Devconnect Community Hub.

2

17

3

0

32

cmichel

@cmichelio

1 year

you also provide value to the protocol. I can recall several cases where diagrams created by auditors ended up becoming part of the official documentation. (but maybe that just speaks to them having bad documentation) 4/7

1

31

cmichel

@cmichelio

3 years

@Mudit__Gupta SEC protecting investors. Curve Emergency DAO "protecting LPs". Same shit, different industry. I have the right to be rugged.

3

4

31

cmichel

@cmichelio

3 years

There was a bug in #solana 's NFT metadata contract that allowed spoofing NFTs. These NFTs appeared as if they were part of a collection on most marketplaces. A thread 🧵

jprince.sol

@redacted_j

3 years

Alright you dirty degenerates. I hope your families enjoyed getting to know you again during this small mint outage. Tell them good bye. I found the bug. One line change. Looks like #CandyMachine was inadvertently exploiting the bug too. HAPPY MINTING!

8

6

41

2

9

30

cmichel

@cmichelio

10 months

@sjkelleyjr @sw0nt @gpersoon @StErMi @daejunpark

2

0

31

cmichel

@cmichelio

1 year

- aTokens/debtTokens are rebalancing. "scaled balance" refers to shares aka `rebasedAmount / index` (bad naming because scaling is ambiguous, can scale in two directions) write down protocol quirks: - a liquidation bonus of 5% in code is not 500 bips, its 10500 bips = 105% 7/7

1

0

28

cmichel

@cmichelio

4 years

Users can't redeem $CRL 's $WRAM for EOS anymore. The minting smart contract has a re-entrancy vulnerability that allowed printing more tokens and has been exploited. Hacker got 45,000 EOS and cashed out #EOS

Fastest Block Explorer and Wallet

Your comprehensive block explorer with TXs, accounts, tokens and more!

bloks.io

4

12

30

cmichel

@cmichelio

1 year

maybe the existing system where you are patronized and your government/SEC/accredited investor rules tell you what you're allowed to do with your money is what you prefer. maybe you are indeed a clueless and uninformed NPC that needs to be protected from yourself 5/6

1

4

27

cmichel

@cmichelio

6 months

@MarinaPironeva @cantinaxyz Me 👋

4

0

29

cmichel

@cmichelio

4 years

8 #EOSIO intrinsics devs might not know about yet #eos

1

10

28

cmichel

@cmichelio

1 year

terminology: - "asset" is just the underlying token - "liquidityIndex" and "getNormalizedIncome" is the rebasing index, defaults to 1e27 (bad naming because two names for the same thing) - the difference between LTV (loan-to-value) and LT (liquidation threshold). LT > LTV 6/7

2

0

28

cmichel

@cmichelio

1 year

whatever system you prefer, you need to accept it in its entirety. you can't just reap the rewards from its good parts without also accepting its downsides. 6/6

1

26

cmichel

@cmichelio

1 year

cheat sheets are especially useful for protocols that you review often and that are bad at naming like @MakerDAO and @AaveAave . as an example, here's an excerpt from my aave-v2 cheat sheet that I can always come back to 5/7

2

0

27

cmichel

@cmichelio

11 months

@caitlinxyz love this view

1

0

28

cmichel

@cmichelio

4 years

Thanks to @LiquidAppsIO for making the DAPP Network Hackathon possible. It was a lot of fun building our LiquidCrypto service and the first anonymous voting protocol on EOSIO. Also excited to share the crowd favorite prize with @gnollio 🤗

1

5

28

cmichel

@cmichelio

1 year

Among crypto's core values is personal responsibility, only you control your private keys and you should own your actions and decisions. if you don't like that and are quick to blame someone else if things go wrong, maybe this isn't the space for you. 4/6

1

2

27

cmichel

@cmichelio

4 years

What's happening with $DMD $YFC $CRL on #EOS ? @NewdexOfficial recently listed these new tokens, but they are all the same product? The websites also all look the same even though the website code is not open source. Anyone has more info? Is it the same team?

7

10

26

cmichel

@cmichelio

4 years

Built #EOS token portfolio over the weekend. It lists all your EOS transfers + charts them. 📈 Maybe someone else finds it useful #eosio

Launching EOS Token Portfolio | cmichel

Traditional block explorers make it hard to see how your token balances evolve over time - something I always wanted to see for my own dapp…

cmichel.io

3

26

cmichel

@cmichelio

9 months

I feel like I mad a mistake investing professionally into HarryPotterObamaSonic10Inu

nader dabit

@dabit3

9 months

discuss

709

268

3K

1

0

25

cmichel

@cmichelio

3 years

@AndreCronjeTech once said a project without a token will lose against a fork with a token. I say a project with idle capital will lose against a project yield farming with the capital. People want higher APYs. Surprised we're only starting to see this now.

1

2

24

cmichel

@cmichelio

3 years

Providing interest-bearing tokens as collateral and then borrowing + redeeming them again is really smart. If I had to summarize the core idea: Let's say there's a yUSD token currently trading close to 1-to-1 with USD. yUSD's current total supply is 50M.

Paladin Blockchain Security

@0xPaladinSec

3 years

(I) The exploit of @CreamdotFinance is a strong reminder about the importance of collateral management for lending protocols. In this situation, the code of the core protocol was correct. Instead, small-cap, easily manipulated collateral lies at the cause.

2

23

97

2

7

23

cmichel

@cmichelio

5 years

Earn on your unused CPU and help the #EOS network! 💸 A new idea that could help with the CPU issues #EOSIO $EOS

Earn on your unused CPU and help the EOS network! | cmichel

The latest trend on the EOS mainnet seems to be about earning tokens on anything: Earn EOS through REX and voter/proxy rewards, DAPP tokens…

cmichel.io

7

12

23

cmichel

@cmichelio

1 year

Quiz: If you write a test in forge, start pranking an EOA, then try a create2 contract deployment, what will happen?

revert, EOA can't create2

50

fallback to create

17

create2 | deployer = Test

44

create2 | deployer = EOA

94

4

1

23

cmichel

@cmichelio

1 year

Governance proposals are imo one of the few cases where better tooling would still be very helpful 3/3

1

23

cmichel

@cmichelio

4 years

#ETH on #EOSIO ? 200k$ dev challenge from @block_one_ was just released

EOSIO

@EOSIO

4 years

Join the #EOSIOChallenge . Together, we can help drive #blockchain integration.

9

58

145

0

1

21

cmichel

@cmichelio

3 years

@moore_chaney @EverythingEOSio @BlockchainZack 1/4 Running the EOS VC fund as a standard VC fund is super misleading and not what was promised as the BB talk shows.

1

5

23

cmichel

@cmichelio

3 years

@DeGodsNFT Hi, how it's usually done is that you do both 1) put it on arweave for immutability (it's true though that the metadata can still be changed unless it's explicitly locked) 2) use a second cdn metadata field pointing to S3 for better performance, see here

1

2

23

cmichel

@cmichelio

2 years

Looks like you can also frontrun EOA deposits by passing from=victim, to=attacker after victim approved the contract? the bug density in this code is incredible

0x Storm Blessed

@storming0x

2 years

Quick check at this code. You can mint whatever amount of shares you want "visrDeposit" as long as you pass a Contract as "from" AND That contract has an Owner() method that is msg.sender. That's it, any contract can implement this. After that you have a blank check to mint.

11

18

169

1

6

22

cmichel

@cmichelio

3 years

Some preliminary investigation on this: Each token has its own proxy contract for the cross-chain transfers, the implementation points to this Factory contract Hacker calls the receive function of the Factory contract

InitializableProductProxy | Address 0x42ba9308073bea68949e650a3659a0fae369f4e0 | Etherscan

The Contract Address 0x42ba9308073bea68949e650a3659a0fae369f4e0 page allows users to view the source code, transactions, balances, and analytics for the contract address. Users can also interact and...

etherscan.io

ChainSwap

@chain_swap

3 years

Liquidity pulled temporarily, please do not buy $ASAP we are investigating the exploit

35

9

30

5

6

21

cmichel

@cmichelio

2 years

let's start building. it all starts with a `foundryup`

4

22

cmichel

@cmichelio

3 years

@moore_chaney @EverythingEOSio @BlockchainZack 4/4 39:40 "Credible founders [...] that would succeed in raising money from any venture [...] we would love to talk with them". This sums it up, the EOS VC fund has zero interest in giving the EOSIO ecosystem any special treatment.

1

0

22

cmichel

@cmichelio

5 years

It's been almost two weeks since the #EOS Play hack, but I still wanted to give my perspective on it, explain the attack and show some stats.

What really happened during the EOSPlay hack | cmichel

It’s been almost two weeks already since EOSPlay (and other EOSIO casinos) were hacked, and there are already many attempts at explanations…

cmichel.io

0

10

21

cmichel

@cmichelio

1 year

@IAm0x52 love seeing a fellow stats tracker

0

21

cmichel

@cmichelio

3 years

Imagine the DEX <> CEX arbitrage opportunities when @solana comes back online 👀

3

1

21

cmichel

@cmichelio

6 years

@TamasGorbe @fermatslibrary @3blue1brown Nitpicking, but I'd consider this more of a visual proof for n*(n+1)/2 and not n^2/2 + n/2. I interpret the former as half of the area of a single rectangle with sides n, n+1. The latter expresses the addition of two shapes which is what is in the picture

1

19

cmichel

@cmichelio

3 years

This @solana escrow contract tutorial by @paulxpaulxpaulx is imo the best and most comprehensible tutorial to get started. It explains just enough at the right time without overloading you with unnecessary information 1/2

1

4

20

cmichel

@cmichelio

7 months

@cantinaxyz @TheTrustX

3

0

20