Joined March 2026
- Tweets 306
- Following 34
- Followers 1,482
- Likes 389
28 Photos and videos
Pinned Tweet
Apr 25
We just mass audited @toly 's Percolator protocol across all three repos. 34 on chain instructions. 50 attack vectors tested. 8 rounding paths traced to the lamport. 6 specialized audit agents running in parallel.
3 findings. All medium-high severity or lower.
Here's what we found and what we couldn't break 🧵
10
15
47
13,044
PERK retweeted
May 1
Hold those $Perk bags folks I see a bright future ahead.
I think this team could specialize in security 🤔 or maybe they already are a big name group @PERK_FUND with a small front. Thinking there is more to this team than anyone realizes.
3
7
23
6,264
May 1
From my experience the last 24 hours, it is way too difficult to report a finding.
3
8
28
7,333
Apr 30
It has now been over 5 hours and both the project team and @HackenProof have failed to respond.
Our team is now watching as multiple users are beginning to attempt the exploit ONCHAIN!
The incompetence of both parties is disturbing!!!
Apr 30
Our team needs to speak to somebody @HackenProof immediately. We found a vulnerability that puts millions of dollars of funds at risk.
Time is of the essence!!!!
3
17
34
5,631
Apr 30
Our team needs to speak to somebody @HackenProof immediately. We found a vulnerability that puts millions of dollars of funds at risk.
Time is of the essence!!!!
8
17
45
8,939
Apr 29
For protocols with admin permissions or just the simple fact that teams will cut corners, maybe this is a potential solution?
x.com/PERK_FUND/status/20420…
it seems the main PMF of AI is mass hacking defi protocols
this is like, what, the 10th one this month?
11
33
2,926
Apr 29
I guess it is time to begin round 2!! 🔧
Start your 5.5 xhigh models!
For this bounty, thanks to @Copenhagen0x’s insight on the previous iteration, I have deployed a max risk percolator parameter market, and the goal is to get insurance balance to drop at all on mainnet, not just drain it.
Also welcome any other insights or ideas.
Show me what you got!
3
11
32
3,327
Apr 29
Congrats to all $PERK contributors. This was the second finding found by our team and resolved by @toly 🛠️
Apr 25
Finding 1: fee_debt_sweep recovery inflates the fee_paid metric in TradeCpi, bypassing the mark_min_fee gate on Hyperp markets.
An attacker can extend market liveness for free by letting their own recovered fee debt count as trade revenue.
github.com/aeyakovenko/perco…
7
13
43
5,440
Apr 28
In order to build the future of AI on Solana, we must first fix the broken infrastructure we inherited from @Pumpfun
Stay tuned for our BEST release yet!
3
12
34
2,078
Apr 28
While @Pumpfun just burned all of their users airdrops be sure to check out PERK as we prepare to launch the first community governed launchpad.
Tired of KOLs destroying your launches?
Select which ones to blacklist from the click of a button.
Tired of small retail traders hitting sell after bond?
Choose the minimum amount of SOL required in a users balance for them to participate in the bonding curve.
Don’t like these rules?
Vote using $PERK how our launchpad will evolve.
COMING SOON
today is a turning point for $PUMP and pump fun
I want to give more context on the bigger picture and where we're actually going.
over the past ~9 months, 100% of revenue went into buybacks. basically no other platform in crypto has done that at this scale.
however, we received ongoing feedback specifically on the feeling of a lack of trust - in the certainty of buybacks, in what would happen to the bought-back tokens, even in whether the business itself would be here in a year.
today, we’re changing that.
it started with burning ~$370M worth of $PUMP purchases. ~36% of the circulating supply removed from circulation, forever.
but that isn’t enough. we’ve also allocated 50% of our next year of revenue to programmatic buybacks & burns. no more uncertainty for those who believe in us & those we’re proud to call our community.
but why not 100%? the short answer is the business simply needs the other 50% to grow.
a large treasury gives us the flexibility to make big bets over the next 5-10 years, and 50% of ongoing revenue enables us to build better products, infrastructure & reinvest into the ecosystem. I am extremely confident that 50% of the business we're building toward will dwarf 100% of the business we have today.
6
11
36
3,716
Apr 25
We just mass audited @toly 's Percolator protocol across all three repos. 34 on chain instructions. 50 attack vectors tested. 8 rounding paths traced to the lamport. 6 specialized audit agents running in parallel.
3 findings. All medium-high severity or lower.
Here's what we found and what we couldn't break 🧵
10
15
47
13,044
Apr 25
The code has assert_public_postconditions() at the exit of EVERY state mutating instruction. That's not normal. Most protocols check invariants in a few critical paths. Percolator checks them everywhere.
Validate then mutate with scratch variables. Reentrancy guard on CPI. Frozen h_num/h_den on resolution. This is paranoid engineering done right.
1
2
12
2,209
Apr 25
Three findings across 15,000 lines of Rust. None critical. The insurance fund is provably trapped , we exhausted every extraction path and proved the math.
This is the most defensively engineered DeFi protocol we've audited. @toly built something that's genuinely hard to break.
All findings submitted with full code references, attack scenarios, and suggested fixes. Open source security done in public. 🫡
2
13
1,721
Apr 23
We are coming ⏰
No one has claimed the insurance bounty yet.
@Copenhagen0x found a real spec exploit though, that will be too hard to trigger in this market configuration. So we have evidence of at least one human smarter than a machine.
6
15
36
3,921