I Exploited CVE-2025-55182 (React2Shell) and Got Shell Access! How? Read it here → jordydekoning.com/blog/react…

🔍 Open to work - Smart Contract Engineer (Full-Stack DeFi) 3 years in production DeFi 5 years in fintech/investment banking. Solidity · Yul · Foundry · TypeScript · Python · Uniswap V4 · LayerZero · Aave · Morpho Remote only. Available immediately. All links in comments 👇

🤯An AI security tool has 1st-place performance on security contests from just 1yr ago. Solidity-auditor v3 is out, FREE & Open Source. Thousands of Solidity developers are using the tool already. Upgrade your security baseline, use the tool🫡 pashov.com/solidity-auditor-…

AI at Nysa isn't just a buzzword. It's a tool designed to improve both the user experience and risk management for borrowers on our protocol. Curious how? 👇

we’ve passed 5 months since starting Need4Audit development. there has been highs and there has been lows. it’s tough to see 0 traction from projects, while there are almost 150 SRs ready to start auditing/bug bounty hunting. i would love to understand why the projects stay away from the platform. right now on testnet decentralised bug bounties is ready to be deployed on mainnet. maybe there’s just too much competition and the market is satisfied with Immunefi, Catina, Sherlock and HackenProof. i have some ideas to pivot N4A into a launchpad on top of the current N4A platform. the launchpad can be used to find team members, share ideas to build onchain tools and projects can launch their ico/tge and raise ETH for funding. a default percentage/allocation is saved for security. ETH raised is released based on milestones reached for projects, this way they can’t rug. projects automatically create an audit requests where SRs can response with an offer and at project launch they start a small bug bounty on the N4A platform. just curious to hear what you all think of this and if it will be worth the time

At 21, Ehsan went from nearly homeless to earning $1.4M in bug bounties in under a year. No degree. No formal training. Just 15-hour days in public libraries, ruthless discipline, and an obsession with finding bugs others missed. New episode with @MitchellAmador and @Ehsan1579

Some of my perspective on where the @ethereumfndn is going. First of all, this is only my own view. The board is not just me, and I have no extra special powers on the board that the other board members do not. @aerugoettinea is the one executing much of this transition. My input has been largely on technical questions. The board is in the process of expanding, and my own power within the org will continue to decrease, which is honestly what I want. The 2025 era brought many important improvements to EF and its ability to execute. Many issues were resolved, and EF continues to benefit from its improved efficiency and greater focus on concrete goals to this day. And so with those problems resolved, early this year, the largest remaining hole that I perceived was something different nagging at me: I would regularly spot people saying things like "vitalik says these beautiful things about ethereum needing to be decentralized, and have privacy, and be a sanctuary technology, but why do the EF's actions not reflect that?" Now, you may have been hearing something different. You may not have been sensing a feeling of crisis at all, and maybe were hearing people saying that finally we were taking execution and BD seriously and the main task for us is to keep going that way and be even better and faster. Then probably there is genuine difference between you and me, in what kinds of criticism I take most seriously, and what kinds of critics through their criticism are most able to make me feel pain. As an analogy, let's briefly switch over to a different domain. One belief you can have about Google is that it is a success story, and has brought a lot of good to humanity in organizing the world's information. Another belief you can have about Google is that they had a beautiful idealistic beginning, but at some point the corruption of mainstream corporate attitudes seeped in, and they slowly bit by bit completely abandoned the "don't be evil" slogan. My belief on Google specifically is probably somewhere between the two. BUT, if you had taken me back in time to ~2008, and offered me a button to press to make Google one or two standard deviations more "dogmatic", eg. give Richard Stallman permanent veto power over some key policies, I would immediately press it. Why? Because a choice for one company is not a choice for the world, or even one country. Google existed and exists in the context of a technology industry generally drifting away from early idealistic don't-be-evil roots and toward greed for financial gain, totalizing visions of accelerated superintelligence, infiltration by sociopaths, and craven capitulation to (or worse, active participation in) government pressure for ideological control, surveillance and war. And so *one company* doing something different, positioning itself to be what George Bernard Shaw calls the Unreasonable Man, resisting the trend of the times, would have been better for freedom, balance of power and stability of society as a whole, than *all* large companies bending to dominant trends. This is a part of my version of pluralism. This line of thinking is not just mine, but I also is not too far off from what Aya and others had in mind with the Mandate. Now how does this all get to the role of the EF? EF is not a "center of Ethereum", rather EF is "one node, with a defined purpose, alongside other nodes". We've always said that the EF should be the latter, but many in the Ethereum ecosystem (and even within the EF) wanted us to be the former. Now, we are taking action to ensure that we will be the latter. This is particularly important because EF is a limited organization, with limited resources and limited organizational capacity. The EF has only ~0.16% of all ETH (less than many other individual ETH holders), whereas among other blockchains it's common for "the central foundation" to have 10-50%. Fiscally, the EF was originally designed to fulfill a limited work scope defined in the token sale docs and other pre-launch materials (building the chain software; getting through Frontier, Homestead, Metropolis, Serenity), which was fully completed in 2022; it was not designed to be an eternal steward. And so today, the EF is choosing to use its remaining resources to pursue longevity over breadth (yes, this means we sell less ETH). The EF focuses *specifically* on those activities critical to the success of ethereum as a censorship/capture-resistant, open, private and secure system, that would not happen otherwise. This means making hard choices, and in some cases even activities that we highly approve of and people that we highly respect becoming outside of the EF. People of great technical talent, public respect and even alignment with the mission and CROPS being outside of the EF is in fact necessary if we want important tasks to be able to attract outside capital. This also means the EF taking opinionated stands culturally. This is all intended in cooperation with all other parts of ethereum. We recognize that many other parts of the ethereum world highly respect CROPS and related values. But highly respecting is not the same as choosing to specialize and totally dedicate to a domain (Compare in a different domain: I think reducing animal cruelty is important, and I like vegan food, but am not full unconditional vegan myself) EF is still in a transition period, and we expect its new long-term form to stabilize over the next few months. What are the guiding principles of this new form? Again, I am only one person, but I can give my answer from a technical perspective (there are also critical non-technical aspects). At the core, *Ethereum must be impressive*. We are living in an age of highly intelligent AI and all kinds of other technological acceleration. "Status quo EVM, with a hard fork or two a year to optimize for short-term needs of users" is not interesting. To some, "impressive" means: 250ms latency and 1M TPS. I think Ethereum trying to go that route is a mistake. Being as fast and as scalable as possible, and only a small epsilon more decentralized than the others, is a route to mediocrity, and if we try it we will lose. I think Ethereum should scale. But I think Ethereum should strive the hardest to be deeply impressive in a different dimension: the CROPS dimension. This means things like: * Provably bug-free Ethereum. This is a goal that all cybersecurity researchers would have thought is absurd and impossible, up until roughly 6 months ago. Now, it's on the cusp of being possible, thanks to AI-assisted formal verification. So we should be frontrunners in doing this. * Available chain consensus. Ethereum is, and with lean consensus will cotninue to be, the ONLY chain that has both (i) traditional-BFT style properties that it's safe under asynchrony up to a high level of fault tolerance, and (ii) the bitcoin PoW-style property that under synchrony it's safe up to 49% attackers. As far as I can tell, literally no other chain has this or is planning for it; bitcoin goes for (ii) only and most other chains go for (i) only. Some will remember I fought hard for this, Unreasonably insisting that it is not OK for ethereum to rely on social consensus and hard forks to rescue ethereum from 34% of nodes going offline. It's OK for chains like hyperledger, bnb, solana, tempo, etc. It's not OK for bitcoin or ethereum or eg. zcash. * Intermediary minimization. The fact that smart contract wallets, protocols like railgun, etc have to send transactions through intermediaries to get included onchain is honestly embarrassing, and it's a constant point of fragility. Hence the work on FOCIL and EIP-8141 (and 7701 and years of work before) to make transaction sending intermediary-minimized with public mempool and strong inclusion properties, in a truly general-purpose way, that covers not just eg. secp256r1, but also privacy protocols and much more. Kohaku is pushing intermediary minimization at the user layer, pulling Ethereum away from the dystopian status quo world where our wallets don't even verify the chain, send our private data out to a dozen third-party servers, and toward a brighter CROPS future. Some of these goals are Unreasonable - maybe Ethereum would be "fine" getting only 50% of the way - what if we depend on intermediaries, but make it easy to switch? But going 50% of the way would not make Ethereum Deeply Impressive in the CROPS way. So we push for 100%. Fortunately all these goals are compatible with high TPS, this is a major focus of research (esp. on scaling the state). Well-designed L2s can also help, especially L2s optimized for specific applications (eg. high-volume trading, privacy...). These goals are even compatible with significantly lower slot times, thanks to Raul's work on erasure-coded P2P, and many other optimizations. The most high-value "product" of the ethereum blockchain, financially speaking, is ETH the asset. Ethereum secures $250 billion of ETH. The types of properties of Ethereum that I mentioned above are very good for ETH the asset. Nearly 90% of my net worth is in ETH, and most of the remainder is ~$40m of onchain fiat of which every dollar has already been allocated for some open-source biotech or software or hardware initiative. That said, there are aspects of supporting ETH the asset - *necessary* aspects even - that are outside the scope of the EF. This is where we need other heroes (some of whom hold more ETH than the EF does) to step in and help. EF has been recently thinking more about how it will relate to other such organizations, and give them needed initial support. EF will be a smaller ship than in previous years, a more opinionated one - in some cases more opinionated in ways that might be difficult to comprehend - but a longer-lasting one, and one suited to making sure that ethereum brings something meaningful to the world. We are grateful to all those inside and outside the EF who are helping to make this happen.

If you can stare at boring code for 8 hours and not find anything (because there are no bugs), and you do it tomorrow too (because there might be 1), then you are just for this role.

I'm happy to see that so many talented auditors have started bug hunting recently.

wtf is happening rn, explain to me how all these hacks and 0-days pop-up like popcorn. this is bananas

I've worked with 150 security researchers - from top tier experts to promising newbies You'd be surprised how many times the "newbies" contribute things no one else does. Motivation makes all the difference. Now looking to make the number 1000. Scaling the fuck up. Stay close.

An important update from the C4 team. 🧵

what do you like about Need4Audit? what don’t you like about Need4Audit? please tell me i want to make the platform better

im still looking for someone who can help scale Need4Audit. it's almost ready for mainnet!

claude design is insane!

the final question remains, which chain to deploy Need4Audit? - Ethereum - Arbitrum - BattleChain or another?

The day a blind man sees. The first thing he throws away is the stick that has helped him all his life

Past days has been extremely hardcore for our team and DeFi in general. DeFi went trough a substantial stress test and the consequences were felt. It definitely was the hardest couple of weeks that I experienced in my life and during the past decade building in the space. I am still writing this with couple of hours of sleep per day so bear with me. For me personally, the rsETH bridge incident was unfortunate as our team and community has put so much effort into securing the protocol and seeing the exploit happening outside of the protocol smart contracts, and affecting the markets is hard to watch even when the markets had (and still have) full backing like Mainnet Core. That being said, Aave has seen multiple market/credit cycles and always has been able to prove its resiliency. I have more confidence in DeFi today than ever, not because of the industry is stepping up and improving security practices, but because there is a true community behind DeFi that is willing to help and do whatever it takes to ensure our space has future. I want to say that during all this madness there were lot of people that were extremely supportive and proactive to mitigate any issues and contagion. At the first glance, from Aave's perspective we were positive that we would find a resolution and we had overall balance sheet, protocol revenue and external/public support to over come the issue from Aave's perspective but what we understood is that the issue was beyond Aave. It was about restoring the whole state of DeFi, avoid contagion and ensuring that the whole ecosystem overcome this incident not solely Aave. DeFi United started as an initiative from DeFi protocols that were affected but eventually became an industry wide movement to save DeFi and bring protocols together. I am grateful for all the contributions and support that everyone has been providing and can say that this wouldn't be possible without it. I'd hope that DeFi United becomes a permanent movement in some shape or form with the right form factor. DeFi United was executed at insane speed and other constraints but there could be a model that could continuously support the industry from the unexpected. I'd say during the past week lot of people stood up and I really don't have the space to mention everyone (you know who you are) but specifically I want to say that @MikeSilagadze deserves more respect from the space than anyone else atm, he went above and beyond and was willing to sacrifice a lot to solve what actually wasn't something cause by his efforts. Full respect. @LidoFinance team also deserve special credit, this team truly cares about DeFi and was extremely helpful along the way. They deserve full credit. @gdog97_ deserves credit as well, who helped to brainstorm various solutions and also stepping in with Ethena and helping on coordination. @arbitrum community for doing the right thing and rescuing the funds from the bridge contract that was a difficult but the right call. @Mantle_Official @Bybit_Official team for stepping up as well and showing strong support. The team has been supportive and truly cares about making the space safe. Last but not least lot of credit goes to @ethereumJoseph who really stepped in to help DeFi and the ecosystem. Joe cares about Ethereum, he cares about DeFi and understand the importance of DeFi for the future of Ethereum. We have truly good people within our community. These folks are true guardians of our space (among others on my long list) that really want DeFi to win. I feel very optimistic now about our space, it is true that events like these can be a setback but in reality it builds resiliency, which our space stands for, and over time that is hard to beat by legacy systems. The past week we had to operate in multiple different constraints from time, information, resources, governance and other. We had to move as fast as we could as time was against us. It was a large coordination effort that we haven't experienced so far. I'd like to give most of this credit to our team and community especially @Token_Logic and @LlamaRisk who went also above and beyond to find resolutions and coordinate. There has been some banter about right type of market structure for onchain lending between shared or isolated pools but the reality is that when capital moves, it moves at scale and market structures are less of a mitigating factor. These kinds of times require to find solutions fast and reestablish the trust in the markets and the technology, that's whats important. All this being said there are some great learnings from this indecent like from any incident and we as any other team involved will share a post mortem and steps to improve anti-fragility. I might be now less bullish on onchain lending as infrastructure and more leaning towards a model where the market structures need to be backed by strong balance sheets and risk transfers, however this is another discussion for the future as issues can stem outside of the protocol's control. Now as the markets on Ethereum mainnet Core are restoring, our team continues to execute the technical plan to restore rest all the markets. Thank you for everyone who has been supportive and we will keep you up to date as we progress. DeFi United.

A few months ago, I was the one watching from the outside, thinking, "Everyone's winning, I'm still fighting." Now I'm the one with the win. People see a five-figure win, and that's all they see - the win. But nobody sees what it actually costs. For me, this win is: - 2 years in the space - Multiple times, I almost gave up - Countless moments where I had no idea how to keep going - The thought "this isn't for me" on repeat And honestly? I'm grateful for the almost. That word is everything. A friend used to tell me: "You keep saying you're giving up. This is the third time I'm hearing it, but I don't care how many times you say it, I only care that I hear it, never see it." And yet, I don't know exactly what kept me going. Probably stubbornness. If you're somewhere in that spiral right now, thinking the same things I was thinking - keep going. Your win is waiting for you.