Joined December 2022
- Tweets 288
- Following 368
- Followers 211
- Likes 986
14 Photos and videos
Pinned Tweet
May 7
1 bug. 10 years ago. 3.6 million ETH stolen.
That was The DAO hack. June 2016.
And the bug had already been identified before the attack happened.
I am 24% done with the @CyfrinUpdraft Smart contract Security course and @ethereum history is unraveling.
9
18
81
1,325
Fred Gitonga retweeted
Are you on Blockchain & Web3 but don't know where to start?
DigitalSphereCommunity is your gateway!
Here's what we offer:
Fundamentals of Blockchain & Web3, local events updates, real opportunities in the ecosystem
Join the community 👇
🔗 t.me/digitalsphereug
#Web3Africa
4
8
82
Fred Gitonga retweeted
Jun 5
Applied to be an #ABF2026 ambassador 🚀
Blockchain isn’t a buzzword in Africa. It's an infrastructure, indentity & ownership of people who have been locked out of both.
Building that future with @DigitalSphereUg
@africablockfest
#ABF2026 #CapitalCodeContinuity #ABFNairobi
2
3
7
202
Fred Gitonga retweeted
May 27
May is almost done.
46% into the @cyfrinupdraft Smart Contract Security course.
Started the month at 24%. Slow? Maybe.
But every percent is a concept that will protect real money. Here is what I learned this month
3
6
55
553
Fred Gitonga retweeted
May 7
1 bug. 10 years ago. 3.6 million ETH stolen.
That was The DAO hack. June 2016.
And the bug had already been identified before the attack happened.
I am 24% done with the @CyfrinUpdraft Smart contract Security course and @ethereum history is unraveling.
9
18
81
1,325
Fred Gitonga retweeted
New month 😎. New opportunities. 🚀
Starting June with an exciting challenge: joining @iCog_Labs as an AI Intern on the Hyperion MOSES Team.
Time to learn, build, experiment, and get deep into Symbolic AI, MeTTa, and Hyperon.
Let's see where this journey leads.
7
3
28
1,787
Fred Gitonga retweeted
May 27
3. I had a big audit mindset shift:
I stop asking "does this function work?" and started asking "what assumptions break when the components interact?"
The "two rights make a wrong" lesson.
Component A and Component B works perfectly separate. Together they create a vulnerability.
1
1
2
64
Fred Gitonga retweeted
May 27
The Sushi batch() vulnerability showed how dangerous this gets.
Imagine buying unlimited coffee for the price of one.
ETH sent: 1
ETH credited: 3
delegatecall preserved msg.value across every call. Same ETH counted three times.
1
1
2
77
Fred Gitonga retweeted
May 27
2. There is delegatecall.
Normal call creates a new execution context.
delegatecall preserves the caller's context, i.e the msg.sender, msg.value, storage all stay the same.
Think of it as: run another contract's function without leaving your own house.
1
1
3
70
Fred Gitonga retweeted
May 27
Every input is either user controlled or validator influenced.
The Meebits exploit proved it.
Larva Labs used on-chain randomness to assign rare NFTs.
An attacker figured out the pattern:
Mint → check rarity → bad rarity? → revert() → retry
1
1
5
69
Fred Gitonga retweeted
May 27
On to new concepts.
1. Randomness on blockchain is broken by design.
Below pattern looks secure: A random number created from the sender address, the block time.
1
3
9
133
Fred Gitonga retweeted
May 27
Collaborated on @topizzy , where you can easily top up airtime with $USDC on @base .
A peer audit from @TavarasCamp came in. CEI violations flagged. I went into the contract and fixed them.
Visit the site topizzy.xyz 🙂
1
2
7
155
Fred Gitonga retweeted
May 27
The month highlights:
>Collaborated on a real protocol audit
>Learned weak randomness, delegatecall, integer truncation, safe transfers
>46% through @cyfrinupdraft Smart Contract Security.
Finishing by end of June. Certification after that.
See you next month.
1
2
48
Fred Gitonga retweeted
May 27
4. Reading up more
Solidity integers truncate. 225 / 4 = 56, not 56.25. Always scale before you divide.
ERC20 tokens are inconsistent. Some return true, some return false, some return nothing. Use standard OpenZeppelin, Solmate, or Solady.
1
1
2
73
May 27
May is almost done.
46% into the @cyfrinupdraft Smart Contract Security course.
Started the month at 24%. Slow? Maybe.
But every percent is a concept that will protect real money. Here is what I learned this month
3
6
55
553
May 27
4. Reading up more
Solidity integers truncate. 225 / 4 = 56, not 56.25. Always scale before you divide.
ERC20 tokens are inconsistent. Some return true, some return false, some return nothing. Use standard OpenZeppelin, Solmate, or Solady.
1
1
2
73
May 27
The month highlights:
>Collaborated on a real protocol audit
>Learned weak randomness, delegatecall, integer truncation, safe transfers
>46% through @cyfrinupdraft Smart Contract Security.
Finishing by end of June. Certification after that.
See you next month.
1
2
48