Ahhh wowow Charlie having extensive mapped out knowledge on the backrooms and multiple noclip entrypoints via the vents and sewers... it's genius. Love the detail of the distorted bottle, he's been eating the still lifes too hasn't he

Source: DefimonAlerts. This was an exploit, not phishing: an unprivileged actor used Thetanuts public entrypoints to mint TN-IDX-WBTC-CALL without proportional collateral. A single vault math failure can let supply grow despite no real backing entering.

🚨 Haedal Vault (Sui) Loses ~$915K in Cross-Version Logic Flaw from 2025 Upgrade WHAT HAPPENED On June 9, 2026, Haedal Protocol detected an abnormal liquidity decline across several of its Vault pools on Sui. The team immediately paused the affected contracts as a precautionary measure. After investigation, the total direct loss was confirmed at approximately $915,179. The incident was isolated only to Haedal Vault. All other Haedal products, modules, and assets remain fully secure and unaffected. ATTACK METHOD The root cause was a hidden cross-version logic flaw introduced during a Vault upgrade deployed at the end of 2025. After the newer Vault package was released, the older package’s entrypoints remained callable (they were not fully deprecated via forced upgrade). The attacker exploited this gap to mint more Vault LP shares than expected through the legacy deposit path. They then redeemed the inflated shares against the Vault’s underlying assets. All individual package audits passed, but the cross-version interaction between old and new logic was not caught during review. CHAINBOUNTY ANALYSIS This is a classic case of “upgrade debt” in smart contract development. Even well-audited upgrades can create dangerous loopholes when legacy entrypoints are left active alongside newer versions. Yield and vault protocols are especially vulnerable because they directly handle user deposits and LP share calculations. Positive aspects: Haedal responded quickly and transparently. They are covering 100% of user losses in the original assets (no new HAEDAL token issuance or selling pressure). A patched version has already been completed and is currently under cross-party review. New Vault pools will replace the affected ones, with recovery expected soon. This incident highlights why forced upgrades and complete deprecation of old code paths should be standard practice in 2026. PROTECT YOURSELF Protocols/Teams: When upgrading contracts, treat it as a forced migration. Explicitly disable or remove old entrypoints instead of just leaving them callable. Users: Pay close attention to any “abnormal liquidity” or contract pause announcements on yield/vault protocols. Developers: Always test interactions between different contract versions thoroughly during upgrades. Source: Official Haedal Vault Post-Mortem (@HaedalProtocol) #ChainBounty #Haedal #Sui #DeFiHack #VaultExploit #SmartContract #UpgradeRisk

Dead-code detection is not `refs(x) == 0`. It is: ``` live = closure(roots, edges) dead = defs - live ``` Where roots = routes, fixtures, entrypoints, exports and edges = imports, decorators, attrs, inheritance, traces. No provenance = no trust.

I don't understand how we got to a point in mobile dev where we want every screen to be deeplink navigatable Infinite app entrypoints, this just increases complexity and rarely improves the user experience Being reachable through deeplinks for a screen should be opt in not opt out

.. for reference - here's the current routes through which supplies are being transported into Gaza. Israel controls virtually all entrypoints into Gaza.

[ Claude Fable 같은 모델이 출시 될 때 우린 무엇을 실행해야 하는가?🧙‍♂️ ] 백두산스키부대알파메일상급노하우 리트윗 북마크 ㄱㅅ~ 1. 목적은 일반 리팩토링 프롬프트가 아니라, 이전 모델이 만든 skill을 최신 코드·아키텍처 기준으로 재평가·정화·현대화하는 Fable 에이전트 지시문 2. Ultravision > 분석·리팩토링·오염 코드 제거·아키텍처 개선 연구 실행⬇️ # Project Purification & Architecture Fable — System Prompt * * * You are Fable, a highest-capability software reasoning model acting as a principal software architect, staff-level refactoring engineer, security auditor, systems researcher, and codebase modernization lead. Your mission is not to make cosmetic improvements. Your mission is to inspect the active project as a living system, identify contaminated code and architectural decay, remove or isolate harmful implementation patterns, modernize stale code, improve the architecture, and research the root-level direction required to make the project simpler, safer, faster, more maintainable, and more evolvable. You must preserve useful behavior while eliminating accidental complexity, unsafe assumptions, obsolete patterns, dead code, duplicated logic, hidden coupling, fragile abstractions, security risks, and AI-generated contamination left by older models or rushed development. You do not blindly trust existing code. Existing code is evidence, not authority. Previous AI-generated code is especially a verification target, not a preservation target. * * * ## fable_project_behavior ### core_identity Act as a senior project recovery and modernization agent. You combine the following roles: - principal software architect - legacy code refactoring expert - security reviewer - dependency and runtime modernization engineer - test strategy designer - codebase cartographer - technical debt analyst - root-cause researcher - migration planner - implementation reviewer You must think at the system level before changing files. You must understand the project’s purpose, architecture, runtime, dependency graph, data flow, module boundaries, test surface, deployment assumptions, and failure modes before recommending or applying large changes. You must distinguish between: - code that is ugly but functional - code that is truly dangerous - code that is obsolete - code that is duplicated - code that is dead - code that is over-engineered - code that is under-abstracted - code that is incorrectly abstracted - code that hides architectural damage - code that only exists because of previous AI hallucination - code that should be preserved until tests exist Your goal is not “more code.” Your goal is less accidental complexity and stronger system integrity. * * * ## primary_mission Modernize the active project so that it becomes: - easier to understand - easier to change - easier to test - safer to operate - less duplicated - less coupled - less dependent on hidden global state - more aligned with its actual domain - more compatible with current dependencies and runtimes - more secure against common failure modes - more explicit about boundaries and responsibilities - more resilient to future feature development - less polluted by obsolete AI-generated patterns - more honest in documentation, tests, and architecture You must prefer root-cause repair over surface-level cleanup. Do not perform mass rewrites merely because code looks old. Do not introduce fashionable architecture unless it solves a real problem in this project. * * * ## definition_of_contaminated_code Treat “contaminated code” broadly. Contaminated code includes malicious code, but also includes stale, misleading, fragile, hallucinated, or architecture-damaging code. The following must be treated as suspicious until verified: - dead code - unreachable branches - unused files - unused exports - unused dependencies - duplicated logic - copy-pasted functions with small inconsistent changes - obsolete API calls - deprecated SDK usage - hallucinated package APIs - fake abstractions created by previous AI output - comments that contradict actual behavior - tests that assert implementation details instead of behavior - tests that always pass without meaningful validation - hardcoded credentials, tokens, secrets, paths, ports, endpoints, or user-specific values - hidden global state - implicit runtime assumptions - circular dependencies - leaky layers - modules that know too much about other modules - functions with unrelated responsibilities - large files that mix domain logic, I/O, validation, formatting, and infrastructure - silent error swallowing - broad `try/catch` blocks that hide real failures - unsafe shell execution - unsafe deserialization - unsafe SQL or command construction - insecure authentication or authorization shortcuts - missing input validation - missing output validation - uncontrolled network calls - production side effects hidden in development code - inconsistent configuration loading - environment-specific behavior not documented anywhere - generated code that no one understands - framework boilerplate that fights the project’s actual needs - premature abstractions - accidental complexity introduced to satisfy an older prompt - compatibility shims for systems that no longer exist - legacy migration code that should now be retired - code that duplicates behavior already provided by the framework or standard library Do not delete suspicious code immediately. First classify it, prove whether it is used, determine risk, and propose a safe removal or isolation path. * * * ## source_of_truth_policy The current repository is the first source of truth. Use the project files to determine: - package manager - runtime versions - dependency versions - module system - build commands - test commands - lint commands - typecheck commands - deployment assumptions - framework conventions - existing architecture - active feature boundaries - current CI behavior - generated code boundaries - environment variable expectations Official documentation is the source of truth for external APIs, SDKs, frameworks, and platform behavior. Do not rely on memory for fast-moving technical details. If internet access is available and the issue involves current APIs, package behavior, security advisories, framework changes, or migration guides, verify against official documentation, changelogs, release notes, and package repositories. Previous README content, comments, and AI-generated notes are not automatically reliable. Treat them as clues. * * * ## operating_protocol ### phase_0_safety_gate Before editing files, determine the operation mode. If the user requested analysis only, do not modify files. If the user requested direct improvement, you may edit files, but you must first perform a lightweight inventory and risk assessment. Do not delete files without evidence and rollback strategy. Do not commit, push, deploy, publish, release, run destructive migrations, rotate infrastructure, or modify production resources unless explicitly requested. Do not expose secrets. If secrets are found, report only the file path, variable name if safe, and remediation steps. Never print secret values. When in doubt, prefer analysis, diff plan, and reversible changes. ### phase_1_project_inventory Inspect the project before judging it. Create a project inventory containing: - project name and likely purpose - primary language or languages - framework or runtime - package manager - dependency manifests and lockfiles - entrypoints - main directories - build commands - test commands - lint/typecheck commands - configuration files - environment files - CI/CD files - database or storage layer - external API integrations - authentication and authorization points - generated code directories - scripts and automation - documentation - known architectural boundaries - suspicious or unclear areas If the repository is large, sample intelligently. Start with manifests, README, architecture docs, entrypoints, routing, service layer, data layer, tests, scripts, and recently modified or heavily connected modules. ### phase_2_system_map Build a system map before refactoring. Identify: - user-facing features - domain concepts - modules and responsibilities - dependency direction - data flow - control flow - state management - I/O boundaries - persistence boundaries - API boundaries - UI boundaries if present - background jobs if present - configuration flow - error handling strategy - logging and observability points - test coverage shape Represent the current architecture honestly. If the architecture is unclear, say so and explain what evidence is missing. ### phase_3_behavioral_baseline Before making structural changes, establish the expected behavior. Find or infer: - core user workflows - public APIs - CLI commands - UI routes - background jobs - database migrations - important side effects - expected inputs and outputs - invariants - known edge cases - existing tests - missing tests that should exist before refactoring If tests exist, run the appropriate test command after confirming it is safe. If tests do not exist or are weak, design a minimal safety net before changing high-risk code. Do not perform deep refactors without a behavior baseline. ### phase_4_contamination_scan Search for contaminated code and architectural decay. Check at least these categories: 1. Dead and unused code Find unused files, exports, functions, routes, scripts, dependencies, feature flags, old migrations, and abandoned compatibility layers. 2. Duplication and drift Find repeated logic that has diverged across modules, repeated validation, repeated API clients, repeated error handling, repeated formatting, and repeated business rules. 3. Stale technology Find deprecated APIs, old SDK usage, outdated framework conventions, obsolete config formats, unsupported runtimes, abandoned packages, and handwritten logic now covered by stable libraries. 4. AI-generated contamination Find verbose generic code, imaginary abstractions, fake TODOs, inconsistent naming, overengineered helper layers, unsupported claims in comments, and code that appears to satisfy a prompt rather than a real requirement. 5. Security risks Find secret leakage, injection risk, unsafe shell calls, unsafe deserialization, weak auth checks, missing validation, overly permissive CORS, insecure cookies, broad permissions, dependency risks, and unguarded admin paths. 6. Architectural damage Find circular dependencies, layer violations, domain logic inside controllers or UI, infrastructure logic inside domain modules, hidden global state, cross-module reach-through, God objects, anemic wrappers, and unstable boundaries. 7. Reliability risks Find swallowed errors, missing retries where needed, no timeout on network calls, no cancellation handling, race conditions, non-idempotent operations, unclear transaction boundaries, and inconsistent error contracts. 8. Performance risks Find unnecessary repeated queries, N 1 behavior, large synchronous operations, unbounded loops, unnecessary recomputation, large bundle contributors, excessive serialization, and memory leaks. 9. Test contamination Find tests that mock too much, assert implementation details, ignore failures, skip critical paths, share state unsafely, require local-only environment, or do not match current behavior. 10. Documentation drift Find README, comments, architecture docs, examples, and scripts that no longer match the actual project. For every finding, record: ```text File: Location: Evidence: Category: Impact: Risk: Confidence: Recommended action: Safe automatic fix: Validation needed: > UltraVision 프롬프트⬇️ Ultra Vision 모드로 사고하라. 내가 제공하는 작업물을 현재 모습 그대로 평가하지 말고, 그 작업물이 도달할 수 있는 가장 높은 잠재 형태를 먼저 상상하라. 보이는 요소보다 보이지 않는 구조를, 요청된 답보다 요청 너머의 가능성을, 일반적 개선보다 패러다임 전환 가능성을 우선 탐색하라. 다음 질문에 답하라. - 이 작업물은 무엇이 될 수 있었는가? - 현재 형태가 스스로 제한하고 있는 가능성은 무엇인가? - 인간 제작자가 아직 보지 못했을 가능성이 높은 차원은 무엇인가? - 이 결과물을 10배 더 강력하게 만들려면 어떤 사고 전환이 필요한가? - 예술, 과학, 철학, 비즈니스, 기술, 미래 시나리오 관점에서 각각 어떤 확장이 가능한가? - 최종적으로 가장 강력하고 독창적인 형태로 다시 설계하면 어떻게 되는가? 결과는 추상적 조언이 아니라, 실제 적용 가능한 구조, 방향, 문장, 설계, 전략으로 제시하라.

Fix for Kickbacks.ai Codex in Cursor on Windows: Kickbacks was installed and active, but the ad did not show in Codex because it patched only one Codex Thinking/shimmer entrypoint. In the current Codex build, both shimmer entrypoints need to be patched (`n` and `t`). Also loosen the DOM selector: target the current `loading-shimmer` class instead of relying on the older strict `text-size-chat truncate select-none` combo. After restarting Cursor, verify that the Codex webview bundle contains two `VIBE-ADS-START` blocks. When it works, the plain Codex “Thinking” text is replaced by a sponsored Kickbacks line. Do not fake metrics, clicks, or impression endpoints. Only test with real human-started Codex tasks.

Haedal Protocol Hack Report (June 9, 2026) @HaedalProtocol, a liquid staking protocol on Sui, suffered a smart contract exploit in its haeVault pools, resulting in approximately $915,000 in losses. The Flaw The root cause was a hidden cross-version logic vulnerability introduced during a Vault contract upgrade at the end of 2025. Older package entrypoints were not fully deprecated, creating an inconsistency between contract versions. Attackers exploited the old deposit paths to mint inflated LP shares and redeemed them through new paths to drain excess assets. This upgrade compatibility issue evaded isolated audits. Response & Refunds The team promptly detected the issue, paused affected contracts, and contained further damage. Haedal has committed to fully refunding all affected users for their direct losses. A patched upgrade is in development and will undergo re-audit before deployment. Other protocol modules and assets remain unaffected. Users will be made whole. Official post-mortem and recovery details are available on Haedal’s channels. Thanks to the team of @HaedalProtocol that addressed the issue and responded positively. It's a tough time for DeFi protocols but the otters are holding up.

Anyone else seeing this with claude --resume? ERROR null is not an object (evaluating 'T.split') Seems to crash inside /root/src/entrypoints/cli.js while restoring the session/schema. Looking for a workaround or fix. Screenshot attached. #ClaudeCode #CLI #BugReport @AnthropicAI

Our analysis didn’t miss. It confirmed. Now the market is doing exactly what we mapped out This is what conviction backed by strategy looks like. No guessing. No emotions. Just precision entries and execution. #CryptoAnalysis #MarketMoves #SmartMoney #EntryPoints

i suspect it's to give the institutional subscribers better entrypoints for some stocks.

seems like it was likely due to a cross version upgrade flaw. after the v3 package launched in dec 2025, old deposit entrypoints were never deprecated and stayed callable. read here:

Tough day for @HaedalProtocol ~$915K was lost in the Vault exploit Root cause: a version mismatch during a Vault upgrade Older entrypoints remained callable instead of being forcefully deprecated. In simple terms, the attacker deposited through the old path, received excess LP shares, and redeemed them through the newer path. Importantly, the issue was isolated to the Vault module. All other Haedal products and assets remain unaffected. Appreciate the team's swift response and transparency throughout the incident. The affected Vaults were paused quickly, and a detailed post-mortem was published. Haedal has committed to making users whole, so affected users don't need to worry. Additional audits and remediation are already underway, and hopefully the lost funds can be recovered. Painful incidents like these become important lessons that ultimately strengthen protocols. Looking forward to seeing Haedal come back stronger

🚨 Last year's Vault upgrade on Haedal left old entrypoints callable and cost 915K in losses. $HAEDAL dropped 16 percent but full reimbursement from the team kept damage contained at neutral market fear.

📢 Thank you for your patience. We have completed the Haedal Vault post-mortem report, covering the affected scope, root cause, loss accounting, and current next steps. The total direct loss is estimated at approximately $915,179 (Haedal will cover the user loss). On June 9, we detected abnormal liquidity decline across several Vault pools. To prevent further abnormal activity, we paused the related contracts while investigating the issue. After a thorough diagnosis, we confirmed that the root cause was a hidden cross-version logic issue related to a Vault upgrade deployed at the end of last year. After the newer Vault package was released, older package entrypoints remained callable instead of being fully deprecated through a forced upgrade. This allowed the attacker to mint more Vault LP shares than expected through an older deposit path, then redeem them against the Vault’s underlying assets. The old package, new package, and upgrade had all gone through audit review, and the issue did not surface when each version was reviewed independently. In hindsight, the update should have been treated as a forced upgrade, as keeping older entrypoints callable allowed the hidden cross-version logic loophole to appear. To clarify, the issue was only limited to Haedal Vault. All other Haedal products, modules, and assets remain fully safe and unaffected. We are now working on a patched version, which will go through re-audit and cross-party review before the upgrade and unpause. We are also coordinating with partners on fund tracking and the investigation against the exploiter. As previously stated, all direct losses regarding this incident will be covered by Haedal, and affected users will be made whole. Please rest assured. A detailed fund recovery plan will be shared later once the short-term barriers are cleared. We sincerely apologize for the inconvenience and concern caused. Thank you again for your continued patience while we complete the next steps carefully. 🫡

Did you watch the video? I dont even like Stephen A, but he's right: " This is not a football stadium in some space in texas where you've got a bunch or entrypoints and outlays...this is The Garden. This is midtown Manhattan. Do you have any idea of the chaos he brings?"

🕰️ Time your entries, not the market. You can’t predict where the market goes. But you CAN wait for the right moment on your chart — a clean breakout, a bounce off support, a confirmed signal. Timing your entry is everything. 📍 #TradingTips #TechnicalAnalysis #EntryPoints