CTO: Chief TheFinals Officer @Sign
Joined April 2012
- Tweets 268
- Following 115
- Followers 1,758
- Likes 457
5 Photos and videos
Our LZ receiving libraries have been pinned. Thanks for the heads up @EbisuEthan. Also, the same pinning should be done for every network that the OFT supports, not just Ethereum.
Lost aura, gained security, A-OK.
Updated our tooling to detect pinning. github.com/Built-by-Sign/lay…
layerzero solosig dependency check in
if you haven't hardened your config, you are sitting on an unnecessary dependency on layerzero 3/5 solosig.
if it gets compromised, it could instantly drain all the adapters that rely on the default receive library. after the kelp exploit, the vulnerable adapters tallied to $3.13 billion. after some outreach, the number has dropped to $178 million.
good progress, but still not enough. there is still a long tail of projects that have ignored this advice.
i will make this simple for you. here is a full list with exact calls for how to pin the default library.
gist.github.com/banteg/cbf75…
3
5
11
1,328
Jack Xu retweeted
19 Dec 2013
#Bitcoin days are numbered. It seems like just a matter of time before it suffers the same fate as online gambling.
1,954
2,693
12,185
Today, we are open-sourcing a toolkit ported in Go that parses and writes SWIFT MT messages as a part of our ongoing CBDC work.
Aside from being used for international wire transfers, the MT format is also core to certain RTGS systems in central banks.
github.com/Built-by-Sign/swi…
4
10
21
1,343
In light of recent events, we are open-sourcing a local web tool that helps projects easily manage their LayerZero OFT wiring configurations, when the OFT delegate is a Safe multisig.
Configurations can be imported or exported as JSONs for convenience.
github.com/Built-by-Sign/lay…
4
13
34
1,923
This weekend KelpDao lost $292M. @LayerZero_Core just published their incident report.
The protocol worked as designed. The smart contracts were fine. The money left through an RPC poisoning attack on a single-DVN configuration that multiple parties had warned against.
A thread on what this teaches us about every attack surface. 🧵
1
6
11
934
Jack Xu retweeted
Apr 17
Now live: $SIGN
@Sign empowers nations to adopt blockchain and unlock crypto for all.
Start trading today → app.kraken.com/JDNW/SIGN
23
25
110
28,294
It's open-sourcing time.
This week, we are dropping a web tool that helps projects deploy tokens to Hyperliquid spot (progress detection, error handling, etc.), as HL's existing UI omits advanced configuration options only accessible through their API.
github.com/Built-by-Sign/hyp…
5
9
34
9,245
Jack Xu retweeted
Spot trading for Checkmate (CHECK) and Sign (SIGN) will go live on 2 April 2026. The opening of our CHECK-USD and SIGN-USD trading pairs will begin on or after 9AM PT, if liquidity conditions are met, in regions where trading is supported.
32
48
155
47,871
event-pattern-solana: A minimal Anchor program demonstrating an event-driven instruction pattern on Solana. github.com/Built-by-Sign/eve…
2
1
6
242