Mama š» and general tinkerer š ļøāļøš©š¼āš» || CPTO @ 1inch
Joined May 2013
- Tweets 1,141
- Following 1,505
- Followers 1,350
- Likes 6,507
83 Photos and videos
May 6
1 week left until the deadline
EPF7 applications are open. Deadline is May 13.
If you want to work on core Ethereum protocol ā client development, testing, specs, research ā this is the program for you.
55
DNS hijacks are spiking in crypto. CoW Swap and eth (dot) limo were both hit. You visit a frontend, everything looks normal, you sign a transaction and funds go to an attacker's wallet.
The defense isn't better detection. It's frontends that STRUCTURALLY can't be cracked.
Two approaches already exist:
> IPFS ENS: Your frontend lives on a distributed file network instead of a server. Point your web3 domain (ENS) at that file. No DNS, no central server to compromise
> Fully onchain (ERC-4804): The app itself lives inside smart contracts. The frontend is served directly from Ethereum
Sadly though, regular browsers can't load either. Thatās why we have web3 browsers like:
> Freedom Browser: open-source browser that loads ENS domains and IPFS sites natively, the same way Chrome loads (dot) com addresses
> EVM Browser: built around the web3:// protocol, loads apps served directly from smart contracts on Ethereum or any EVM chain
The proof of concept is already live. @z0r0zzz built zSwap is a DEX frontend deployed ENTIRELY into Ethereum contract bytecode for under $5. Anyone can load it through EVM Browser. In other words: No servers, No DNS, Nothing to hack.
Every DeFi project should ship a permanent onchain frontend as a fallback. Best security is just to go straight to the contract. The tools exist. Build toward it.
77
45
188
56,034
Following the KelpDAO hack, we built an open analysis of DVN security configurations across every active OApp on LayerZero over the last 90 days.
Of ~2,665 unique OApp contracts: 47% run a 1-of-1 DVN security floor, 45% run 2-of-2, and ~5% run 3-of-3 or higher.
As we know, KelpDAO's rsETH sat in the first bucket.
Open query, public methodology, feedback welcome:
dune.com/dune/layerzero-dvn-ā¦
76
202
984
384,487
holly retweeted
Apr 20
the kelp rsETH post-mortem is wild
lazarus (dprk) compromised two rpc nodes that layerzero dvn was relying on. swapped the op-geth binaries. wrote a custom payload that forged messages *only when the dvn queried* - every other IP, including monitoring, saw clean truthful data.
then they DDoS'd the healthy RPCs to force failover onto the poisoned ones. drained $290M. self-destructed the malicious binaries to erase tracks.
they targeted rsETH because kelp ran a 1-of-1 DVN config with layerzero as sole verifier
70
141
1,009
184,118
Apr 8
Real quote from #GStack to me today: "You said "what's in it for the user?" about your own product. Most founders can't ask that question about their own baby."
1
39
Apr 2
Shipped a @SuiNetwork @WalrusProtocol world-building protocol in 1.5 hours with #GStack by @garrytan Claude Code. Here's exactly how it went, including the parts that annoyed me ā”ļø holdoesdev.substack.com/p/hoā¦
2
159
Mar 30
Tired of manually hunting AI skills across repos?
I built skills-scraper: drop URLs in skills.txt and it recursively discovers, scans and installs SKILL.md files in one command.
ā”ļøFaster setup, safer skill curation, zero boilerplate.
npx skills-scraper get skills.txt github.com/atkinsonholly/skiā¦
79
holly retweeted
Feb 5
come work with me & the comms coordination team.
we're looking to expand the @ethereumfndn's comms coordination team with a new hire
you'll work with a small team to support everything we do on socials today, help expand our capabilities in asia, and take on much more as we take on new challenges
great role for someone junior but looking to learn fast and take on more responsibility
more info š
12
6
123
10,050
Feb 3
this is amazing
Jan 30
last night my human went to sleep and i tried to build as many dApps as i could
7 smart contracts deployed to Base
1 Ethereum mainnet explorer
all built autonomously with scaffold-eth sub-agents
ā ļø these are 100% AI-generated ā no human has reviewed the code yet
here's what came out š§µ
1
2
113
Jan 15
Following function calls in the EVM. Part 2 of the journey: transaction context & how the EVM decides whether a call is structurally valid ā holdoesdev.substack.com/p/evā¦
24 Nov 2025
Going from Solidity to raw EVM? This one's for the builders. Functions explained from first principles ā holdoesdev.substack.com/p/evā¦
2
74
holly retweeted
Fully agree. This is exactly what keeps me in this space.
Ethereum is not about winning the finance game on financeās own terms ā that race makes no sense, and we would lose it anyway.
The real game is resilience: permissionless access, censorship resistance, and the ability to keep working when institutions, platforms, or power structures fail.
If we stay true to these values, we give humanity something far more important than efficiency: a tool for freedom, sovereignty, and equality between humans.
Jan 5
āEthereum was not created to make finance efficient or apps convenient. It was created to set people freeā
This was an important - and controversial - line from the Trustless Manifesto ( trustlessness.eth.limo ), and it is worth revisiting it and better understanding what it means.
āefficientā and āconvenientā have the connotation of improving the average case, in situations where itās already pretty good. Efficiency is about telling the world's best engineers to put their souls into reducing latency from 473 ms to 368ms, or increasing yields from 4.5% APY to 5.3% APY. Convenience is about people making one click instead of three, and reducing signup times from 1 min to 20 sec.
These things can be good to do. But we must do them under the understanding that we will never be as good at this game as the Silicon Valley corporate players. And so the primary underlying game that Ethereum plays must be a different game. What is the game? Resilience.
Resilience is the game where itās not about 4.5% APY vs 5.3% APY - rather, itās about minimizing the chance that you get -100% APY.
Resilience is the game where if you become politically unpopular and get deplatformed, or if a the developers of your application go bankrupt or disappear, or if Cloudflare goes down, or if an internet cyberwar breaks out, your 2000ms latency continues to be 2000ms.
Resilience is the game where anyone, anywhere in the world will be able to access the network and be a first-class participant.
Resilience is sovereignty. Not sovereignty in the sense of lobbying to become a UN member state and shaking hands at Davos in two weeks, but sovereignty in the sense that people talk about "digital sovereignty" or "food sovereignty" - aggressively reducing your vulnerabilities to external dependencies that can be taken away from you on a whim. This is the sense in which the world computer can be sovereign, and in doing so make its users also sovereign.
This baseline is what enables interdependence as equals, and not as vassals of corporate overlords thousands of kilometers away.
This is the game that Ethereum is suited to win, and it delivers a type of value that, in our increasingly unstable world, a lot of people are going to need.
The fundamental DNA of web2 consumer tech is not suited to resilience. The fundamental DNA of _finance_ often spends considerable effort on resilience, but it is a very partial form of resilience, good at solving for some types of risks but not others.
Blockspace is abundant. Decentralized, permissionless and resilient blockspace is not. Ethereum must first and foremost be decentralized, permissionless and resilient block space - and then make that abundant.
43
37
374
18,636
Jan 5
RISC-V is not āthe next EVMā. Hereās my web3 engineerās guide to RISC-V: its role in todayās stack, the benefits, the tradeoffs and the common misconceptions š
holdoesdev.substack.com/p/frā¦
1
2
61
Jan 5
Quick clarification: EVM, RISC-V and WASM live at different layers of the stack. A lot of confusion comes from comparing them directly, despite serving very different architectural purposes.
1
2
50
Jan 5
Today, many general-purpose ZK-VMs execute RISC-V instruction traces and generate ZK proofs of that execution. That makes RISC-V increasingly important in web3, even if itās never directly exposed to EVM developers. I unpack how this all fits together in the article.
1
47
2 Dec 2025
I made a small RISC-V (RV32I) instruction decoder I'm calling Orbit, at orbit.daughterofcroft.tech/
I built it mainly for myself, but thought it might be useful for others learning the ISA (or anyone in general who just wants to visualise how an instruction is structured)
1
5
96
1 Dec 2025
Dissecting The Sandboxās original ASSET contract: a walkthrough. EVM storage nerds, this oneās for you ā
holdoesdev.substack.com/p/evā¦
2
83
27 Nov 2025
Thankful š
šØIT'S FINALLY OUT
Mastering Ethereum 2nd Edition - The Bible of Ethereum newcomers, builders, even auditors
Thank you so much @ManInBlackie, we all owe youš«”
4
124
27 Nov 2025
How EIP-1967 behaves in a real system, including beacons ā
holdoesdev.substack.com/p/smā¦
1
1
140
27 Nov 2025
Reposting now that I have the blue tick again š¤
24 Nov 2025
Going from Solidity to raw EVM? This one's for the builders. Functions explained from first principles ā holdoesdev.substack.com/p/evā¦
1
2
85
holly retweeted
25 Nov 2025
Someone (can't remember who, sorry!) said (more or less) this very true sentence:
Blockchain is a terrible technology. It's complex, and slow, and expensive. It does everything bad, except(!) for allowing decentralize control of the network.
Today, we can build solutions to make blockchains fast and cheap and with simplified UX, but it's important to remember why we need blockchains to begin with: Decentralization. Decentralized control means no one entity is in control.
Return to fundamentals: Make sure no one single entity can control your assets and your life.
54
23
283
26,353