🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

wrote an article about access control and compilers - how the external function dispatch works in general - what to look for when auditing compiler-generated function dispatch hackmd.io/@cyberthirst/S…

Just published an article about a unique method to write to the EVM state in a static context. Explore how to leverage gas cost deltas to store and retrieve data, even during STATICCALL. Full article: hackmd.io/PZePjk6AToqIME…

aes is as strong as your opsec

I'm super happy as it has been in the works for some months already, and now we can finally announce that Vyper is officially part of the EF bounty program! At Vyper, security is our top priority—so don't fear the snake 🐍, bounty hunters, embrace it. Your skills are about to be

massive breakthrough in venom stack scheduler today stay tuned

happy to have our crit in the sway compiler (#33351) listed 🫡

congrats to my frens at Ackee Blockchain Security for the release!

at Vyper I started building an AST interpreter with a custom EVM backend for Vyper goal: combine it with an automatic contract generator and differentially fuzz every compiler PR write PR, target fuzzer to the diff, get 1000nds of tests for free github.com/cyberthirst/ivy

Placed 4th in the $1M Fuel contest. Teamed up with my wife, and we focused on the Sway compiler. Spent ~7 days of review time and found 1 solo crit. After Vyper, Sway is another compiler where i've found a high-impact issue.

google sometimes allows for sms 2fa even though you've explicitly deleted your phone number from the account and disabled this 2fa option the solution is to enroll to google's Advanced Protection Program in which case the security keys/passkeys are finally enforced

Want to enter web3 with Python? 🐍 The Vyper and Python Smart Contract Development learning path is live on Cyfrin Updraft! 🎉 3 courses to go from beginner to expert. Patrick Collins teaches you the language powering billion-dollar protocols! Here's all you need to know 👇

throw in the bytecode equivalence from hevm and you'd almost maintain the original security guarantees

hope to unleash the sauron's eye in 2025. ty Immunefi for the opportunities

As an SR, fuzzing and formalizing contracts has never been that valuable to me as the end goal but as the process. Having been forced to express the invariants to verify against, my understanding of the code always deepened in a way inaccessible by an ordinary review process.

I've never liked the notion of `payable` functions as its not a precise abstraction. Ether is not transferred to functions, but accounts. A non-payable function checks that the associated message has no value. I'd prefer something like `allowEth`.

Optimizations like yul require a context switch between thinking architecture&logic&abstractions AND the low-level implementation. Introducing opts can decrease readability, audit time and risks missing the forest for the trees. It's like with Foundry. Vyper is assembly free.