🎄⛽️🎄 EVM Internals - Christmas Edition 🎄⛽️🎄 Did you know... codesize() can never return 0? Here's a fun example:

Nice guide into gas optimizations with ++i by cygaar cygaar.substack.com/p/why-i-is-che… #solidity

Let's talk about "REVERT," a savior opcode introduced in EIP-140 and became a part of Solidity in 0.4.10. A 🧵 that will REVERT!

Created my first Spot the Bug Challenge. Can you find the issue ->

📝Tips for smart contract auditing approach✅ Part 1 of 3 posts: 1/ Read the project's docs, specs, and whitepaper to understand what the smart contracts are meant to do.

Let's talk about Panic vs Error. A 🧵 to create some Panic.

Can you spot the vulnerability? 🔎 Show us how you'd get a victim to change their email! 👇 The best explanation gets a 25€ SWAG voucher!🎫

Want to find your first high severity issue on Code4rena to get +backstage role? This is one of the most common and easy to spot bug on c4. What is the problem here?

Allow me to unveil the enigmatic concept of read-only-reentrancy. Recently, a new exploit utilizing this vulnerability came to light, spurring me to dedicate the last 48 hours to curating an enlightening 🧵 for the benefit of the entire community to grasp its nuances.

28 ways to miss vulnerabilities in an audit 🧵

🪂 Sending Tokens Efficiently 🪂 The bull market is coming and gas prices are pumping. You shouldn’t be over paying for gas and spending more than you need to, costing yourself thousands of dollars. Here’s a tool that can you save you money when sending tokens in bulk. 1/16

My favorite ZK books: 1. The MoonMath Manual by Least Authority 2. Proofs, Args, and ZK by Justin Thaler 3. The Halo2 book by @zcash

1/12 I have found a bit of time to make the another disclosure of my finding, so here's the 2nd issue I've identified in the @openzeppelin library!

If anyone knows the people that run the @WaltsVault_NFT project, I have a list of improvements they should make to their smart contract. I don't normally do public audits before a mint, but the code is already live so why not 🫡

Timeline is flooded with auditoooors, and yet ...

Seeing a potential re-entrancy exploit with the Steady Stack Scam/Rug Victims contract. Looks like anyone on the goldlist can re-use their signatures to mint as many NFTs as they want. There's no supply check on this function so someone could mint out the remaining supply (limited by gas).

Anyone else not going to sleep tonight because Ben's $PSYOP token contract is adding an additional unnecessary ~2,000 gas to every single token transfer? Here's his contract: etherscan.io/address/0x3007… And here's a quick side by side of his function vs. a better one (simplified):

One beautiful trick that I have learned from weiss.eth : 1/4 Isn't it annoying when you have to read the contracts in etherscan like that:

HOW TO BUY $OXBT BRC-20 token on Bitcoin. On Apple iOS 👇 for beginners

The most effective software engineers I know always had a tendency to revert to writing "C" style code. Nothing seems to come close in terms of readability / maintainability.