Twitter | Search | |
Philip Daian
Hi, I'm Phil! A software engineer w a passion for security, p2p, applied crypto. Grasping for tractability . Tweets mine, results preliminary, COIs↓↓
6,993
Tweets
923
Following
9,631
Followers
Tweets
Philip Daian 17h
Replying to @JWestJest @dguido
But if you do, you may end up being "insecure" against non-compliant tokens, with user funds being stuck: So there usually isn't objective/binary "security" often, only tradeoffs and tradeoff preferences.
Reply Retweet Like
Philip Daian 17h
Replying to @JWestJest @dguido
Worth noting two different security experts will also often disagree on whether code is secure. For example, requiring on the transfer/transferFrom outputs of an ERC20. Many say you should, as the spec specifies that you should (and if you don't, some compliant tokens insecure)
Reply Retweet Like
Philip Daian 17h
Replying to @JWestJest @dguido
Agree w. Dan. I see FV as mathematical testing. If you have tests, it doesn't mean you're secure. For most contracts, we don't even know what "secure" means or how to formally state it. But if you don't have tests/FV, it just means you're cheating on your homework.. bad sign.
Reply Retweet Like
Philip Daian retweeted
Vlad Zamfir 18h
's great "inscrutable=💩" insight also works wonders in governance and law
Reply Retweet Like
Philip Daian retweeted
IC3 20h
Our reddit AMA is now live! Join us and ask us anything!
Reply Retweet Like
Philip Daian Sep 19
I don't think it's an anti-feature, I think it trades off some metering accuracy and contract safety risk for developer usability. You can write a higher level EVM language w static metering and convince miners to only accept that (more efficient for them), but devs won't use it.
Reply Retweet Like
Philip Daian Sep 19
Exactly. Doesn't need to be exact, just a reasonable approximation. You can also stick things that use gas between them: 0 JUMP 50 (do math, calls, whatever) 50 JUMP 0 You need metering if you can't compute execution cost statically, which for the EVM is a design goal/feature.
Reply Retweet Like
Philip Daian Sep 19
EVM has jump so you can write (modulo jumpdest/addressing/other details) 0 JUMP 10 10 JUMP 0 without changing any stacks.
Reply Retweet Like
Philip Daian Sep 19
If you have to wonder whether your behavior is near the line, it's probably on the wrong side of it. Shouldn't be hard to just be professional and respect others.
Reply Retweet Like
Philip Daian Sep 19
(trigger warning) Donald Trump is the epitome of rape culture, so the line should not start or end anywhere near him. Stallman publicly exhibits behaviors that make people uncomfortable in the workplace based on their gender. That's IMO a better place to start drawing the line.
Reply Retweet Like
Philip Daian Sep 19
Stallman has been an ideological influence... as long as I can remember. I have a Gnu signed by him. Not sad to see him go given the attitudes that continue. I hope he takes this opportunity for harsh reflection and growth, and comes back with new empathy. We can all be better.
Reply Retweet Like
Philip Daian retweeted
IC3 Sep 18
Coming October 2nd! will be having a NYC meetup at Cornell Tech on "Smart Contracts as Fertile Ground for Exploitation". Pre-registration is required, register here: You won't want to miss this!
Reply Retweet Like
Philip Daian Sep 17
Replying to @ercwl @decryptmedia
Are there binaries? Why hasn't anyone decompiled/fuzzed yet?
Reply Retweet Like
Philip Daian Sep 17
People already have transparent trading strategies for on-chain AMMs on Ethereum that are very useful (eg - query all books, arb atomically). The off-chain code pings on-chain strategy as often as predicted profitable; in some senses that's the sauce (when ping, how much to pay).
Reply Retweet Like
Philip Daian Sep 17
I'd have to dig into the on-chain txs (links for the lazy?). Seems possible to do this robustly with some UX penalty, but somewhat centralizing because whoever is choosing the oracle tx gas price now has some power to cancel txs. Overall a very interesting story, thanks!
Reply Retweet Like
Philip Daian Sep 16
Replying to @matthew_d_green
hahahaha. sooo either you have normal well adjusted students, or their manic cycles just happened to line up today, or they all love your wife's "Korean pork" (sic) 🤷‍♀️🤣.
Reply Retweet Like
Philip Daian Sep 16
Replying to @matthew_d_green
it's 6:30PM mate
Reply Retweet Like
Philip Daian retweeted
AirSwap Sep 13
Our team discovered a critical vulnerability in a new AirSwap smart contract. Read on to understand the steps we’ve taken to prevent the vulnerability from being exploited, and to determine whether you need to take immediate action.
Reply Retweet Like
Philip Daian retweeted
nic carter Sep 12
Yang turning democracy into an explicit dark dao does more to mainstream nrx than any of moldbug's 40,000 word essays ever did
Reply Retweet Like
Philip Daian Sep 11
Make sure you check in often and ensure they're all still having a good time 🔥.
Reply Retweet Like