Share this page!

Mikko Ohtamaa 🐮 Profile picture
Twitter logo
24 Aug, 15 tweets, 6 min read
1/ The GoEthereum 1.10.8 "hot fix" patch just went out. This is a critical patch, seems like it is an EVM level exploit, so it affects the whole #Ethereum network.

What's the bug? This is the question of many billion dollars.

Keep reading

👇👇👇
2/ The bug was originally discovered during Telos EVM, an EVM as-a-smart contract implementation on the to of EOS, audit.

Never heard of Telos? It's your VC free grass root effort, based on the EOS codebase.

docs.telos.net/evm/comparing-…
3/ The Telos press release itself here, see tweet from @Douglas_Horn, one of the leading Telos people:

4/ The issue was found during fuzzing of Telos EVM implementation. Telos is slow to move, takes the security seriously.

The work was contracted to @sentnl_io and the issue was found by @GuidoVranken
5/ The @go_ethereum team has been unusually tight lipped about the security hot fix. It means everybody needs to update to keep Ethereum network secure. So unless you are geth insider developer, others are just speculating about the issue this point.
6/ But the new version with the source code is out now, so it should be just matter of hours until the black hats diff the source code, find the done code changes and start preparing their attack payloads.
7/ Because this was well announced beforehand, I am not worried about #Ethereum mainnet. Updates are rolling out steadily.

But the problem is that @go_ethereum has been forked left and right by semi co-operative and non-coperative teams.
8/ Geth fork users include

@0xPolygon (good reputation)
@Binance Smart Chain (haha reputation)
@avalancheavax

And I assume Arbitrum and Optimism also run modified geth.

etc. etc.
9/ Some of these teams are not known not to have have a professional relationship with the upstream geth team, are unlikely to be priviledged for the patch content.

They are bad open source citizens.
10/ Also geth team has zero incentives to let others know what the bug is, because if you are not a nice fork, the upstream project does not need to be nice either. Tit for a tat. Do your own security dammit.
11/ Now for the juicey part

👇👇👇

It sounds like the hotfixed @go_ethereum issue will affect the every geth fork out there, though I have no confirmation for this yet.

Based on @hellotelos press release, it sounds like an issue with the EVM itself.
12/ GoEthereum updates are rolling out nicely. But let's see how e.g. Binance Smart Chain people will get an update out, in timely and professional fashion.
13/ If the bug can be exploited on forked geth chains, then #Ethereum clones are going to have a nice exciting week ahead.

In a bad hair day sense.
14/ That's is all this time. I updated my geth. Looking forward to see patches for Polygon and BSC.

But meanwhile, I am going to buy some popcorn. Might have good fire to make them pop.
Ps. Don't forget to subscribe to my newsletter

newsletter.capitalgram.com

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mikko Ohtamaa 🐮

Mikko Ohtamaa 🐮 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @moo9000

Mikko Ohtamaa 🐮 Profile picture
15 Sep
1/ THE TALES OF BLOCKCHAIN FAILURES

A Twitter novel

Who? When? Why?

Keep reading 👇👇👇
2/ Solana was down yesterday, Arbitrum was "down" as well.

Salty maxis crawled out from the caves shouting "#Bitcoin is never down" "#Ethereum is never down" "#IOTA is never down"

Technically they are not correct.
3/ So let's look at all the bad things that happened with the blockchain networks as a whole in history.
Read 34 tweets
Mikko Ohtamaa 🐮 Profile picture
14 Sep
KB-96542804 How to turn a blockchain off and on again Image
To be honest, this process is not different I have seen on some other chains and during the EOS launch party.

1) Verify state and software version

2) Choose what chain to follow Image
What makes it interesting is slashing etc. and what happens with penalties for validators.

While events like this have happened before for chains, and many testnets, I do think the scale of this event sets a precendence.
Read 10 tweets
Mikko Ohtamaa 🐮 Profile picture
6 Sep
1/ Climate activist arrested after ProtonMail discloses the IP address.

An interesting case for privacy and why this is significant: A decentralisation and #infosec thread.

Put on your Guy Fawkes masks now.

👇👇👇
2/ "@ProtonMail received a legal request from Europol through Swiss authorities to provide information about Youth for Climate action in Paris, they provided the IP address and information on the type of device used to the police"
3/ The HackerNews discussion here

news.ycombinator.com/item?id=284272…
Read 26 tweets
Mikko Ohtamaa 🐮 Profile picture
11 Aug
1/ Welcome to the #DeFi Wednesday, my ladies and penguins.

My fellow DeFi plebs are in the midst of a dark week - namely the largest ANY hack, EVER. And it happens to be a DeFi hack.

Let's dive into the dilemma how to instantly lose $666M

👇👇👇
2/ Poly Network (not affiliated with Polygon or $MATIC) had its cross-chain asset bridge hacked yesterday.

As far as I know this was the largest fintech hack, or even a bug, EVER.
3/ What is a bridge?

This cross-chain bridge is making non-natively issued tokens available on other blockchains. For example, $ETH and $DAI natively exist on only on #Ethereum mainnet. If you trade $ETH or $DAI on Polygon or Binance Smart Chain, it is a bridged asset.
Read 53 tweets
Mikko Ohtamaa 🐮 Profile picture
14 Jul
1/ Welcome to #DeFi Wednesday.

Scaling wars begun have. After high fees and congestion of 2021, everyone and their cow is out there to make a better EVM - #Ethereum Virtual Machine - blockchain. But how far the 7 years old EVM architecture can still take us?

👇👇👇
2/ For those, who hate reading threads on Twitter (which I know if all of you) and who enjoy long reads, my research is also available in the blog post:

capitalgram.com/posts/scaling-…

Good for getting sleeep at night.
3/ The first question we need to ask "why EVM?" There are nice highly scalable blockchains like @NEARProtocol, @solana and even @EOS_io out here. They provide more modern architecture than EVM and can do much better throughput and disk use.
Read 105 tweets
Mikko Ohtamaa 🐮 Profile picture
17 Jun
1/ Welcome back to the #DeFi Thursday.

Today we discuss the most massive algorithmic stablecoin crash known to humankind, $TITAN of @IronFinance

Or: How @mcuban was RUGGED BY THE PEOPLE and how to lose TWO BILLION DOLLARS.
2/ The "Rugged by the people" slogan was created by @freddieFarmer so do not let me take credit on that one.

But let's get started.

👇👇👇
3/ Iron Finance is (was) an algorithmic stablecoin on @0xPolygon blockchain.
Read 35 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @moo9000 has new unrolls!

Check out other threads from @moo9000!

Read all threads by @moo9000

:(