Cyfrin Audits (@cyfrin) / X

Cyfrin Audits

2,409 posts

Cyfrin Audits

@cyfrin

Securing the blockchain and its users. Powering @cyfrinupdraft | @soloditofficial | @codehawks | @battlechain

Request an audit

Joined January 2023

Pinned
Cyfrin Audits
@cyfrin
Apr 15
Your newest AI security engineer has just arrived. Cygent isn't just an AI bug scanner; it learns your codebase, works alongside your team, and writes the PRs to fix them. - Finds bugs - Gets on calls - Schedules tasks - Proactive security advice All in your chat interface 🧵
00:00
29K
Cyfrin Audits
@cyfrin
Jun 22
Most ZKVM explainers are either too high-level to be useful or too academic to be practical. The middle ground, where you actually understand why the pipeline works and can see it in code, barely exists. Our team wrote the resource we wished we had. 🧵
1.2K
Cyfrin Audits
@cyfrin
Jun 22
Replying to @cyfrin
If you're building on or around ZK infrastructure, understanding what's actually happening under the hood changes how you reason about tradeoffs, security assumptions, and where things can break.
217
Cyfrin Audits
@cyfrin
Jun 22
We put this together because the gap between "I get the concept" and "I understand the system" is exactly where costly mistakes live. Hope it's useful. Big shout out to @Ubermensh3dot0 for the article!
Making Sense of ZK Virtual Machines
From cyfrin.io
214
Cyfrin Audits
@cyfrin
Jun 14
The Calldata Digest from ERC-8213 is two lines of code. Here's exactly how it works, with a concrete test vector you can run right now. 🧵
1.3K
Cyfrin Audits
@cyfrin
Jun 14
Replying to @cyfrin
This is chain-agnostic by design. The same transfer calldata produces the same digest on Ethereum, Arbitrum, Base, or any EVM chain. A protocol can publish expected digests alongside upgrade transactions the way Linux distros publish SHA-256 hashes alongside ISOs. Signers compute
342
Cyfrin Audits
@cyfrin
Jun 14
This is the primitive behind every "read the calldata" recommendation we've given teams for two years. ERC-8213 makes it executable. Reference implementation and the full spec:
GitHub - PatrickAlphaC/erc8213: A static site for teaching about ERC-8213
From github.com
300
Cyfrin Audits reposted
Spiral Stake
@0xspiralstake
Jun 2
Introducing Spiral Stake v2 An atomic & composable execution layer for onchain leverage markets on Ethereum. Powered by @Morpho’s risk isolated markets. Make your leveraged position (upto 9x) seamless, flexible to manage & gas efficient with v2. Entry/exit in one click. For
00:00
57K
Cyfrin Audits
@cyfrin
Jun 11
ERC-7730 and ERC-8213 keep getting framed as competitors. They're not. They solve different trust problems for different signers. A wallet should ship both. 🧵
763
Cyfrin Audits
@cyfrin
Jun 11
Replying to @cyfrin
The Bybit signers had hardware wallets. They had training. What they lacked was a fixed, short reference value to compare against an independent source. ERC-8213 gives them exactly that. Two lines of code to compute. One digest to match. That's the whole verification step.
203
Cyfrin Audits
@cyfrin
Jun 11
Right now, exactly one wallet has shipped ERC-8213: Keycard Shell. Ledger, Trezor, MetaMask, Safe, Rabby, and every other major wallet have the work ahead of them. The spec is small. The implementation cost is minimal. Which wallet ships it next? Track adoption here:
erc8213.eth.limo
ERC-8213 — Cryptographic Fingerprints for Wallets
The standard for displaying EIP-712 and calldata digests so signers can verify what they sign.
231
Cyfrin Audits
@cyfrin
Jun 8
We've watched teams lose hours context-switching between vulnerability alerts, package managers, and chat threads trying to confirm a fix actually landed. Cygent now lets you trigger a dependency re-scan directly from Slack, Discord, or Telegram. 🧵
1.2K
Cyfrin Audits
@cyfrin
Jun 8
Replying to @cyfrin
The loop between alert and verification is where teams stall. An alert fires in Slack, someone opens a browser, checks the advisory, cross-references the lockfile, pushes a bump, then has no fast way to confirm it resolved. Cygent closes that loop in the same channel where the
213
Cyfrin Audits
@cyfrin
Jun 8
Our auditors see dependency issues in nearly every engagement. The teams that catch them early are the ones with workflows that don't punish you for checking. That's what this is built for. Cygent dependency monitoring is live now. Worth setting up before your next dependency
Cygent — Your Dedicated AI Security Engineer
From cygent.dev
196