publicqi (@publicqi) / X

publicqi

349 posts

publicqi

@publicqi

@solayer_labs @fuzzland_ CTF @Shellphish @StrawHat_CTF W&M. Opinions are not my own and purely LLM-generated

outisde the context window

Joined December 2013

publicqi
@publicqi
Mar 5, 2025
We @fried_rice @tonykebot found a critical vulnerability in time.fun last week and conducted a hack. The vulnerability allows hackers to steal all trading fees and modify metadata (e.g. change "toly's minute" to "vitalik's minute") of every tokens launched. As the
76K
publicqi
@publicqi
Mar 21, 2025
We found a leading Web3 project unintentionally exposed Redis credentials. Initially got dismissed due to limited impact (Redis v6.2, no RCE exploit), we escalated this into a full cloud takeover by building our own RCE exploit for Redis 6.2.11 Details in 🧵
00:00
43K
publicqi
@publicqi
Apr 14, 2025
writing a mev launchpad program using really unsafe rust. open source soon.
11K
publicqi
@publicqi
Mar 7, 2025
the philosophy behind infinisvm is simple: cut anything unnecessarily slow and use the fastest. interpreted bytecode is slow so we used svm gossip is slow so we proposed a new consensus traffic over tcp/udp is slow so we used RDMA + SDN
Solayer (mainnet arc)
@solayer_labs
Mar 6, 2025
Article
Infinite Scalability: InfiniSVM's Hardware-Accelerated Architecture
Crypto is at an inflection point. On-chain finance, institutional RWA adoption, and AI agents are pushing blockchain infrastructure to its limits. Ethereum struggles with single-digit TPS, and even...
15K
publicqi
@publicqi
Apr 14, 2025
good example of how auditors and *hackers* think differently: - threat model: inputs are generated by associated ix builder, so minimal checks is needed on chain. there is not attacking surface in this senario - svm: if the unsafe code fuck up, invalid memory access only leads
philogy
@real_philogy
Apr 14, 2025
Good example of how *not* to use unsafe - `from_raw_parts` instead of `.get_unchecked(data_offset..)` - does not mark his method as unsafe or explain why the assumption on the data should always hold - probably didn't even benchmark before making this change
11K
publicqi
@publicqi
Apr 2, 2025
reason for the open source
Chaofan Shou
@Fried_rice
Apr 2, 2025
Open sourcing our Sui arbitrage bot that made $200k+: github.com/fuzzland/sui-m… The bot can arb between DEX like @CetusProtocol @navi_protocol @AftermathFi @DeepBookonSui @Turbos_finance @KriyaDEX. We also built a MoveVM simulator in Rust that can fork the chain and simulate tx
11K
publicqi
@publicqi
Nov 28, 2024
Rug coins evolved from using unreadable function names to hiding a mini backdoor in assembly. The owner can transfer anyone's token. Verified contracts doesn't mean safety. Stay cautious in meme seasons!
seaify
@seaify1
Nov 28, 2024
日你大爷，我说我买的这个币，咋一直不卖，调查了下，竟然是被外部调用，把我买的币给转到黑洞去了，畜生狗东西, 这畜生给一堆人的币给燃烧了
 8.5K
publicqi
@publicqi
Apr 28, 2025
my failed attempt reproducing the loopscale hack github.com/publicqi/loops… is getting an account's historical state on solana still unsolvable in 2025?
GitHub - publicqi/loopscale-hack
From github.com
5.1K
publicqi
@publicqi
Jan 30, 2025
solayer switched to 2.1.11 with @paladin_solana patch yesterday and sSOL is ranked #2 among the top 10 biggest pool with an APY of 12.19%. and the new p3 helped boosted 30512 transactions one day by not acquiring locks and blocking normal txs
15K
publicqi
@publicqi
Jan 6, 2025
1/5 I've been building a 🏎️ with the amazing folks @solayer_labs, exploiting both software and hardware to reach absolute limits.
9.8K
publicqi
@publicqi
Apr 17, 2025
one low hanging fruit a validator can mod their scheduler for better performance is that to do regression on historical data to infer real "priority" instead of using lamports per cu
9.6K
publicqi
@publicqi
Mar 29, 2025
to ethereum folks: this is solady on solana. it's a great starting point to learn and contribute to solana. i have enjoyed golfing ELFs so much!
febo
@0x_febo
Mar 29, 2025
Now pinocchio releases include a changelog, so it is easier to track what is new. 😊 The latest one includes excellent contributions from @publicqi , @BasedOrion_ , @L0STE_ and @deanmlittle: - Efficient Instructions sysvar access - SPL Memo client github.com/anza-xyz/pinoc…
3.1K
publicqi
@publicqi
Nov 2, 2024
We’ve seen multiple advanced MEV bots using program analysis in the past few months. Join me to learn some SOTA MEV strategies and how our team managed to prevent some hacks
Defi Security Summit
@summit_defi
Nov 1, 2024
A Cat-and-Mouse Game: How to Frontrun a Transaction in the Future 🗓️ November 8th Join Qi Su from @fuzzland_ as they explore the attack-defense dynamics in the MEV world. This talk will cover MEV transactions and their role in protecting projects from hackers. Discover the
2K
publicqi
@publicqi
Feb 14, 2024
Exactly the same CTF chall from @cor_ctf 2023 and here’s a writeup from @Chovid99 x.com/Chovid99/statu…
Chaofan Shou
@Fried_rice
Feb 14, 2024
$MINER is hacked. Do not interact! app.sentio.xyz/tx/1/0x4b9de8c… The root cause is if you transfer to yourself, your balance would be doubled.
1.9K