Cyfrin Audits (@cyfrin) / X

Cyfrin Audits

2,404 posts

Cyfrin Audits

@cyfrin

Securing the blockchain and its users. Powering @cyfrinupdraft | @soloditofficial | @codehawks | @battlechain

Request an audit

Joined January 2023

Pinned
Cyfrin Audits
@cyfrin
Apr 15
Your newest AI security engineer has just arrived. Cygent isn't just an AI bug scanner; it learns your codebase, works alongside your team, and writes the PRs to fix them. - Finds bugs - Gets on calls - Schedules tasks - Proactive security advice All in your chat interface 🧵
00:00
29K
Cyfrin Audits
@cyfrin
Jun 14
The Calldata Digest from ERC-8213 is two lines of code. Here's exactly how it works, with a concrete test vector you can run right now. 🧵
1.3K
Cyfrin Audits
@cyfrin
Jun 14
Replying to @cyfrin
This is chain-agnostic by design. The same transfer calldata produces the same digest on Ethereum, Arbitrum, Base, or any EVM chain. A protocol can publish expected digests alongside upgrade transactions the way Linux distros publish SHA-256 hashes alongside ISOs. Signers compute
315
Cyfrin Audits
@cyfrin
Jun 14
This is the primitive behind every "read the calldata" recommendation we've given teams for two years. ERC-8213 makes it executable. Reference implementation and the full spec:
GitHub - PatrickAlphaC/erc8213: A static site for teaching about ERC-8213
From github.com
278
Cyfrin Audits reposted
Spiral Stake
@0xspiralstake
Jun 2
Introducing Spiral Stake v2 An atomic & composable execution layer for onchain leverage markets on Ethereum. Powered by @Morpho’s risk isolated markets. Make your leveraged position (upto 9x) seamless, flexible to manage & gas efficient with v2. Entry/exit in one click. For
00:00
57K
Cyfrin Audits
@cyfrin
Jun 11
ERC-7730 and ERC-8213 keep getting framed as competitors. They're not. They solve different trust problems for different signers. A wallet should ship both. 🧵
747
Cyfrin Audits
@cyfrin
Jun 11
Replying to @cyfrin
The Bybit signers had hardware wallets. They had training. What they lacked was a fixed, short reference value to compare against an independent source. ERC-8213 gives them exactly that. Two lines of code to compute. One digest to match. That's the whole verification step.
187
Cyfrin Audits
@cyfrin
Jun 11
Right now, exactly one wallet has shipped ERC-8213: Keycard Shell. Ledger, Trezor, MetaMask, Safe, Rabby, and every other major wallet have the work ahead of them. The spec is small. The implementation cost is minimal. Which wallet ships it next? Track adoption here:
erc8213.eth.limo
ERC-8213 — Cryptographic Fingerprints for Wallets
The standard for displaying EIP-712 and calldata digests so signers can verify what they sign.
217
Cyfrin Audits
@cyfrin
Jun 8
We've watched teams lose hours context-switching between vulnerability alerts, package managers, and chat threads trying to confirm a fix actually landed. Cygent now lets you trigger a dependency re-scan directly from Slack, Discord, or Telegram. 🧵
1.2K
Cyfrin Audits
@cyfrin
Jun 8
Replying to @cyfrin
The loop between alert and verification is where teams stall. An alert fires in Slack, someone opens a browser, checks the advisory, cross-references the lockfile, pushes a bump, then has no fast way to confirm it resolved. Cygent closes that loop in the same channel where the
205
Cyfrin Audits
@cyfrin
Jun 8
Our auditors see dependency issues in nearly every engagement. The teams that catch them early are the ones with workflows that don't punish you for checking. That's what this is built for. Cygent dependency monitoring is live now. Worth setting up before your next dependency
Cygent — Your Dedicated AI Security Engineer
From cygent.dev
190
Cyfrin Audits
@cyfrin
Jun 7
Most vulnerabilities we see in audited codebases don't come from code the team wrote. They come from packages the team never directly installed. 🧵
789
Cyfrin Audits
@cyfrin
Jun 7
Replying to @cyfrin
Cygent checks OSV, GHSA, Socket, and other intelligence sources in one pass. When severity changes or advisories get updated, it re-evaluates and notifies your team through Slack, Discord, Telegram, or email. You can also trigger a fresh scan directly from chat after pushing a
271
Cyfrin Audits
@cyfrin
Jun 7
We've audited hundreds of protocols. The teams that get burned by dependency issues aren't the careless ones. They're the ones with no system for catching what they can't see. Cygent collapses that entire workflow into one place so your team can focus on building.
Cygent — Your Dedicated AI Security Engineer
From cygent.dev
222