karma

@0xkarmacoma

recovering skeptic // research engineer @a16zcrypto

Joined May 2021

1KFollowing

7KFollowers

Pinned

karma@0xkarmacoma · Nov 18, 2023

Here are the main points from my Solidity Summit talk: Symbolic execution is a generic technique that can be used to explore paths in your program Symbolic execution treats your program like a dungeon in an RPG: it explores everything until it finds and defeats the boss. The…

0xkarmacoma's tweet image. Here are the main points from my Solidity Summit talk:

Symbolic execution is a generic technique that can be used to explore paths in your program

Symbolic execution treats your program like a dungeon in an RPG: it explores everything until it finds and defeats the boss.

The…

239

183

43.0K

karma@0xkarmacoma · 7 h

you know how devs feel when they watch speedrunners do crazy stuff with their games? this is how I feel when Ihor uses halmos

IIhor Hanich@ihorhanich · 9 h

Just finished a detailed in-depth writeup on catching complex vulnerabilities (including reentrancy and DoS) using halmos+halmos-helpers-lib symbolic testing that are tied to a malicious external contract on a real-world example. Details in🧵

465

karma@0xkarmacoma · Jul 23

hot take: you can’t just guess the spec from the code which I guess is an argument for the maker naming scheme

DDaniel Von Fange@danielvf · Jul 22

Having been on the receiving end of a bug bounty program and audits, this is easy: Severity: High - Permanent freezing of funds. ETH sent to the contract via self-destruct calls cannot be withdrawn from the contract and is cannot be recovered.

555

karma@0xkarmacoma · Jul 18

I have nightmares about this. It’s a no pants at school sort of situation

JJames Prestwich@_prestwich · Jul 18

said i.e when i meant e.g. and they laughed me out of the coffee shop

414

karma@0xkarmacoma · Jul 18

cool startup idea, someone should do it

748

karma@0xkarmacoma · Jul 18

not a USB stick, we should etch the weights on a gold-plated disc maybe even send it in space

SSimon Willison@simonw · Jul 18

MIT Technology Review wrote about my dystopian backup plan USB stick

491

karma@0xkarmacoma · Jul 15

3h of meetings on the treadmill today, chafing pretty bad

483

karma@0xkarmacoma · Jul 15

Please do not use mazes to benchmark fuzzers

aalpharush@0xalpharush · Jul 11

Please do not use mazes to benchmark fuzzers

514

karma@0xkarmacoma · Jul 15

Absolutely huge upgrades to Halmos. Incredible improvements dev ex and vulnerability finding capabilities. Really looking forward to getting my hands dirty with this one. Big props to @0xkarmacoma!

kkarma@0xkarmacoma · Jul 14

halmos v0.3.0 release highlights! (quick reminder: halmos is a symbolic testing tool for EVM bytecode which interfaces nicely with foundry projects and supports multiple SMT solvers) 1. we (finally) added support for stateful invariant testing

1.0K

karma@0xkarmacoma · Jul 15

we got the fancy silverware (bulletpoints) out for the occasion

EEddy Lazzarin 🟠🔭@eddylazzarin · Jul 15

Karma is being modest — huge update for Halmos! ∎ Stateful invariant testing (very powerful) ∎ Flamegraphs (see what Halmos is exploring) ∎ 30x faster interpreter (!!!) ∎ Easily select many solvers ∎ Coverage reports ∎ Solx support ∎ more cheatcodes ∎ ... and more

815