Richard Meissner
@rimeissner
Co-founder @safe
📢 Today is THE day. Last year the @safe project committed itself to foster an ecosystem and this motivation has been again communicated with the Safe DAO constitution. snapshot.org/#/safe.eth/pro…
Voting for SEP 54 is live⏰ 📍End date: August 4, 9.30 AM UTC Temporary pause on resource allocation of SafeDAO: snapshot.box/#/s:safe.eth/p…
does anyone use multisigs outside of a high-value slow-moving context (i.e. cold wallets, protocol admins, etc)? what's your use case?
Are there any permissionless 4337 bundlers? Was looking into improving UX of our decentralize queue project. To get a bundler url everywhere I need to login and use an API key. Why? I love that there are plenty permissionless RPCs. I want this for @erc4337 bundlers too.…
It gets even more fancy: the way Etherscan was tricked showing the wrong implementation contract is based on setting 2 different proxy slots in the same frontrunning tx. So Etherscan uses a certain heuristic that incorporates different storage slots to retrieve the implementation…
We @VennBuild just discovered a critical backdoor on thousands of smart contracts leaving over $10,000,000 at risk for months Along with the help of security researchers @dedaub @pcaversaccio, the seals team @seal_911 and others, we managed to rescue the majority of funds…
🚨 How many signers can own a multi-sig? What if you could do 1,000,000-of-10,000,000 signatures for the same gas cost as 2-of-3? A massive upgrade could be possible, allowing for many new use cases. Enter FROST — standardized, secure, and 95% cheaper than pairing-based sigs.…
Talking about privacy + multisig features If you could only make one thing private in a multisig, which would you choose?
So someone contacts you on LinkedIn with a promising job opportunity. Sounds nice, innit? They seem legit (after checking them for 1 min) and after some short convo they send you a GitHub repo with a simple Next.js "recruiting task". You clone it, run it… and 10 mins later, your…
What does decentralization mean and what is the right level? These are important questions to the Safe Research team. Harbour explores an extreme, which is to put everything onchain. We want to find the sweet spot where cypherpunk principles meet awesome UX.…
x.com/i/article/1940…
100 ETH were assumed lost but could eventually be recovered. Here's what happened, how it became a happy ending and what's needed to prevent this from happening again. Context A user of Safe{Wallet} wanted to bridge 100 ETH from Mainnet to Base. But then they realized that they…
I lost my life savings in one click using @safe last night. That's after 8 years of holding ETH and avoiding scams. A UX bug within the official Bridge feature, implied the destination address was my Safe on Base. It wasn't. Essentially, due to the age of my Safe, a bad actor had…
Alright folks, a new nice update was just shipped to the safe-tx-hashes-util script. Some security councils use so-called nested Safes as signers (i.e. use a Safe as a signatory to another Safe). When a nested Safe needs to approve a transaction on the primary Safe, it must call…
So while some moronic DeFi projects still refuse to donate without KYC (they probably prefer donating to fake KYCed DPRK IT workers instead at this stage), some new features have dropped for my safe-tx-hashes-util script today (I simply do this because I fucking care about our…
Bybit effectively signed an _untrusted_ delegatecall transaction and unfortunately the rest is history. To prevent these kinds of mistakes and discourage anyone from signing such transactions, I've just added warnings for _untrusted_ delegatecalls in my Safe tx hashes script. You…
That's all am gonna say for now re Bybit x.com/pcaversaccio/s…
Over the last few days, I have had the pleasure to directly engage with some of the best security folks in the industry for advice Giving a shout out to @Mudit__Gupta @pcaversaccio @samczsun @AndrewMohawk @_SEAL_Org 👆Folks should follow 👆