sharing some news: I’ve joined the one & only @Uniswap 🦄 so much appreciation for my time at @OpenSea & will miss working with so many great people there excited to help tackle big challenges facing our ecosystem, starting w/ cross-chain swaps (lmk if you’re working on this!)
95
17
725
44,660
There's a well-known phenomenon in software development: often, you'll "plateau" for a while before discovering a new trick, tool, or workflow that radically upgrades your capabilities Recently discovered one such trick & want to share with my fellow smart contract optimizors 👇
14
90
671
Big 48 hours for Seaport — after a brief Solidity / Vyper holy war, we're now underway building a Vyper implementation with some of the brightest minds in the ecosystem. Will be fascinating to compare the two holistically once it's complete. Gotta say, I love build-a-bear
17
29
432
chain abstraction is all the rage right now value transfer across chains must become totally seamless this is the vision for cross-chain UniswapX been building out one of the primitives to help get there — a new protocol for reusable resource locks: The Compact 🤝 let's 🧵
21
47
420
65,688
I generally stay “in character” and commit to the pseudonymous crypto dev bit but recent events are too painful not to share our home and entire community has been absolutely obliterated by the Palisades wildfires overwhelmingly grateful for everyone’s safety in evacuating in time, for the efforts of firefighters & first responders, and for the outpouring of support from many of you all the hardest thing about this is not just our homes and “stuff” getting destroyed; it’s that the daily rhythms of life, work, school, community, leisure, etc are all suddenly *gone* I also must say: watching our very street burn on the news last night while a squadron of fire trucks were parked in the intersection, completely out of water, left me feeling immense anger obviously the government systems and policies in place here are not working. we know that wildfires can and will happen. how are we not collectively implementing better solutions to address this? it’s easy to say “just don’t build homes in high-risk areas” but this ignores the march of climate change that renders areas like the Palisades as much higher risk than they have been historically. do we simply abandon all these beautiful, temperate, hilly, wooded areas? I contend that we cannot and should not take such defeatist positions in this modern age — we should be aggressively devising and implementing bold, effective technologies and policies to tackle this issue head-on. fleets of drones with infrared sensors that can detect and quickly extinguish any wildfire the moment it starts should be table stakes for every fire department. if public authorities cannot act quickly and decisively in deploying these effectively, private options must be developed unencumbered by regulatory red tape. then, if a wildfire *does* take hold, running out of water to fight the fires *when you are next to a literal ocean* is simply unconscionable. there should be ridiculously abundant reservoirs of water, desalinated or even just straight from the sea, available all over any at-risk region, and the capacity to refill them on demand. obviously i’m still working through this whole situation and trying not to feel entirely powerless, but I can’t shake this feeling of betrayal and I know many from the Palisades and other areas affected by wildfires are feeling the same way. if you or someone you know is working on real solutions to fixing this problem once and for all, I’d love to learn more about it to help in properly rebuilding and protecting the place that we love
55
6
418
24,927
Today, we're open-sourcing an early proof-of-concept implementation of Seaport Gossip, a peer-to-peer network for discovering and broadcasting Seaport listings What is Seaport Gossip, why is it important, and how can you get involved in building it alongside us? Let's dig in:
11
44
322
Leaking some alpha on how to easily mine create2 salts to deploy contracts to efficient addresses. I've been using my trusty eGPU for years to great effect, but it's actually very fast and inexpensive to use the cloud (h/t @arr00 for the demonstration). Here's how to do it 👇
17
33
326
The Seaport version 1.2 contract is now deployed to many EVM chains! 0x00000000000006c7676171937C444f6BDe3D6282 The current Seaport contract (v1.1) is still usable & will be as long as whatever chain it's on keeps chugging; v1.2 is a new contract So, what's v1.2 all about? ⤵️
22
47
314
201,281
Introducing ret↩rn.eth 0x00000000000061aD8EE190710508A818aE5325C3 A generative audiovisual work where all metadata is stored & rendered onchain — i.e. a Music NFT™ An ERC721A contract, minting as an Ξ0.05 open edition for 72 hours Here’s the story & tech behind it ↵
28
41
299
77,352
Overwhelmed by the response to the Seaport protocol — want to take a moment to thank my coauthors, @d1ll0nk + @transmissions11, for their truly exemplary contributions, and to @emo_eth, @_LeFevre_, @stephanminkj, @Slokh, and many others at @OpenSea for getting us to this moment.
9
12
272
I've been "wearing" a green rectangle for half a decade, and by now it has become a core component of my pseudonymous identity With the help of StableDiffusion, I've created a new NFT collection to better express my personal aesthetics with 64 variations on the theme: ⬛🟩⬛.eth
29
11
243
Sharing the winning 0xMonaco car from team @opensea — no crazy low-level tricks or pricing techniques, just high-level strategies & tactics that break up the race into phases: sit back early on, maintain forward momentum, go full blitzkrieg at the end gist.github.com/0age/3600aeb…
7
31
229
Ever find yourself curious what the current memory layout looks like on a contract, but don't have ready access to more advanced tools? You can just set `bytes` as the return value to the function in question, then drop a call to this little function at your preferred breakpoint
7
28
227
Here's an easy way to distinguish intermediate Solidity devs from advanced devs: How well do you understand default ABI encoding? If you can describe how to encode an array of structs that themselves contain arrays of structs, you're advanced (GPT-4? Intermediate Solidity dev)
13
8
203
44,109
open-sourcing another piece of the cross-chain swap puzzle a framework for settling swaps on destination chains, handling disputes between fillers & redirecting MEV to swappers in the process: Tribunal ☝️ github.com/Uniswap/Tribunal let's get into what Tribunal's about 💬
12
21
185
27,011
Sharing an update on an issue (now resolved) that briefly impacted the @OpenSea Shared Storefront contract. TL;DR: a configuration issue made it possible in some instances for sellers to accept offers on Shared Storefront items and receive payment without owning the NFT.
4
47
185
Yesterday the @blur_io marketplace contract used ~1.4x of the gas the Seaport v1.1 contract did But Seaport moved ~1.5x of the NFTs that Blur moved Topping the Etherscan gas guzzlers can indicate lots of usage (props to Blur on that front) It can also indicate lots of wastage
7
3
177
25,770
open-sourced another building block on the path to cross-chain swaps: a reference implementation of a minimalistic server-based allocator for The Compact it's called Smallocator 🤏 github.com/Uniswap/smallocat… if you're wondering "what the hell is an allocator" then read on ↓
13
14
147
23,450
Lots of good (and plenty of bad) info on replay attacks in an ETH POS/POW chain split scenario heading into the merge Here's a definitive breakdown on the NFT-specific situation & what to watch out for when interacting w/ Seaport / @OpenSea, @LooksRare, @the_x2y2, & @sudoswap 👇
3
41
170
Fully public contract state, anyone?
14
11
170
Excited and humbled to be joining OpenSea as Head of Protocol Development. To everyone who's been a part of the journey at Dharma — thank you for your trust and support!
1/ On behalf of the entire Dharma organization, we are thrilled to announce that we’re being acquired by @OpenSea. dharma.mirror.xyz/AiAKDL49Ch…
21
6
174
Crowd-sourcing some solidity code snippet optimizations — whoever comes up with the most gas-efficient optimization gets bragging rights. First challenge: get some fraction of a number and revert if the result isn’t exact (i.e. significant digits are truncated during division).
17
22
157
Seaport v1.4 has been deployed and is ready for production use! 0x00000000000001ad428e4906aE43D8F9852d0dD6 Version 1.4 addresses a few issues on Seaport v1.2 & v1.3, "developer preview" versions not recommended for production use Let's go over v1.4 changes & lessons learned ⤵️
8
17
156
66,933
Anybody that’s still authoring ownable contracts without a two-step ownership transfer process (e.g. transferOwnership + acceptOwnership) has clearly never needed to transfer ownership of a contract with significant value
14
8
147
Seaport joins the triple comma club 🎉
19
5
147
open-sourced an indexer for The Compact built alongside the gigabrains at @ponder_sh github.com/Uniswap/the-compa… very clutch for anyone building a frontend, tracking analytics, or running a filler or an allocator (link to hosted version in the README) h/t @typedarray @kyscott18
7
14
151
11,862
Seaport v1.5 has been deployed across a multitude of chains & testnets 0x00000000000000ADc04C56Bf30aC9d3c0aAF14dC @OpenSea will begin migrating to v1.5 starting next week; more precise details to come Huge thanks @eth_call, @d1ll0nk, @emo_eth, @dan_OpenSea, & @stephanminkj
9
16
143
83,853
The Seaport @code4rena competition has now ended — thanks again to the many reviewers who participated! A summary of relevant findings will be made available soon, but I'd like to share some key findings and give a heads-up that we'll be deploying Seaport v1.1 to address them.
2
24
130
Basic: If you write your contracts in assembly, nobody will review it Based: If you take the time to write your contracts in thoughtful, readable assembly, everybody will review it Massive appreciation for all of you Seaport reviewers — this is how we learn and build together
4
6
129
> TypeError: Function declared as pure, but this expression (potentially) reads from the environment or state and thus requires "view" 🤔 "requires" ? 🤔 (Keeping those pure functions pure wasn't easy and I'll go to ridiculous lengths to avoid having to even temporarily change them to view functions just to log stuff)
10
2
131
25,854
Huge relief that the ETH POW fork is modifying the chainID, which keeps most of the chaos on the forked chain from bleeding into the main POS chain via replay attacks; Seaport listings will also be replay-safe Still, the safe play is to avoid signing anything on the POW chain
ETHW Core just released its ChainIDs - Mainnet: 10001 Testnet: 10002 - 10005
6
13
122
This is undoubtably going to be the most intense day yet in my quest through the metaverse. Countless talented people have put in a colossal amount of work preparing to perform nearly-simultaneous @OpenSea and @Dharma_HQ protocol upgrades ~4 hours from now.
4
12
115
Back with another episode of "debugging without advanced tools available" — say you want to quickly see what data a particular bytes array contains (or could also provide a grab bag of variables via abi.encode). Pass it to this function and it'll get spit out as a revert string
4
12
115
Is anyone actually still confused on how to pronounce ETH? It’s obvious, really Same vowel sound as read, lead, and tear
20
3
118
We need better comparisons of feature support and respective gas usage across NFT marketplaces in an objective, reproducible format — @opensea @ourZORA @LooksRareNFT @0xProject @the_x2y2 et al, let’s all collaborate on getting each of our marketplaces into a public repo this week
11
3
117
To whoever just registered `openseadeployer.eth` and is now deploying phishing contracts: 👎🚫 (obviously not @opensea, as always be smart and careful when granting token approvals)
5
24
110
Seaport is MIT licensed; anyone can fork it and redeploy it However, there are a *lot* of reasons not to fork it With that said — if you *do* decide to fork... For the love of Satoshi, USE THE CANONICAL CONDUIT CONTROLLER That way you can migrate back to the canonical Seaport
4
5
114
19,983
Just spent >1.2 ETH to deploy two view-method-only contracts to mainnet AMA
17
1
112
20,272
Seaport v1.1 has been live for over 5 months Since then, our ecosystem has developed a deeper understanding of it It's time to apply what we've learned in building the next iteration of the Seaport Protocol! Some data, proposed key features, and a call to join the discussion:
2
12
104
It’s been over 3 years since this contract was used Shame, as it’s a pretty awesome concept It’ll scan the bytecode of a contract, ensure that there are no reachable SELFDESTRUCT / DELEGATECALL / CALLCODE opcodes, and register it as indestructible etherscan.io/address/indestr…
5
4
107
22,280
Phase 1: I don’t understand this assembly, but someone smarter does so must be safe Phase 2: I understand this solidity, but not enough other reviewers do so must be unsafe Phase 3: *nobody* understands the solidity compiler but I understand this assembly so it could be safest
8
4
109
Highly advocate that anyone leveraging upgradeable proxies with an initialize function use a pattern where initialization is only permitted during contract creation (e.g. ensure that address(this).code.length == 0) rather than based on a value held in storage (prone to collision)
Audius post-mortem suggests it was exploited because of a storage slot collision in their contracts which used OpenZeppelin Upgradeable Proxy. blog.audius.co/article/audiu… The twist is their contracts were audited by none other than OpenZeppelin themselves. blog.openzeppelin.com/audius…
3
13
108
Devcon has been fantastic thus far, so good to see everyone Just have one major beef Why is EIP-1153 / TSTORE not getting more love?!
8
10
105
Grateful to now have the opportunity to publicly thank everyone who was involved in identifying this vulnerability and successfully executing on its remediation before any exploit was performed. nft.mirror.xyz/VdF3BYwuzXgLr…
2
17
102
We won 0xMonaco and in this moment I am EUPHORIC Can’t thank @transmissions11 @_Dave__White_ @sina_eth_ @ttobbaybbob @TylerCrimm and the whole @paradigm_ctf squad enough for coming up with such a compelling concept and executing on it so well
Replying to @paradigm_ctf
Additionally, congrats to the winners of 0xMonaco, our first PVP CTF challenge. We can't wait to see your write-ups!
9
3
106
I’ve been beating this drum ever since this feature was rolled out — it is structurally unsafe to sign an opaque hash representing arbitrary listings The @blur_io marketplace is upgradeable — it is imperative that they move to signing readable, typed data like Seaport does ASAP
Blur signatures are now being used to steal NFTs ☠️ These are even more dangerous than the Opensea/Seaport signatures because the message is unreadable We've already added a security measures to keep you safe Here's a quick rundown 👇
6
5
100
24,169
We've found a minor bug in Seaport v1.4 that only impacts potential future integrations Due to the low severity, @OpenSea will stay on v1.4 for now We've prepared a fix for v1.5 & are writing more tests before deploying Let's dig in to the bug & the path forward from here ⤵️
3
8
96
19,668
Getting lots of questions on what’s next on the “roadmap” I’ll tell ya what’s next: Deploying the most flexible, efficient, and secure NFT marketplace yet Seaport v1.2 is gonna bang
12
3
94
11,853
More tests starting to come together in the marketplace benchmarks repo; This is the “direct” comparison (i.e. contract-to-contract)
4
14
93
Replying to @w1nt3r_eth
Ez, just start at slot 0 and start iterating ‘til 2^256 - 1
5
92
Realized that I don’t think I’ve ever seen an NFT contract written in anything but Solidity Shill us your favorite Vyper / Huff / raw EVM NFTs
14
2
63
9,863
So thrilled to see this launch — Seaport was designed from the very start with this use-case in mind Looking for more onchain NFTs to add to the collection if anybody has their eye on one of mine and wants to make deals!
Introducing Deals: offer your NFTs for theirs, securely on OpenSea. 👉 opensea.io/deals/create
7
3
63
7,536
Big thanks to my fellow coauthors and contributors in the Seaport Working Group for making this release a reality Excited to see what you all build using Seaport Hooks!
OpenSea and the Seaport Working Group are thrilled to unveil Seaport 1.6 — the latest generation of the most advanced NFT marketplace protocol in the EVM ecosystem. Seaport 1.6 introduces a new capability enabled by the recent Ethereum Dencun upgrade called Seaport hooks 🪝. Similar in spirit to Uniswap v4 hooks, Seaport hooks allow developers to build applications that greatly expand the utility and liquidity of NFTs. Seaport hooks allow developers to create: -NFTs whose traits modify or “upgrade” in response to the price or volume in which they’re purchased -NFTs that can only be bought with certain currencies or other NFTs -Bonding curves for automatically priced NFTs -Price oracles for NFTs -Many, many more applications to be dreamt up yet PS: Seaport 1.6 is up to 5% cheaper in gas than Seaport 1.5 for certain actions, saving you $$$.
12
4
79
11,312
Let's assume that it's somehow possible to bypass `require(msg.sender == address(0))` on mainnet (can of course bypass using eth_call or a cheatcode). Aside from obvious stuff like draining the null address, what else would break horribly? Bonus points for a proof-of-concept tx
18
7
77
Seaport v1.2 has been deployed for two weeks now, giving integrators a chance to play with it In that process, @androolloyd uncovered a notable limitation So, we decided to skip over v1.2 and go straight to a newly-deployed v1.3! 0x0000000000000aD24e80fd803C6ac37206a45f15 ⤵️
3
6
76
14,474
OK, at this point I'm starting to get a bit nervous about this whole thing (appreciate the kind words though, shibboleth friend)
6
77
9,612
Doesn’t get much more “Dark Forest” than using a metamorphic contract to mount a governance takeover of TC
Replying to @samczsun
Next, how did this happen? Well, when the attacker created their malicious proposal, they claimed to have used the same logic as an earlier proposal which had passed. However, that wasn't exactly the truth, because they added an extra function etherscan.io/address/0xC5038…
1
6
73
8,505
Here's a transaction-level reentrancy lock that ensures a given function is only callable once per transaction: in the function, deploy a contract via CREATE2 with init code of `caller selfdestruct`. The contract is only destroyed (and redeployable) at the end of the transaction!
3
1
73
Finally own an NFT from my all-time favorite collection, “Series 4: Glitchbox” by @_deafbeef A monumental work: generative, self-contained, interactive, historic, cohesive aesthetic, plays to the unique strengths of the medium, code <=> art at its finest opensea.io/assets/ETHEREUM/0…
10
1
71
6,155
The ultimate eth-maxi move: shaving off 1 gas and a byte of runtime code from your contracts by using `CHAINID` in place of `PUSH1 0x01`
1
10
72
Imagine just a function that you call with no arguments and that always returns some value that it's never returned before Obviously this could just be a counter, but that costs an SLOAD + SSTORE... can we do better? Anyone have ideas for a cheaper implementation?
16
6
71
Phase one: the architectoooor Phase two: the optimizoooor Phase three: the standardizoooor (Seaport entering phase three very soon!)
3
2
71
5,736
Even after adding all the new features, the candidate implementation of Seaport v1.2 is appreciably more gas efficient than v1.1 (this is looking at the cheapest example in the test suite for each function; the % improvement is even better for the more expensive tests!)
4
1
70
Woah — I deployed the final discreet.eth contract over a *year* ago Lots of friends minted a few, but they were mostly unclaimed That is, until a moment ago; it quickly minted out and briefly entered the top 10 🙃 Wild to see how far fully on-chain metadata has come since then
2
10
63
11,562
Awesome to see @quixotic_io has migrated to Seaport! 🌊🎉 *However,* it appears as though they've committed a faux pas in the process by redeploying Seaport to a new custom address. This is not great as it fragments liquidity unnecessarily; and remember that nobody owns Seaport!
2
2
69
You know what would be *really* interesting? Supply some runtime code for a contract that implements some pure function, along with calldata + resultant returned data Then provide a succinct ZK proof so that the result can be verified without needing to execute the runtime code
9
5
59
Go ahead and post a better sticker representing a protocol. We’ll wait
5
3
68
PUSH20 0xffffffffffffffffffffffffffffffffffffffff should be a dedicated opcode; it's present numerous times in every solidity contract that deals with addresses change my mind (good luck)
8
2
68
What’s this cool green swirly PFP everyone’s rocking? Did I not make the whitelist on the mint or something?
4
1
63
But just imagine how much computational effort has been saved on those eth_calls by packing the string length and data into a single mstore!!
9
4
65
So is block.timestamp % 12 on mainnet a constant now?
9
3
64
Case study in self-cannibalization — All the @paradigm_ctf challenges are *so* good and yet everybody just wants to play 0xMonaco now
1
5
64
Thanks @sinahab for having me on Into the Bytecode — highly recommend giving it a listen if you’re interested in learning more about the technical aspects of Seaport!
Here is my conversation with @z0age We dive into Seaport, the new marketplace protocol developed by @opensea -- talking about how the protocol is architected; how conduits and zones work; we even get into some of the low level gas optimizations in the contracts
2
11
64
And so it begins ⛴
3
1
65
You're likely aware that the Solidity compiler now compiles contracts to Yul, then runs a number of optimizations on that intermediate representation before compiling the Yul to bytecode and doing bytecode-level optimization What you might not realize is that you can read the IR
1
8
64
Huge thank you to everyone who participated in the Seaport @code4rena competition Winner of the highest-signal QA report goes to @eth_call Working through gas optimizations next, nice reports so far including by @BowTiedDravee Open PRs with your findings against 1.2 branch!
8
2
63
7,602
It's been a while since I released a new NFT, and (like many of us) I've been thinking about them lately. Played around with some ideas tonight & deployed discreet.eth — a set of 576 unique abstract shapes kept entirely on-chain. Feel free to mint some if you prefer low-key PFPs
12
8
64
calldatacopy, codecopy, extcodecopy, returndatacopy... why no memcopy?? is it not sort of broken that using the identity precompile is the cheapest option for copying a block of memory to a new location?
5
4
63
Anybody else find themselves applying VRGDA analysis to a bunch of day-to-day decisions all of a sudden? “Coffee consumption’s running past the target 21 ounces per 24 hours, my body’s gonna pay extra for this”
5
5
64
Anyone who successfully deploys Seaport v1.5 to a new EVM chain or testnet & verifies the source gets a follow from me here on Twitter (deployment / instructions referenced here)
Replying to @kp_intern
2/ Contract tooling To deploy Seaport 1.5, I used Foundry's cast tool + the deployment docs from the official OS repo. It's always great getting more familiar with cast (incredibly underrated and handy) and @z0age's IC2F which I'm already a fan of***! github.com/ProjectOpenSea/se…
16
5
60
37,080
WHAT HAVE I DONE (To be fair, I did call out the danger in using a generated private key in that very article)
How it started 👉 How it's going
6
3
63
From there, you'll be able to comb through and locate places where things seem messy or inefficient and make tweaks to your upstream code to address those issues You can also grab whole blocks of Yul code to use as a starting point when rewriting something in assembly
2
1
59
Many thanks to the legend @hrkrshnn for dropping knowledge on how to generate this output as well as for helping @d1ll0nk + I make sense of the optimization sequences Looking forward to learning more as we investigate and improve on the Yul compiler optimization process
3
59
So a bump to Solidity 0.8.13 + turning on the Yul IR compilation pipeline means ~3k less gas and a lot less complexity on a key function for a contract we’re working on — looking for a good reason not to use it other than “it’s brand new” (if anyone has thoughts it’s @Montyly)
2
2
55
Then: Who is Satoshi Nakamoto? Now: Who is The_Duck?? All signs indicating that they are in fact the same entity
4
3
59
Public goods / protocols with no fees: 😍 Public goods / protocols with reasonable fees that help sustain the public good: 🫡 Public goods / protocols that pay out incentives to draw in + capture users that will eventually pay exorbitant fees to compensate early backers: 🚩🚩🚩
3
2
59
The Seaport @code4rena competition has wrapped! No high-severity & just 1 medium-severity finding 🧃 That it was only found by one talented warden, 0xSomeone, and missed by the rest of us really speaks to the impact an individual can make in the health & safety of our ecosystem
It’s official… one Warden took out the entire H+M prize pool for @opensea’s latest C4 audit! Huge congrats to 0xSomeone (Alex from Omniscia) who takes home $71.5k for their unique finding 🤩(1/3)
4
1
57
7,715
No oracles or fixed collateralization ratios is cool Next, let’s do one with no protocol fees or governance and cheaper execution Exciting to watch all the talented teams currently working on lending protocols that are decentralized from the ground up and built as Seaport apps
Introducing Blend! @blur_io wanted a lending protocol with: * Arbitrary collateral, including NFTs * No oracles * No expiries * Market-set interest rates So @transmissions11 and I worked with them to design a new mechanism Here’s how it works 🧵
4
2
56
14,314
Happy merge day! 🎉 Or sad merge day and we’ll all be looking for a new line of work? 🤷
6
3
56
Am I doing this three-character #ENS thing right?
6
2
57
Hope you all had a great block 17777777
4
55
5,411
People tend to focus on gas savings (particularly for minimal proxy implementations & similar) or the “flex” of contracts with lots of leading zeroes There’s another benefit that people tend to miss: It‘s *much* harder to generate similar addresses that can be used for phishing
5
1
58
7,532
Progress report for Seaport integrators! Two brand new helper contracts are now deployed to 17 chains & testnets with more to follow SeaportValidator: 0x00e5F120f500006757E984F1DED400fc00370000 SeaportNavigator: 0x0000f00000627D293Ab4Dfb40082001724dB006F A quick summary: ⤵️
3
4
54
8,636
There's a wildly popular cross-chain protocol just waiting to be built for offering this as a service (1 ETH in, .01 ETH equivalent value bridged to 100 different EVM chains at once) Would also just be a massive flex should someone be able to execute on a service like this
5
6
54