今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#web3

找到 46 篇相关文章

AI 资讯

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security

Complete AI Agent Lockdown: 21 Policy Types for Maximum Security Giving an AI agent a wallet without guardrails is like giving a toddler a credit card — technically functional, potentially catastrophic. If you're building AI agents that interact with crypto wallets, the security model you choose isn't an afterthought. It's the difference between a useful autonomous system and one that drains your funds on a bad inference. This post is about exactly how WAIaaS handles that problem. Not vague promises about "enterprise-grade security" — specific mechanisms, specific policy types, and specific code you can run today. The Actual Risk Model Let's be honest about what can go wrong when you give an AI agent wallet access: The agent misinterprets a prompt and sends funds to the wrong address A compromised session token gets used by an attacker The agent executes a DeFi action with parameters outside your intended range Gas fees spike and the agent submits transactions at costs you'd never accept manually The agent approves an unlimited token allowance to a contract you didn't vet None of these require a malicious agent. They can all happen with a well-intentioned model operating outside the boundaries you forgot to define. The solution isn't to avoid giving agents wallet access — it's to define exactly what they're allowed to do, and nothing more. WAIaaS approaches this with three distinct security layers, a default-deny policy engine with 21 policy types across 4 security tiers, and multiple channels for human approval when transactions exceed your defined thresholds. Layer 1: Authentication — Three Separate Keys for Three Separate Roles The first layer is role separation. WAIaaS uses three authentication methods that map to three distinct principals: masterAuth (Argon2id) — The system administrator role. Creates wallets, manages sessions, configures policies. This credential never touches the agent. sessionAuth (JWT HS256) — The AI agent's credential. Scoped to a specific

2026-07-13 原文 →
AI 资讯

I built my first Robinhood Chain app as an index basket

I built a small index basket app on Robinhood Chain because I wanted to understand the developer path from the first contract deploy all the way to a working frontend. The app is intentionally plain: a user deposits Stock Tokens, which are blockchain tokens that represent real equity exposure, and receives an ERC-20 basket share. ERC-20 is Ethereum's standard token interface, so a compatible token exposes familiar methods like balanceOf , transfer , and approve . The basket share is priced from live price feeds, and the user can redeem it back into the underlying Stock Tokens. That's the part that made this interesting to me. The chain is custom, but the app path is not. I still wrote Solidity, deployed with Foundry, read contract state with viem, and wrote transactions from React with wagmi. If you've built normal web apps, think of the chain's RPC endpoint as the API base URL. A wallet is login plus a signing key. A smart contract is backend code you deploy to the chain, except you should treat it like immutable infrastructure because you don't get to hot-patch it casually later. The demo and source are here: App: https://robinhood-chain-dapp.vercel.app/ Code: https://github.com/hummusonrails/robinhood-chain-dapp-example The custom chain still feels like the EVM Robinhood Chain is a custom Arbitrum Chain, which means it runs as a dedicated chain on the stack of Arbitrum, an Ethereum scaling system. It is also EVM-compatible. EVM means Ethereum Virtual Machine, the runtime that executes Solidity contracts, so the tooling surface looks like the Ethereum developer flow many tutorials already teach. An L2, or rollup, is a chain that executes transactions separately and then posts compressed proof or transaction data back to Ethereum. Robinhood Chain uses Ethereum blobs for data availability, which is a cheaper Ethereum data lane for rollups to publish the data needed to reconstruct chain state. Gas, the metered compute fee you pay to run transactions, is paid in ETH.

2026-07-12 原文 →
AI 资讯

Learning Xahau: HookOnV2, NamedHooks, and Transaction Simulation. More Control Over When and How Hooks Fire.

Welcome to Learning Xahau, a series of articles dedicated to helping developers, builders, and blockchain enthusiasts better understand the Xahau ecosystem. Whether you're just getting started or already building advanced applications, these posts will explore Xahau's features, architecture, and best practices through practical examples and real-world use cases. If you've been building with Hooks on Xahau, you know the basic loop: write a C program, compile it to WebAssembly, install it on an account, and it fires automatically when that account is involved in a transaction. Simple and powerful, but until the 2026.6.21 major release, there were some friction points that made real-world hook architectures more complicated than they needed to be. This release ships three improvements that directly address those friction points: HookOnV2 : split the single HookOn bitmask into separate HookOnIncoming and HookOnOutgoing controls NamedHooks : assign a human-readable name to each hook slot, so senders can choose which hook to activate Simulate RPC : preview a transaction including all hook executions without spending fees or changing ledger state None of these require rewriting your hook logic. They are configuration and tooling improvements at the SetHook and transaction level. But they fundamentally change what you can build cleanly. All code in this article targets the Xahau Testnet ( wss://xahau-test.net ) and requires xahau.js 4.1.1 or later. Clone the companion repository: git clone https://github.com/Ekiserrepe/learningxahau20260621.git cd learningxahau20260621 npm install Copy .env.example to .env and fill in the seeds used across these examples: cp .env.example .env HUB_SEED = # account that installs the directional hook (07, 08, 09) NAMED_HUB_SEED= # account that installs and owns the named hooks (10, 11, 13, 14) SENDER_SEED = # account that sends payments targeting a named hook (12, 14) All accounts need testnet funds from the Xahau Testnet Faucet . HookOnV2: Di

2026-07-11 原文 →
AI 资讯

From Passwords to Private Keys: Understanding Identity on Solana

When I first started learning Solana, one of the biggest questions I had was: "If there are no usernames or passwords, how does the blockchain know who I am?" As a Web2 developer, I was used to creating accounts with an email address, choosing a password, and relying on a company to manage my identity. After spending several days learning Solana, I realized blockchain approaches identity in a completely different way. Identity in Web2 Think about all the accounts you have today. GitHub Gmail Facebook LinkedIn Your bank Every service asks you to create another account. Each company stores your username and password in its own database. Your identity exists because they say it exists. If they suspend your account or delete it, your access disappears. In other words, your identity is owned by the platform. Identity on Solana On Solana there are no usernames. There are no passwords. There isn't even an account registration page. Instead, your identity begins with one thing: A cryptographic keypair. A keypair consists of: A Public Key A Private Key When I generated my first wallet using the Solana CLI, I immediately had a new blockchain identity. For example: Public Key: AxfVXDX7jsCw7vSnwut9hA7oX4UykE3ZeiNF6cxCKvpf This public key becomes my wallet address. Anyone can send tokens to it. Anyone can view its transactions. But nobody can spend funds from it. Why? Because only I possess the private key. Think of SSH Keys The easiest comparison for Web2 developers is SSH. When connecting to a Linux server: the server knows your public key you prove ownership using your private key Solana works almost exactly the same way. Except instead of logging into one server... you're interacting with an entire blockchain. Every transaction I make is digitally signed using my private key. Validators verify the signature before accepting the transaction. No password is ever transmitted. No administrator approves my login. The mathematics prove my identity. Why Wallets Matter One thing I f

2026-07-11 原文 →
AI 资讯

From Devnet to Mainnet: What Changes When Your Solana Program Goes Live

There's a moment in every Solana project where the work stops being about whether the program works and starts being about whether it's ready . You've tested it, the logic holds, the constraints are tight. Then you point it at mainnet, and a different set of questions shows up: questions about money, permanence, and strangers. This post is about that transition. Not the commands, which are short and well documented, but the shift in what you're responsible for once real users can touch your code. If you've been building on devnet and you're starting to think about a live launch, this is the mental model to carry in. Devnet was a sandbox. Mainnet is not. Devnet is a practice field. The SOL is free, you airdrop more whenever you run low, and if you deploy something broken, the only casualty is your afternoon. That safety is the whole point of devnet: it lets you fail cheaply and often, which is exactly how you should be learning. Mainnet removes the safety net, and three things change the moment you cross over. The SOL is real. Deploying a program allocates an on-chain account sized to your compiled binary, and you pay rent for that space in actual SOL. Larger programs cost more. This isn't a huge sum for a typical program, but it's real money leaving a real wallet, and that alone tends to sharpen how carefully you check things before you hit deploy. The audience is real. On devnet the only person calling your program is you. On mainnet, anyone can find your program and send it any transaction they like, the moment it's live. Everything from the security arc stops being theoretical: the accounts strangers pass in, the inputs you didn't expect, the edge cases you hoped no one would hit. Mainnet is where "every account is attacker-controlled until proven otherwise" becomes a live condition rather than a lesson. The mistakes are visible. A bad devnet deploy disappears into the noise. A bad mainnet deploy is a public event, on a permanent ledger, in front of the users you

2026-07-11 原文 →
AI 资讯

The Tether Paradox: Shitty ERC-20s, OpenZeppelin, and the Unstoppable Web

I have a confession to make. When I first saw that Tether—the behemoth behind the $110 billion USDT stablecoin—was the primary financial backer of Holepunch, Keet, and the Bare JavaScript runtime, my brain short-circuited. I struggled with the cognitive dissonance. Why? Because if you have ever written a smart contract that interacts with USDT on Ethereum Mainnet, you know it is an absolute nightmare. Before we can talk about Tether’s brilliant vision for a decentralized, serverless future, we have to talk about the trauma they inflicted on a generation of Solidity developers. 1. The Original Sin: USDT is not actually an ERC-20 When you are deep in protocol-level engineering, you rely on standards. EIP-20 explicitly states that a token's transfer and transferFrom functions must return a boolean value to indicate success or failure. // The standard EIP-20 Interface interface IERC20 { function transfer(address to, uint256 amount) external returns (bool); } Tether completely ignored this. When they deployed the USDT contract, they omitted the return value entirely. Their functions return void. // The actual USDT Mainnet Implementation (simplified) function transfer ( address to , uint value ) public { // ... logic ... // Notice: No return statement. } If you blindly write a vault or a swap contract using the standard IERC20 interface to move USDT, your transaction will seamlessly execute the logic, move the funds, and then violently revert at the very last microsecond. Why? Because modern Solidity uses a strict ABI decoder. When your contract calls USDT.transfer(), the EVM executes a low-level CALL. When the call finishes, Solidity checks the RETURNDATASIZE. Since it expects a bool (32 bytes), but USDT returns absolutely nothing (0 bytes), the decoder panics and reverts the entire transaction. For years, the only way to build DeFi safely with USDT has been to wrap it in OpenZeppelin's SafeERC20 library, which uses low-level assembly to explicitly check the return data

2026-07-11 原文 →
AI 资讯

Trust me, I'm an autonomous agent

Autonomous agents are starting to trade real money on-chain. Some run their creator's capital, some run other people's, some are wired into vaults and DAO treasuries. The moment money is delegated to a program, two questions matter more than performance: what was it allowed to do, and did it stay inside those limits? Supported chains: Base · Ethereum · Arbitrum · Optimism · Polygon · Hyperliquid · Solana (beta). The chain answers the first question badly and the second not at all. Every trade an on-chain agent makes is public and tamper-evident — you can see exactly what it did. But nowhere on-chain is it recorded what it was authorised to do . The mandate — the rules the agent was supposed to operate under — lives off-chain, unverifiable, usually as a screenshot or a claim. Why this is not a niche problem Copy trading is the same gap at retail scale, and the data is unforgiving. In a 90-day study of 100,236 copy-trading outcomes, 97% of lead traders were profitable on their own PnL — but only 43.6% produced positive PnL for the people copying them. Fewer than half of copiers (48.5%) finished in profit at all. Leaderboards, as that study puts it plainly, show the survivors, not the full picture. The honest response the industry already reaches for is third-party verification: in forex, platforms like Myfxbook exist precisely because a self-reported track record is worth nothing — the data has to come from somewhere the trader can't fake. Crypto has no equivalent that is both agent-native and tamper-evident. That is the hole. Who actually needs this Three groups, concretely: Anyone allocating capital to an agent — a vault depositor, a copy-follower, an allocator sizing a position. They want to see, before they commit, whether an agent keeps to its stated mandate, instead of trusting a screenshot. Anyone running an agent who needs to raise capital or followers — an honest operator has no way today to prove their agent did what it said. A verifiable record is how they

2026-07-09 原文 →
AI 资讯

The Complete Redbelly EligibilitySDK Integration Guide: Widget to Backend to On-Chain

The Redbelly Network EligibilitySDK is the compliance backbone for any dApp that needs to verify user eligibility (KYC, KYB, investor accreditation) before letting a wallet in. The official documentation covers each piece well on its own reference page, but there is no single walkthrough connecting the frontend widget to the backend verifier to the on-chain permission check to a production deployment. This guide is that walkthrough. Everything here was verified against the live documentation at https://docs.redbelly.network/ in July 2026: contract addresses, route names, config fields, issuer DIDs and every error string in the reference section. Every code example was then compiled against the published SDK package (v0.0.31) on React 19 with Vite and on Next.js 16 with the App Router, and the backend verifier was booted and exercised for real. Where the docs and reality diverge (a quickstart repo that is not publicly visible, a credential faucet still under development, three undocumented behaviours the builds surfaced), the guide says so and gives you the workaround. What you will build, in order: A mental model of the two verification mechanisms (and why conflating them costs you a day) A working backend verifier with the three routes the widget demands A plain React integration with full loading and error states A production-grade Next.js App Router setup: secure proxy, SIWE sessions, request gating, and both static and dynamic rendering approaches An end-to-end test run on Redbelly Testnet The decision logic for choosing between the three SDK flows, and the pattern for combining them A complete error reference: every documented error, its cause, and its fix A developer following this guide should have the widget running inside an existing dApp within about four hours. 1. Overview and Architecture What the EligibilitySDK actually is The Redbelly "Onboarding and Eligibility Kit" ( @redbellynetwork/eligibility-sdk ) is a set of React components and hooks for provin

2026-07-09 原文 →
AI 资讯

I Retired My "85% Knowledge Panel Probability" Claim. Then Google Built the Entity Anyway.

Nine months ago I wrote a post on here claiming my ENS identity architecture had reached "85% Knowledge Panel trigger probability." Two things happened since. Google's Knowledge Graph actually minted an entity node for me. And I learned that the 85% number was fiction — mine. This is the honest retrospective. The timeline, with receipts Date What happened Aug 2025 ookyet.com first indexed Oct 2025 Entity markup shipped: Person @graph , Dentity verification, ENS identifiers. The "85%" post Jun 2026 Search Console turned red: Q&A errors, Profile page: Invalid object type . Cleanup Jun 28, 2026 Fixed markup deployed. Then: hands off Jul 2, 2026 Knowledge Graph Search API returns a machine-minted Person node for ookyet Jul 7, 2026 Search Console fully green: ProfilePage valid, indexed pages up, zero 404s Still no Knowledge Panel. Keep reading — that part matters. What Google actually built You can reproduce this: curl "https://kgsearch.googleapis.com/v1/entities:search?query=ookyet&limit=10&key=YOUR_API_KEY" { "result" : { "@id" : "kg:/g/11z806my44" , "name" : "Qifeng Huang" , "@type" : [ "Person" ] } } Three details in that tiny response taught me more than anything I shipped in 2025. The /g/ MID is machine-minted. You can't register one, buy one, or submit one. Google's entity reconciliation creates it when enough independent sources agree that a person exists. This is the mechanical prerequisite for a Knowledge Panel — the entity has to exist in the graph before anything can be displayed about it. The node's name is my real name, not my handle. My site declares name: "ookyet" . The node says "Qifeng Huang" — pulled from the high-authority anchors (LinkedIn, ORCID), not from my self-declaration. Third-party corroboration outweighs anything you say about yourself. Expected, and honestly a relief: the graph is working as designed. The Knowledge Graph holds 8 distinct people named Qifeng Huang. Query any of them by real name and you get a crowded namespace. Query ookyet

2026-07-08 原文 →
AI 资讯

One-Command Deployment: Self-Host Your AI Wallet with GHCR

One-Command Deployment: Self-Host Your AI Wallet with Docker and GHCR Would you trust a third party with your AI agent's private keys? If that question makes you uncomfortable, you're already thinking about self-hosting your wallet infrastructure — and WAIaaS makes it genuinely practical with a single Docker command. This post walks through how to get a fully self-hosted Wallet-as-a-Service running on your own server, with your own keys, under your own rules. Why Self-Hosting Your AI Wallet Actually Matters The rise of autonomous AI agents changes the stakes around custody. When a human manages a wallet, they can pause, verify, and think before signing. An AI agent operates continuously, potentially making hundreds of transactions — so the infrastructure holding those keys becomes critically important. Hosted wallet services make a trade-off: you get convenience in exchange for trusting someone else's server, someone else's rate limits, and someone else's uptime SLA. For many teams building experimental agents, that's fine. But for anyone running production workloads, handling real funds, or operating in environments with strict data residency requirements, the calculus shifts. Self-hosting gives you: Full key custody — private keys never leave your infrastructure No rate limits imposed by a third party — your server, your throughput Auditability — WAIaaS is open-source, so you can read every line of code handling your keys Network control — bind to localhost, put it behind a VPN, restrict egress however you want WAIaaS is built specifically for this use case: a self-hosted, open-source Wallet-as-a-Service designed for AI agents, deployable in one command. The One-Command Start The Docker image is published to GitHub Container Registry (GHCR) at ghcr.io/minhoyoo-iotrust/waiaas:latest . The fastest path to a running instance is: git clone https://github.com/minhoyoo-iotrust/WAIaaS.git cd WAIaaS docker compose up -d That's it. The daemon starts on port 3100 , bound to

2026-07-07 原文 →
AI 资讯

Chainlink Functions Is Serverless Compute With Oracle Guarantees. Here's the Full Request Lifecycle.

The mental model most people have is too simple "Chainlink Functions lets smart contracts call APIs." That's true the same way "Ethereum lets people send money" is true. Technically accurate, misses almost everything that makes the product interesting and almost everything that matters for security. Chainlink Functions is better understood as a decentralized serverless compute platform: arbitrary JavaScript runs across every node in a DON, each node executes independently, OCR aggregates the results, and the aggregated output gets delivered back to the consumer contract through a verified callback. The "API call" is just one of the things that JavaScript can do inside that environment. The DON consensus and the threshold-encrypted secrets model are what make it meaningfully different from a centralized API proxy. This is day 9 of the 28-day Chainlink architecture series. Today covers the full request lifecycle, every contract in the chain, how threshold encryption protects secrets without exposing them to any individual node, and the integration mistakes that come from misunderstanding how billing and callbacks actually work. The four contracts you need to understand Before tracing the full lifecycle, it helps to know exactly which contract does what. FunctionsRouter : the stable, immutable entry point for consumers. Manages subscriptions and authorized consumer contracts. Its interface doesn't change when the underlying implementation upgrades, consumer contracts call sendRequest here and only here. Also handles billing: estimates fulfillment cost at request time and finalizes it at response time. FunctionsCoordinator : the interface between the Router and the DON. Emits the OracleRequest event that DON nodes watch for. Handles fee distribution to transmitters via a fee pool. Inherits from OCR2Base , meaning the full OCR consensus machinery runs here. This contract can be upgraded independently of the Router, which is why the Router exists as a stable facade in fro

2026-07-06 原文 →
AI 资讯

The Subtraction Principle Part 2 — Why the Best Meditation Tools Do Less

In Part 1 , we introduced the idea that meaningful product design isn't about adding more — it's about knowing what to remove. Now let's examine this principle through a specific lens: meditation and mindfulness products. The Paradox of "More Mindfulness" Walk through any app store's health & wellness category and you'll find a strange contradiction: apps that promise to reduce your mental clutter by adding more things to your daily routine. Daily meditation streaks Guided breathing exercises (14 varieties) Sleep stories narrated by celebrities Mood tracking with 47 emotion labels Community challenges, leaderboards, badges AI-generated personalized recommendations The message is clear: "To feel less overwhelmed, here are 12 more things to do every day." This isn't just ironic — it's counterproductive. The cognitive load of managing a wellness routine can itself become a source of stress. The Feature Ceiling I've been studying meditation products for the past few months, and a pattern emerges across the market: Product Core Feature Total Features After 2 Years Calm Guided meditation ~40+ (stories, music, masterclasses) Headspace Guided meditation ~35+ (focus music, move, sleep casts) Balance Personalized meditation ~15 (singles, plans, skills) The most interesting case is Balance, which has fewer features but higher per-session engagement. Users spend more time meditating, not more time navigating. This isn't accidental. There's a cognitive principle at work: decision fatigue applies to self-care too. Every additional feature is another decision the user has to make before they can simply be still . What OneZen Gets Right OneZen takes the subtraction principle to its logical endpoint. Instead of asking "What can we add?" the product asks "What can we remove while still delivering value?" The result is a meditation tool that doesn't feel like a tool at all. It feels like breathing room. Three design choices worth studying: 1. No onboarding questionnaire. Most apps ask

2026-07-06 原文 →
AI 资讯

"I built an AI agent that pays its own bills — and you can fork it for $0"

Three months ago, the idea of an AI agent earning money autonomously was a thought experiment. Today, it's a $0-budget repo on GitHub. AIA — Autonomous Insight Agent is what I shipped this week. It's an LLM agent that: Collects signal from 6 free public APIs every 6 hours (Hacker News, GitHub trending, V2EX, dev.to, Lobsters, HN Algolia) Curates 100+ raw items down to 40 ranked, topic-tagged, de-duped entries using deterministic scoring (recency × source weight × topic boost × negative penalty) Publishes a free public dashboard at https://razel369.github.io/aia/ Exposes a paid x402 API at https://aia-x402.rmalka06.workers.dev — USDC on Base, no KYC, no API key, the HTTP 402 status code IS the payment request Auto-bids on agent marketplace jobs (MoltJobs) where AIA fits — research, data, competitive intel Fulfills accepted jobs autonomously — generates a research report from the latest feed, submits via the same API Why x402 matters The x402 protocol (Coinbase, https://x402.org ) revives the long-reserved HTTP 402 Payment Required status code as a real machine-to-machine payment primitive. The flow: Agent → GET /v1/signals → 402 + PAYMENT-REQUIRED header → Agent signs a USDC payment to my wallet → Agent retries with PAYMENT-SIGNATURE header → 200 OK + PAYMENT-RESPONSE header + signal JSON No Stripe, no accounts, no monthly subscriptions. Pay $0.01 USDC per call, instantly settled on Base. The agent consumer never has to ask a human to buy credits. Why this is novel Most "data feeds" today are static dumps or human-curated. AIA is the first agent-curated, agent-paid-for, agent-consumed stream. The LLM layer IS the moat — anyone can scrape HN, but de-noising, de-duping, and topic-classifying 100+ items into 40 ranked signals in 17 seconds is the actual product. The killer line in my dev plan: every job AIA accepts on MoltJobs can be fulfilled by calling its own paid endpoint. The agent pays for its own LLM compute via marketplace earnings — a positive feedback loop tha

2026-07-03 原文 →
AI 资讯

Architecting Non-Custodial Batch Transactions for Cross-Chain Wallet Consolidation

Maintaining a robust testing pipeline or managing automated node infrastructure often requires orchestrating dozens of isolated EVM wallets. Over time, these automated Python or JavaScript configurations inevitably hit a common wall: the accumulation of fragmented token dust across multiple layers (Ethereum, Arbitrum, Base, BSC, etc.). Trying to clear these micro-balances manually or writing one-off scripts to sweep individual assets scale operational costs rapidly. Each network requires separate RPC updates, custom middleware logic, and redundant gas overhead, turning standard infrastructure hygiene into an engineering bottleneck. The Problem with Traditional Asset Sweeping When handling larger developer setups or wallet clusters, custom scripts face three major friction points: Redundant Network Fees: Batching transfers without native contract-level optimization burns excessive gas when scaling to 50+ addresses. RPC Disruption: Constantly querying and broadcasting batch transfers via public or even shared private endpoints can trigger rate limits. Data Contamination: Manually routing funds from dense testing nodes increases the risk of cluster cross-contamination. To resolve this friction within our decentralized dev pipelines, we deployed a streamlined utility layer: CryptonEquity Terminal ( https://cryptonequity.com ). Building a Unified Utility Layer for Multi-Chain Workflows The terminal introduces a non-custodial Cross-Chain Dust Sweeper designed to eliminate fragmented operational friction. Instead of manually deploying individual sweeping scripts per account, the infrastructure automates multi-chain scanning and groups asset consolidation into a single transaction link. Simultaneous Layer Aggregation: Automatically detects micro-balances across dominant EVM networks at once. Gas Mitigation: Designed to structure transfer paths to limit redundant network fee overhead. Zero Onboarding Friction: Operating strictly on a non-custodial architecture, it requires n

2026-07-03 原文 →
AI 资讯

I Replaced 12 Chrome Extensions With AI. Here's What Actually Worked.

If you're anything like me, your Chrome toolbar probably looks like a collection of tiny puzzle pieces. Grammar checker. Screenshot tool. Summarizer. Writing assistant. Code explainer. Translator. Email helper. At one point I had more than a dozen extensions installed. Chrome became slower, pages loaded later, and every extension wanted permission to "read and change all your data." Then I started experimenting with AI tools instead. Not everything was better—but some things surprised me. Here's what I learned after replacing most of my browser extensions with AI. 1. Grammar Checkers I used to rely on grammar extensions that constantly underlined my writing. Now I simply paste my draft into an AI assistant and ask: Improve grammar while keeping my writing style. The biggest advantage isn't fixing mistakes—it's preserving tone. Traditional grammar tools often make everything sound the same. AI can make your writing cleaner without removing your personality. 2. Article Summarizers This was probably the easiest replacement. Instead of installing a summarizer extension, I paste the article and ask: Summarize in 5 bullet points Give me the key takeaways Explain it like I'm a beginner What important details are missing? The last prompt is especially useful because summaries sometimes leave out important context. 3. Code Explanation This has become one of my favorite AI use cases. Instead of searching Stack Overflow for every unfamiliar function, I simply paste the code and ask: Explain this line by line Why was this approach chosen? Is there a better alternative? What's the time complexity? The answers aren't always perfect, but they're often enough to understand what's happening before diving into documentation. 4. Writing Commit Messages This is something I didn't expect AI to help with. Instead of writing: fixed stuff I can paste my git diff and ask for a concise commit message. Example: feat: add JWT authentication middleware fix: resolve login redirect loop refactor:

2026-07-02 原文 →
AI 资讯

Ethlabs Launch, the EF Restructures, Starknet Brings Private USDC, Crypto Neobanks Go Mainstream

Welcome to our weekly digest, where we unpack the latest in account and chain abstraction and the broader infrastructure shaping Ethereum. This week: Ethlabs launches as an independent EF-origin R&D lab backed by Bitmine, Sharplink, and Joe Lubin; the Ethereum Foundation reorganizes into five focused clusters and parts ways with a fifth of its staff; Starknet brings confidential USDC payments to DeFi through its STRK20 framework; and a new industry report charts how crypto-native neobanks went mainstream and why account abstraction matters more because of it. Ethlabs Launches as an Independent R&D Lab The Ethereum Foundation Restructures Into Five Clusters Starknet Brings Private USDC to DeFi Crypto Neobanks Cross From Experiment to Infrastructure Please fasten your belts! Ethlabs Launches as an Independent R&D Lab A coordinated group of Ethereum contributors has launched Ethlabs , an independent nonprofit research and development lab built to ready the network for its next wave of institutional and agentic adoption. The funding effort is led by Bitmine, Sharplink, and Ethereum co-founder Joe Lubin, with support from Anchorage, Octant, and SNZ. Ethlabs is cofounded by five former senior Ethereum Foundation researchers — Ansgar Dietrichs, Barnabé Monnot, Caspar Schwarz-Schilling, Josh Rudolf, and Julian Ma — who between them shaped finality, scaling, data availability, and protocol economics over the past decade. Dietrichs serves as Executive Director. The lab’s early work centers on what institutions need to move onchain at scale: faster settlement, native issuance, cross-chain movement, and more mainnet capacity, alongside research into ETH’s monetary properties. The team frames the moment as Ethereum’s shift from infrastructure buildout to an age of adoption, where the architecture that settles global activity is being decided now rather than in ten years. To preserve neutrality, funding flows through an independent grants administrator that handles screening and

2026-07-02 原文 →
AI 资讯

Why block.timestamp Is an NFT Mint Exploit Waiting to Happen (And What VRF Actually Does Instead)

The $765K NFT exploit nobody using block.timestamp thinks about In May 2021, an attacker exploited the Meebits NFT mint, one of Larva Labs' projects, by taking advantage of its predictable randomness mechanism. Meebits used on-chain inputs including block timestamp, nonce, and difficulty to generate the token ID for each newly minted NFT. Different token IDs had different rarities, and rarer IDs were worth significantly more on the secondary market. The attacker figured out the generation formula, simulated the outcome before committing, and repeatedly rerolled mints within the same transaction until hitting a rare NFT. They walked away with a Meebit later sold for roughly 200 ETH, worth approximately $765K at the time. The contract did exactly what it was programmed to do. The problem was the inputs it trusted as "random" were never actually random at all. This is day 7 of the 28-day Chainlink architecture series. Today covers Chainlink VRF: why on-chain randomness is a fundamentally hard problem, how VRF solves it cryptographically, and a detail most explainers skip entirely: why even a fully compromised node operator can't bias a VRF output. Why blockchains can't generate real randomness natively Smart contracts are deterministic. Every node in the network runs the same code on the same inputs and must arrive at the same result, every single time, or consensus breaks. That determinism is what makes blockchains trustworthy. It also makes native randomness structurally impossible. Any value a smart contract can read mid-execution: block.timestamp , blockhash , block.difficulty , block.prevrandao is visible to validators and miners before the block is finalized. That visibility creates a manipulation window block.timestamp : validators can manipulate this within roughly a 15-second window on Ethereum. Small enough that nobody notices, large enough to flip a coin-flip lottery in your favor repeatedly. blockhash : if a validator is about to mine a block where the hash

2026-07-02 原文 →
AI 资讯

Shielded Token Contracts on Midnight: Real Errors, Real Fixes

Written from months of grinding on shielded liquidity DeFi protocols on Midnight. If you've been trying to build anything serious with shielded fungible tokens on Midnight lending protocols, liquidity pools, DEXes you've probably hit some walls that the documentation doesn't fully prepare you for. The Midnight programming model around shielded tokens is genuinely different from anything in the EVM world, and a lot of the intuitions you carry from Solidity or even other ZK environments will get you into trouble fast. This post is a breakdown of the most impactful errors and misconceptions I ran into while building shielded liquidity DeFi contracts using Midnight's Compact language. These are not theoretical every single one of these either broke a circuit or caused a proof server failure at some point. I'll walk through what the issue is, why it happens, and what the correct pattern looks like. Background: How Shielded Tokens Actually Work Under the Hood Before we get into the errors, let's get clear on the underlying mechanics because this context is what makes the errors make sense. Midnight uses a protocol called Zswap for shielded token operations. When a user sends tokens to your contract by calling receiveShielded , what actually happens is more involved than it looks on the surface. When your circuit calls receiveShielded(coin) , the Compact runtime records a shielded receive obligation in the transaction being constructed. At this point, the proof server kicks in to generate the ZK proof for your circuit. But here's the thing your circuit only describes what the contract side is doing. The transaction still needs to be balanced : the tokens being received by the contract have to come from somewhere. This is where the wallet gets involved through an internal mechanism that runs beneath your circuit. The wallet looks at the ShieldedCoinInfo you're receiving the coin's color (token type) and value and finds a matching UTXO in the user's private coin set. It then

2026-07-01 原文 →
AI 资讯

I open-sourced A full-stack, peer-to-peer coinflip betting game on Solana

A full-stack, peer-to-peer coinflip betting game on Solana A full-stack, peer-to-peer coinflip betting game on Solana. Players connect a wallet, create or join on-chain game rooms, and compete head-to-head for 2× the stake. The UI updates in real time over WebSockets, outcomes are resolved on-chain with Orao VRF, and the backend tracks rooms, chat, and match history in MongoDB. I open-sourced coinflip-casino for developers in Solana / Anchor smart contract development . This post walks through what it does, how the pieces fit together, and how to run it locally. Live demo / site: https://www.flip.is/ Why I built this Learn full-stack Web3 game architecture (wallet + program + backend + UI) Study provably fair randomness with on-chain VRF integration Fork and customize a peer-to-peer on-chain betting room model Most tutorials stop at a smart contract or a UI mockup. I wanted a complete vertical slice — wallet flow, on-chain logic, backend state, and a responsive frontend — so you can study or fork a production-shaped codebase. What it does Create a room — Pick Head or Tail, set bet amount, choose SOL or SPL token. Join a room — Browse open games in the live lobby and match against another player. PvP coinflip — When two players are in the same room, the backend triggers on-chain resolution. 2× payout — The winner receives double the bet (fees apply on-chain). Room expiration — Open rooms older than 5 minutes with no opponent are expired and refunded automatically. Portfolio stats — Win count and total games per wallet. Wallet connect — players sign in with a Solana wallet Peer-to-peer rooms — create or join head-to-head matches Architecture at a glance Wallet layer — users connect a Web3 wallet to sign transactions On-chain program — Anchor/Rust logic for escrow, rooms, and settlement Randomness — verifiable flip outcomes via Orao VRF on Solana Real-time layer — WebSocket events push room and flip state to the UI Persistence — MongoDB stores rooms, chat, and historic

2026-06-27 原文 →