Found a mainnet re-entrancy flaw and I exploited it.

Been sitting on this secret like a hen on her egg; it's time for the reveal!

Watch the exploit in action, bending the chain to its will.
Time for you to conquer this technique too! 🔧🧠

A quick shout-out to the Peanut team (@0xkkonrad and @uwwgo). Had a decent chat about the ramifications of the issue and future safeguards. They were cooperative and responsive. 👏👍

Many links in this thread will take you away from the thread itself.

🙏 Make sure to like this (and retweet) if you find it useful to help others like you learn these techniques.

🕵️‍♂️ Fancy testing your hacking skills?

Dive in, roll up your sleeves, and try to spot the problem in this contract:
https://etherscan.io/address/0xdb60c736a30c41d9df0081057eae73c3eb119895#code

Otherwise, follow along!

I will explain what the problem is and how to exploit it.

First I have to explain what the system does.

It allows one person to deposit some tokens in the contract and another to withdraw them.

Pretty straightforward. There are other details about how the system works, but this is only what we are interested in right now.

The problem lies in the `withdrawDeposit` method.

I also fed the method to GPT4, and it missed the problem. 😂

When we look at the code, we see the deposit is NOT deleted before transferring the tokens.

It's literally the last thing done before returning `true`.

So how do we exploit this?

Let's have a look at the supported asset types.

1️⃣ Ether

Sending ether does not forward all of the gas because `.transfer` is used. Thus, only 2300 gas is forwarded to the call.

This isn't enough to re-enter the contract.

2️⃣ ERC20

The system supports ERC20 tokens, but they don't allow for re-entrancy.

A challenger appears!

You thought your system was safe?

Well, here to create more problems is ERC-777. It's like an ERC-20, but it allows you to re-enter on transfers.

This works by creating hooks on transfer methods. Literally allowing you to add code while a transfer is on.

Now the exploitation part.

You can find the whole exploit here and you can play with it.

https://github.com/cleanunicorn/nutcracker/blob/master/test/Nutcracker.t.sol

I will explain the interesting part, the re-entrancy.

For re-entrancy to work, you always need another contract.

In our case the contract is named `ExploiterERC777` and it's initialized with PeanutV3's address.

The very next thing this contract does is put itself on the line to kick into action when a transfer event occurs.

Let's see what happens when a transfer occurs, and our method is executed.

It counts up the re-entrancy times and calls back into `withdrawDeposit` to receive more tokens once again.


Make sure to check out the repository and run the exploit yourself.

It forks the chain, deploys the exploiter contract, deposits tokens and runs the exploit.

It will help you understand how to exploit a similar system yourself or even find some vulnerabilities in the future.


You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/uFOx8JV

Mainnet Re-Entrancy Flaw Exploited

🚨 People continue to invent new ways to create security issues.

I found out about ClonesWithImmutableArgs, and I found a structural problem in this pattern.

It doesn't mean all contracts will be exploitable, but we must know when they are vulnerable.

https://twitter.com/boredGenius/status/1484618024564891648

Understanding how the code you import works is incredibly important.

This new pattern creates clones of a contract, simulating immutable args using `calldata` and lots of assembly.

The problem is the "immutable" args are just "calldata" args (not really immutable). This means that ANYONE can call the contract with a specially crafted calldata.

Doing that, your implementation will parse that calldata and use the arguments.

Thus the "immutable" args are not actually immutable.

I assume the creator of this pattern chose the word "immutable" because the arguments exist in the code. But there is a difference that makes this whole thing exploitable.

First, we need to understand how the pattern works.

The whole implementation uses another common pattern known as the Beacon Proxy Pattern.

In the Beacon Proxy Pattern, you have a pair of contracts one is the actual implementation, and the other one is the beacon pointing to the implementation.

The Beacon points to the implementation, and it holds the contract storage.

This pattern is a simple way of deploying multiple "thin" contracts, each with its own storage that behaves identically to all others (has the same implementation).

In the Beacon Proxy pattern, the users interact with the Beacons and the Beacon delegates the execution to the Implementation.

This pattern is very similar to Clones With Immutable Args. The difference is that some arguments are passed down to the Implementation through calldata

If you want to understand how this is done, it's not very easy, but I'll help you.

It's not easy because it's assembly. But follow below 👇

The immutable args are sent to the contract when a new contract is deployed and saved in the bytecode (similar to actual immutable variables).

Thus, the Beacon is deployed when the `.clone(implementation, args)` method is called.

The Beacon holds the "immutable args" and all execution is forwarded (with delegatecall) to the `implementation`, adding the "immutable args" at the end (`extra`).

At the other end, the implementation picks up the arguments from the calldata using specially crafted functions.

The function below reads an address.


The problem appears when the implementation believes the address should be trusted and specifically when it delegates more execution to it.

Your implementation can do whatever it needs with the arguments. And sometimes you might need to delegatecall to the received address.

Follow this example using the ClonesWithImmutableArgs pattern.

Have a look and tell me if there is something wrong with it.


Did you see the problem? Is it obvious?

I hope it's a bit more obvious now that you understand how this pattern works.

You can't trust the address returned by `_getArgAddress(0)`. Why?

In theory, this should be a trusted address that the Beacon forwards to you.

But anyone can call this contract and add what address they want in the calldata.

This means that CodeRunner will delegatecall to an address controlled by the attacker.

You might say this isn't a problem.

However, the delegated code can choose to selfdestruct. And because all execution happens in the implementation, the implementation selfdestructs.

This means that all beacons point to a self-destructed contract.


You don't change the Beacon's storage but make all Beacons unusable.

I believe it's extremely important to understand how patterns work behind the scenes and make sure your code doesn't open up doors that should stay closed.

Upgradability again, proxy pattern that delegates calls.

https://blog.trailofbits.com/2020/12/16/breaking-aave-upgradeability/

Next is @AstariaXYZ using the same ClonesWithImmutableArgs pattern.

https://twitter.com/apoorvlathey/status/1671308180545241088

I am not saying we should stop using code from other devs, but it's really difficult to include code and know exactly how it works.

Most of the time we must trust something, but we shouldn't trust Solidity code.

You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/wgR3c9w

Understanding ClonesWithImmutableArgs: Security Issues and Vulnerabilities

Today I learned about EIP-6780, probably the best approach to removing SELFDESTRUCT from the EVM.

I'll explain what it's supposed to do and how it affects current and future smart contracts, and share example code to illustrate when it works as expected and when it doesn't.


You can find the link below if you want to go through the EIP yourself.

However, this thread explains everything you need to know about its mechanics.

https://eips.ethereum.org/EIPS/eip-6780

It's important to understand how SELFDESTRUCT works right now.

SELFDESTRUCT:

- executes in the context of a contract (account with code)
- executes as `selfdestruct(receiver)`
- transfers all ether (not tokens) to the `receiver`
- removes all storage and code

EIP-6780 modifies SELFDESTRUCT to behave the same ONLY if the executing contract was created in the same transaction.

Because of how it behaves, we can refer to EIP-6780 as "Conditional SELFDESTRUCT".

If SELFDESTRUCT is executed in a different transaction, it will behave differently:
- will not delete storage or code
- transfers all ether to `receiver`

EIP-4758 is another proposal to change SELFDESTRUCT and has a different approach.

It wants to change SELFDESTRUCT to a SENDALL operation, effectively not removing any storage or code.

Its purpose is to transfer all ether to the `receiver` while retaining code and storage.

Because both approaches want to change the SELFDESTRUCT opcode, only one will be included in the next Ethereum upgrades.

I assume that EIP-6780 Conditional SELFDESTRUCT will be accepted because it retains the code and storage removal feature.

Snippet code created to explain the behavior of new EIP.

There is a weird quirk with how Ethereum works right now, and I honestly don't know if this will be changed when 6780 goes live.

Can you identify it? Can you explain it?

https://gist.github.com/cleanunicorn/b0a108a38c8bf0c9542e0c76e0e8342c

Research created by @dedaub

https://docs.google.com/document/d/1HDbym5YOoYj63xswMAwvt5Psh4JaI0biY06b6ZvYV2s/edit

EIP-4758 Change SELFDESTRUCT to SENDALL

https://eips.ethereum.org/EIPS/eip-4758

EIP-6780 Conditional SELFDESTRUCT

https://eips.ethereum.org/EIPS/eip-6780

EIP-2929 SELFDESTRUCT gas costs

https://eips.ethereum.org/EIPS/eip-2929#selfdestruct-changes

You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/aejK6cp

EIP-6780: Removing SELFDESTRUCT from the EVM

I am recreating a list with web interfaces for contracts.

The list is in no particular order.

It's good to have different ways to interact with contracts whether they are or not verified on Etherscan.

https://etherscan.io/

Only if the source is verified.

https://www.myetherwallet.com/wallet/interact

https://app.mycrypto.com/interact-with-contracts

I recreated this list because I got lots of responses in this thread.

https://twitter.com/cleanunicorn/status/1651217081961000962

Web Interfaces for Contracts List

This last year of 2022 I was really focused on reading.
Let me show you which books I read and why you should at least consider giving them a try.

10 books in chronological order👇🧵

1️⃣ Farsighted: How we make the decisions that matter the most, by Steven Johnson @stevenbjohnson

Don’t try to make a lot of decisions, make good ones. It makes a world of difference to learn how to make the good ones.

https://www.goodreads.com/book/show/40981514


2️⃣ Essentialism: The Disciplined Pursuit of Less, by Greg McKeown @GregoryMcKeown

This helped me simplify my life and focus on the important things.

https://www.goodreads.com/book/show/18077875


3️⃣ Project Hail Mary, by Andy Weir @andyweirauthor

Super well structured, extremely fun and easy to read, this sci-fi book is my favourite of the year. Prev 2021 sci-fi winner on @goodreads

It’s currently in production to become a movie.

https://www.goodreads.com/book/show/54493401


4️⃣ Artemis, by Andy Weir @andyweirauthor

I liked the previous book so much that I wanted more from the same author.

This one, still a sci-fi, not as fun, but a solid 3/5 ⭐️

https://www.goodreads.com/book/show/50812451

5️⃣ Beta Testing the Ongoing Apocalypse, by Tom Kaczynski

This is a comic book, the least popular from the list.  A very fun, interesting, quirky look at the urbanisation of the world with all problems that arrive from it.

https://www.goodreads.com/book/show/55678439

6️⃣ Hacker’s Delight, by Henry S. Warren Jr.

This is a book with lots of programming tricks on doing low-level bit operations and low-level arithmetic.

It’s not a book that you read through, but one your add to your arsenal of tools.

https://www.goodreads.com/book/show/276079


7️⃣ Blood Music, by Greg Bear

Another sci-fi book that explores what would happen if a virus would be conscious and intelligent. It starts by having a scientist inject this virus to smuggle it from their laboratory. Things go very wrong after that.

https://www.goodreads.com/book/show/38197113

8️⃣ The Power of Unwavering Focus, by Dandapani @DandapaniLLC

I am a fan of Dandapani and I was glad he released another book exploring focus and concentration.

Goes into what focus is and how to exercise and train it to become better at anything you do.

https://www.goodreads.com/book/show/60149560

9️⃣ Mistborn: The Final Empire, by Brandon Sanderson @BrandSanderson

He likes to create characters with very interesting powers that have cool mechanics and interactions.

This is the most popular book in my list.

https://www.goodreads.com/book/show/53321665

1️⃣0️⃣ The Well of Ascension, by Brandon Sanderson @BrandSanderson

The second in the series, continues the story, very entertaining. Even though its ~800 pages long, I read this one in about 2 weeks. Thats how much I was hooked.

https://www.goodreads.com/book/show/54191640


Special mentions:

Unfortunately, the author of Blood Music, Greg Bear aged 71, just passed away a few days ago after having heart surgery.

I am totally hooked on the Mistborn series by @BrandSanderson but there are other series he created with other types of interesting mechanics and super powers.

I set a target of 5 books per year but got to 10. Having a target helps a lot.

You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/L2tEBgF

Books I read in 2022

🧵👇 1/5

GitHub finally makes us pay for used space. The free account has only 15GB available. If you like forking repos, you might be in trouble.

I created a tool to clean up my GitHub profile from useless forks.


2/5

I used to see a repo I liked and press "Fork" immediately. I was a fork hoarder.

I am sure other people do the same. I had over 200 repositories.

3/5

Now I've used https://github.com/EdenBlockVC/fork-cleanup, and I've fixed my hoarding problem.

It deletes forks with no contributions from myself. Which makes a lot of sense. Why did I even fork them in the first place?



4/5

If you have a friend who might have a problem, send them this tool. Declutter your life.

5/5

Help them solve their hoarding problem by using a slightly tested, possibly catastrophic Python script.


You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/YOJZvfn

Cleanup GitHub forks without personal commits

I'm learning ZK by playing with @MinaProtocol, the 22kb ZK blockchain.

Getting started was easy, and the experience is polished--but during this process, they upgraded the testnet with breaking changes.

Keep reading for some highlights 👇🧵

At the end of this, you'll be able to:

1️⃣ Set up the needed tools
2️⃣ Generate a local development environment
3️⃣ Use a testnet faucet
4️⃣ Develop and deploy a zk smart contract
5️⃣ Interact with a zk smart contract

Because most people reading this are strongly related to Ethereum, I think it makes sense to make a parallel between Ethereum and Mina.


𝓔𝓽𝓱𝓮𝓻𝓮𝓾𝓶
- code in Solidity
- code executes on nodes
- tx cost is variable
- stores data
- chain size increases

𝔐𝔦𝔫𝔞
- code in TypeScript
- code executes locally, nodes verify a proof
- tx cost is constant
- computation and state are decoupled
- chain size is 22kb



A few notable points along the way.

🤝 The team was responsive and provided excellent support.

I enjoy learning about zero-knowledge proofs and how they can be used to build privacy-preserving applications.

Anyone can follow along by reading the GitHub repo. Everything is in there, thoughts, ideas, frustrations and full code ready to run.

🦸🏼‍♂️ You can clone the repo and deploy the code on a local Mina network or the testnet.

https://github.com/EdenBlockVC/mina-research

🗃️ I started by installing the `zk` CLI app.

You can do that by running:

`npm i -g zkapp-cli`

Or you can do it the hacker way by cloning https://github.com/o1-labs/zkapp-cli and linking the package:

`npm i -g .`

I prefer the latter because I can edit the code if I need to.

🚰 They provide a faucet that is easy to use. When you first configure your project, `zk` generates a link with your public address prefilled.

https://faucet.minaprotocol.com/?address={youraddress}


A blockchain explorer exists, like Etherscan, but because of the zero-knowledge nature of the chain, it has very different information.

Here's the tx that funded my test account when it was in "pending mode".

https://berkeley.minaexplorer.com/

Interacting with a zk smart contract is done by creating a script and running it locally.


While doing all this, the development team did a network upgrade, which brought some breaking changes.

The upgrade threw a wrench in my development cycle, but finally, I could push forward with the team's help.

Look at how well the upgrade of `init` is described.

I could update the docs myself after this.

https://github.com/o1-labs/snarkyjs/pull/543


I am still working through the documentation they shared. Thus, you should star the repo and follow my ongoing journey.

https://github.com/EdenBlockVC/mina-research

You can read the unrolled version of this thread here:

https://typefully.com/cleanunicorn/gNjG9vi

Mina First Look Self Reported Research

📈📉 I present a way to set up rate limits that are automatically updated, dynamically increase over time, and protect your protocol from big hacks.

You can find 👇 a reference implementation and the thinking behind all of this.


Recently I've been thinking about limiting the damage hacks do. And I've had chats with a few founders trying to solve this issue with very different approaches.

It's nearly impossible to ensure code is completely safe, but there might be ways to limit the amount of damage done

Many protocols, especially in the beginning, limit the number of funds users can deposit. This choice is usually done to prevent the amount of lost user funds in case a hack happens or the protocol malfunctions.


🏛️ However, these limits are set by the governance. There are a few problems with this approach.

1️⃣ Setting the limit through governance is expensive and gives power to a very limited number of people.

2️⃣ It takes a lot of time since the vote needs to pass.

3️⃣ The proposer needs to pick the right amount, and we're stuck with that until the gov decides to update it.

🧑🏼‍💻 My approach implements a few ways of setting limits at the protocol level.

And I can explain each approach and its advantages and disadvantages. I also add handwritten notes explaining how this works in practice with concrete numbers.

The first and simplest way to implement a limit is a

1️⃣ Limit per action

This type of rate limiting blocks any amount higher than the specified limit.

You can achieve this by defining a modifier that receives the argument `amount` and checks if it's above the specified limit.

🪡 This isn't too difficult to implement but doesn't help much. An attacker could still extract infinite funds, but not all at once.

They need to split their action into multiple actions. Eventually, they withdraw as many funds as they want.


The second way is a bit better

2️⃣ Rate limit per second

You can define a rate limit per second enforced since the limit was set. This does limit the number of moved tokens but has other associated risks.

If the protocol was used a relatively long time ago but not so much recently, there is a lot of unused rate limit which can be used up all at once.

I hope my poorly hand-drawn graph shows this case.

A different way of doing this is implementing a
3️⃣ dynamically increasing bucket system.

You can think about this as having an empty bucket available for the actions you want to limit. If the bucket fills up, you need a larger bucket for the next time interval.


I like this system much more because even though the buckets increase over time, they increase only if the protocol increases in usage.

If the protocol is not used anymore, the limit falls to the initially set limit.

It does not require an expensive governance vote to update the limit to new highs, the cost is offloaded to the users interacting with the protocol.

Of course, the implementation can be improved to
- ⛽️ use less gas
- 🦚 have more features
- 🤓 be more readable

Also, there might be other problems in the implementation that we don't know about. The point of this implementation is for educational purposes and to have fun.

https://github.com/cleanunicorn/rate-limit


If you got this far, we can start discussing different approaches to this problem. And I am curious to hear what your ideas are.

Let me start.

There are a few off-chain approaches one could do to protect their protocol.

🔎 Analyze the trends and progressively move the limit higher (or lower).

This either requires direct access to the protocol or an ordinary governance vote. However, it centralizes power if it's done directly, or it's expensive and slow if it goes through governance.

🌈 Monitor the mem pool and try to front-run the hacking transaction.

This is even more difficult to do in practice because it's really hard to know in real-time what the hacks are; one also needs relationships with block producers for higher certainty that it will be included.

What other ideas that would protect protocols from hacks do you have?

- 🧱 On/Off-chain?
- ⭕️ Centralized/decentralized?
- 👩🏼‍✈️ Trustless/Trustful?
- 🤖 Algorithm based/Human decision?


You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/ycjJclp

Dynamic progressive algorithmic protocol limits

I started using a new product a few weeks ago that saves me ether on each transaction.

It's brilliant how this works and how easy it is to use. Best of all, it's saving me gas. So far, I saved ~35% ether on my transactions.

https://gashawk.io/

👇🧵

🦅 First of all, it's really easy to set up. You need to add a new RPC URL in your wallet 🦊 you're already using.

No need to install anything new; add the URL GasHawk provides, and you're good to go.

🔒 It's important to make a note of the security aspect of this product.

⏳ They can't do anything scary; they hold your signed transaction until the algo broadcasts it to the network.

The worst thing they could do is not broadcast the transaction at all.

📉 GasHawk works by monitoring the current base gas fee and predicting when the lowest will be in the set time limit.

⛽ The gas market becomes predictable because of EIP 1️⃣5️⃣5️⃣9️⃣ since the gas cost can't drastically change instantly, its change is gradual over time.

🥷 The secret sauce is quietly hidden behind the provided RPC URL. I'd like to know more about the mechanism of making the decision.

Also, the algo can always improve and make better choices.

@j6sp5r


Here's the graph it created after the tx was finally mined.

You can see the base gas fee over time since the tx was created for the next 24 hours.  Even though it did not choose the best time to broadcast the transaction, you can see it sent the tx before the gas increased again

👀 It would be cool to see a gas prediction graph in real time. Not how sure how difficult this is to do.

🐞 There's a problem I got with the RPC. Metamask thinks the sent txs failed.

Not sure why this happens. As far as I see, replying with the tx hash should count as successful.

Maybe something else is happening there that I don't know about.

https://docs.infura.io/infura/networks/ethereum/json-rpc-methods/eth_sendrawtransaction

🍬 All in all, I like the product and will keep using it. It's the default RPC URL in my Metamask.

You can read the unrolled version of this thread here: https://typefully.com/cleanunicorn/x1d07qy

GasHawk first look

I've got a few things to share that are very personal, but I find them very important for myself but, I am sure they are very important for others too.

This story is about my recent burnout.

I find this important because while you're going through burnout it feels very lonely.

People should know that it doesn't have to be lonely; others are also going through this. You're not as lonely as you think you are

I do think that while you're recovering from burnout isolation is useful, it should not be absolute.

You still need people around you, but you need people outside of crypto.

People are very understanding of burnouts, but you're not comfortable making this public. At least for some time.

🔥 My burnout phase started in May of this year 2022.

It took me a while to figure out I was burned out.

But once I realized this, I knew I had to take a break.

I bet many people rode the wave recently and it was very difficult to take real breaks while the market was this hot. While the market is going strong it's hard to even realize you might be burning out.

After notifying my team, I knew I had to break all ties to crypto, at least for a while.

1️⃣ I stopped using Twitter
2️⃣ I tried to stop coding
3️⃣ I had to find other activities non-crypto related

1️⃣ Twitter is the only social network I use.

This is the only connection I have with the outside world. I don't have cable TV, I don't use Facebook, Instagram, Snapchat, or TikTok, and I don't read news websites.

It became very important for me to severely limit the amount of information fed to me without my express approval.

I rely a lot on friends and what they find important.

If something happens and it's relevant, they will talk about that. I don't have to digest heavy amounts of information in hopes that 1% will be useful.

I also don't feel fomo for possibly missing some important piece of news.

I created a pretty good network of friends that will tell me or just want to talk about an important, relevant contemporary topic.

I might sound weird for saying all of this, in the "information age". But you have to realize that too much information IS TOXIC.

We are all human, and exposing ourselves to everything and anything will have some effect.

That effect can very well be negative.

There's this great scene in Pulp Fiction where Vincent Vega wants to ask Mia Wallace something, but first, he asks her to promise that she won't be offended.

She replies that one can't promise not to be offended. She has no idea what he's going to ask her.

He has to say what he has to say and her natural response could be to get offended. Then, through no fault of her own she would break her own promise.

https://www.youtube.com/watch?v=oZuF-SWRkks

It's the same with news and information pushed to us (and not pulled).

We can't control how the information affects us, thus we will have a natural response.

I control this by limiting exposure to information, especially unfiltered information.

I can't control how the information affects me, but I can control how much information I ingest and the quality of it.

That's why I remove most of the information channels and curate the people I spend time with.

2️⃣ I stopped coding or doing audits because it was important to stop doing things that generate money.

It might sound weird, but throughout my burnout recovery, I was allowed to work on open source, but not things that would bring me any kind of direct financial incentive.

I removed a very powerful stress factor by not doing any work that leads to payment or people depending on the quality of my work.

When you do security, there's immense stress and pressure you feel. ALL THE TIME.

You finish an audit, but until the end of time, you don't know if you actually did a good job.

When you build a new protocol you feel a very similar type of pressure.

We, as builders and security people, have immense stress we have to deal daily.

3️⃣ I had to find activities to do that are not crypto related.

This is harder than it sounds because all my friends are in crypto or have some relation to crypto.

I found solace in a few things:

🍔 I learned how to make burgers
🎬 I started working on a short movie script
🐶 I spent time with my dog


🍔 The burger thing was very fun, honestly.

The weather was nice, so I started organizing barbeques at my place with friends. But I learned how to make burgers myself.

I started by making the patties from bought ground meat.

The next time we did a barbeque a friend helped with making the fire.

I specialized in making the patties.

The next time another friend started to make the buns.

Soon enough, by the 3rd iteration, we had a pretty nice operation going there.

By the end of the summer, we were a well-oiled machine for

- setting up the 🔥 fire,
- making the buns,
- grinding the meat,
- making the 🍔 patties,
- making 🍨 desert,
- 🍅 veggies,
- 🍄 mushrooms,
- 🥗 salads.

A real feast.

I had people around and it felt really good spending time with friends working together on something.

We barely discussed any crypto-related news. And that's not easy.

🎬 I like movies, and I wanted to shadow a movie director I know.

But he actually encouraged me to try to write a script.

So I did that. It was very interesting. I found the process surprisingly similar to writing code.

A small change would either need a complete rewrite or could change how the whole story worked and how you perceive the main character.

It forced me to learn a new syntax and structure, get familiar with the lingo and think differently.

🐶 The 3rd big thing was spending time with my dog.

It's very nice to have something depend on you so much.

It gives you purpose and pushes other problems down the priority scale.

This is Finney.

His full name is Harold Thomas Finney the 2nd.

You might have heard of him https://en.wikipedia.org/wiki/Hal_Finney_(computer_scientist)

I am glad I was able to share my latest burnout experience. Unfortunately, it wasn't my first one, which is why I kinda knew what I had to do to get through it.

I hope this helps anyone out there.

Feel free to ask any question and I will try to respond and help any of you.