Built for ๐, LinkedIn, and Threads, powered by AI
Write & schedule, effortlessly
Craft and publish engaging content in an app built for creators.
NEW
Publish anywhere
Post on LinkedIn, Threads, & Mastodon at the same time, in one click.
Make it punchier ๐
Typefully
@typefully
We're launching a Command Bar today with great commands and features.
AI ideas and rewrites
Get suggestions, tweet ideas, and rewrites powered by AI.
Turn your tweets & threads into a social blog
Give your content new life with our beautiful, sharable pages. Make it go viral on other platforms too.
+14
Followers
Powerful analytics to grow faster
Easily track your engagement analytics to improve your content and grow faster.
Build in public
Share a recent learning with your followers.
Create engagement
Pose a thought-provoking question.
Never run out of ideas
Get prompts and ideas whenever you write - with examples of popular tweets.
@aaditsh
I think this thread hook could be improved.
@frankdilo
On it ๐ฅ
Share drafts & leave comments
Write with your teammates and get feedback with comments.
NEW
Easlo
@heyeaslo
Reply with "Notion" to get early access to my new template.
Jaga
@kandros5591
Notion ๐
DM Sent
Create giveaways with Auto-DMs
Send DMs automatically based on engagement with your tweets.
And much more:
Auto-Split Text in Posts
Thread Finisher
Tweet Numbering
Pin Drafts
Connect Multiple Accounts
Automatic Backups
Dark Mode
Keyboard Shortcuts
Creators loveย Typefully
170,000+ creators andย teams chose Typefully to curate their Twitter presence.
Marc Kรถhlbrugge@marckohlbrugge
Tweeting more with @typefully these days.
๐ Distraction-free
โ๏ธ Write-only Twitter
๐งต Effortless threads
๐ Actionable metrics
I recommend giving it a shot.
Jurre Houtkamp@jurrehoutkamp
Typefully is fantastic and way too cheap for what you get.
Weโve tried many alternatives at @framer but nothing beats it. If youโre still tweeting from Twitter youโre wasting time.
DHH@dhh
This is my new go-to writing environment for Twitter threads.
They've built something wonderfully simple and distraction free with Typefully ๐
Santiago@svpino
For 24 months, I tried almost a dozen Twitter scheduling tools.
Then I found @typefully, and I've been using it for seven months straight.
When it comes down to the experience of scheduling and long-form content writing, Typefully is in a league of its own.
Luca Rossi ๊ฉ@lucaronin
After trying literally all the major Twitter scheduling tools, I settled with @typefully.
Killer feature to me is the native image editor โ unique and super useful ๐
Visual Theory@visualtheory_
Really impressed by the way @typefully has simplified my Twitter writing + scheduling/publishing experience.
Beautiful user experience.
0 friction.
Simplicity is the ultimate sophistication.
Queue your content inย seconds
Write, schedule and boost your tweets - withย noย need forย extra apps.
Schedule with one click
Queue your post with a single click - or pick a time manually.
Pick the perfect time
Time each post to perfection with Typefully's performance analytics.
Boost your content
Retweet and plug your posts for automated engagement.
Start creating a content queue.
Write once, publish everywhere
We natively support multiple platforms, so that you can expand your reach easily.
Check the analytics thatย matter
Build your audience with insights that makeย sense.
Writing prompts & personalized postย ideas
Break through writer's block with great ideas and suggestions.
Never run out of ideas
Enjoy daily prompts and ideas to inspire your writing.
Use AI for personalized suggestions
Get inspiration from ideas based on your own past tweets.
Flick through topics
Or skim through curated collections of trending tweets for each topic.
Write, edit, and track tweetsย together
Write and publish with your teammates andย friends.
Share your drafts
Brainstorm and bounce ideas with your teammates.
NEW
@aaditsh
I think this thread hook could be improved.
@frankdilo
On it ๐ฅ
Add comments
Get feedback from coworkers before you hit publish.
Read, Write, Publish
Read, WriteRead
Control user access
Decide who can view, edit, or publish your drafts.
โก Fractal & the Smart Contract Security Landscape ๐
๐จ $7.6 billion in digital assets compromised to this dateโ
2023 alone witnesses a staggering $2 billion in losses to exploits, highlighting the urgent need for a security revolution...
Enter Fractal. ๐งต๐
๐ Fractal
Fractal bridges Solidity & Move, letting devs deploy Solidity contracts into Move bytecode for compatibility with Move chains & leveraging Move's security. It unlocks the potential for Eth projects to migrate seamlessly maintaining security in the Move ecosystem.
๐ก๏ธ Fractal: Vision for Future Security
At Movement, we're exploring how to leverage Move's security in Ethereum, among other innovations. Testing & potential application of these advancements aim to address critical industry challenges, as we push the envelope with Fractal.
twitter.com/movementlabsxyz/status/1755032752855138330
๐ Bridging the Security Divide
As Fractal steps onto the scene, it's essential to grasp the magnitude of the challenge ahead. The DeFi space has seen $5.82 billion vanish into the ether due to hacks, with bridge hack being at a staggering $2.83b.
๐ Unraveling Exploit Patterns
This graph shows unknown methods at 17.82% & Others at 42.17%, signaling a wide array of threats. Such diverse attack vectors highlight the critical demand for stronger security solutionsโan arena where Fractal is poised to make an impact.
๐ Smart Contract Weak Spots
Zooming in, we find Math Bugs at 12%, Reentrancy at 9%, Lack/Faulty Input Verification/Validation at a substantial 23%, and EVM-based weaknesses at 15%. These prevalent issues expose the Achilles' heel of smart contract security.
๐ Common Attack Vectors Uncovered
Some of the most common smart contract vulnerabilities include:
๐ Reentrancy
๐ Math Bugs
๐ Lack/Faulty Input Verification
Now, let's dive deeper into each of these vulnerabilities & see what each entails ๐
๐ Reentrancy Attacks: A Closer Look
Reentrancy attacks are notorious in the realm of smart contracts. They occur when an attacker takes advantage of the contract's state by repeatedly calling its functions before the initial transaction is completed.
This can lead to multiple withdrawals or manipulations, draining resources or funds significantly. Such attacks highlight the critical need for contracts to manage their state effectively and securely validate txs. Below is a chart of some of the recent Reentrancy exploits ๐ฝ
๐จExploit Example:
The withdraw vuln lies in using .call to send Eth, which permits arbitrary code execution. A malicious contract can re-enter the withdraw function before the initial call finishes, leading to reentrancy, a serious security risk enabling fund drainage.
๐งฎ Math Bugs Explained
Math bugs in contracts arise from flawed arithmetic operations, including overflow underflow errors or incorrect calculations that fail to reflect the intended logic, potentially leading to financial losses & pricing errors.
Let's delve deeper โฌ๏ธ
๐ Overflow Vulnerability
An overflow occurs when an arithmetic operation reaches the maximum size of a type and then wraps around to start again from its minimum value.
Example:
Consider a simple Solidity smart contract that uses Solidity version 0.7.0 or earlier, without built-in overflow checks:
In this contract, myUint8 is an unsigned integer of 8 bits, which means it can hold values from 0-255.
If the function add is called with a value that causes myUint8 to exceed 255, it will overflow & start again from 0. So, if myUint8 is 255 and we add 1, it will become 0!
๐ Underflow Vulnerability
An underflow occurs when an arithmetic operation goes below the minimum size of a type and then wraps around to start again from its maximum value.
Example:
Using the same setup as the overflow example but with a subtraction operation:
In this contract, `myUint8` is a uint8, which can hold values from 0 to 255. The `subtract` function, when called with a value that reduces `myUint8` below 0, causes an underflow, wrapping around 255. For instance, if `myUint8` is 0 and we subtract 1, it becomes 255!
๐ Faulty Input Verification: The Risk
Inadequate input validation is a major threat to contracts, enabling malicious data manipulation. This vulnerability can result in unauthorized actions or access, emphasizing the need for stringent input checks.
An example ๐
Faulty Input Verification Example: Access Control
Example:
Let's consider a smart contract that uses a simple role-based access control mechanism but fails to properly validate role assignments:
โ ๏ธ The Vulnerability
The true risk emerges from `transferOwnership` due to inadequate validation of new owners. It superficially checks for a non-zero address but fails to authenticate/verify the new owner's intentions or identity, potentially enabling unauthorized access.
โ๏ธ Exploiting the Vulnerability
An attacker could manipulate this weak spot by orchestrating a transfer to a malicious owner. This function's lack of stringent checks means that, with clever manipulation, control of the contract could be overtaken!
โก Fractal's Potential
Identified vulnerabilities in SC development highlight the critical demand for advanced security measures.
Fractal's innovative combination of EVM & MoveVM is as a potential solution to address these issues, suggesting an exciting future application.
๐ฅ Leveraging Move
SC development in languages like Solidity can leverage the security of Move through Fractal interpretation.
I know what you are thinking:
How does the Move language protect against these common exploits in the first placeโ
Well, let's jump in ๐
โ๏ธMitigating Reentrancy
Move eliminates reentrancy vulnerabilities by ensuring resources are uniquely accessed, preventing recursive exploits. It enforces tx to be complete before another can start, blocking the typical reentrancy attack paths found in Solidity.
โจExample:
A simplified Move contract for token management, focusing on minting, balance checks, and transactions. We'll dive into the `withdraw` function, showcasing its design for reentrancy prevention using Move's resource model and atomic transactions.
๐ Withdraw Function Overview
Utilizing Move's resource model, `withdraw` deducts an amount from the user's balance as an atomic tx, creating a `Coin` resource with the withdrawn amount. This approach ensures tx integrity & consistent state management on the blockchain.
๐ก๏ธ Anti-Reentrancy Through Resources & Atomicity
`withdraw` employs Move's resource semantics and atomic tx principles to prevent reentrancy attacks. By updating the balance and issuing a new `Coin` resource atomically, it secures txs against external interferences.
๐ Preventing Math Bugs
In Move, arithmetic operations automatically check for overflows & underflows, aborting txs if errors are detected. This built-in mechanism removes the need for manual safe math checks, directly addressing common arithmetic-related vulnerabilities.
โจ Example:
We will showcase and demonstrate the move language feature using a simple script that adds two numbers.
๐ Arithmetic Safety
The `add` function demonstrates Move's automatic overflow & underflow protection. By aborting txs on arithmetic errors, it ensures secure & precise operations, eliminating the need for manual safety checks & reinforcing the integrity of blockchain txs.
๐ก๏ธ Protecting Against Overflows
Move's `add` function automatically halts txs if arithmetic operations exceed u64 bounds, effectively guarding against overflows & underflows. This built-in safeguard upholds data integrity & security, showcasing Move's proactive approach.
๐ Built-In Support for Safe Math
Move includes automatic checks for overflows, underflows, & arithmetic errors, contrasting with Solidity's reliance on SafeMath libraries or manual checks. This default safety feature in Move lessens the risk of math-related vulnerabilities
๐ก๏ธ Strengthening Input Verification
Move's type system & resource model enhance input checks, filtering improper inputs by enforcing strict checks. This boosts security, preventing manipulation/unintended actions, a key advancement over manual validations in Solidity.
โจ Example:
Exploring the `Football_card` module for managing football star cards, highlighting features like resource creation & input validation. We focus on the `transfer`functions to illustrate Move's approach to resource safety & faulty input verification prevention
โจ `transfer` Function:
`transfer` showcases secure resource relocation, utilizing Move's atomic transactions & strict resource management to ensure safe & authorized manipulation of `FootBallStar` resources, highlighting the robustness of Move's smart contract environment.
๐ก๏ธ Safeguards in `transfer`:
The function's reliance on atomicity and resource integrity ensures a secure transaction environment, emphasizing Move's approach to preventing unauthorized changes and ensuring resources are managed with utmost security.
Fractal, Solidity โก๏ธ Move:
Convert Solidity to Move bytecode to enhance contract safety by utilizing Move's various security features while retaining Solidity's flexibility, and avoiding the variety of exploits that have plagued the industry.
๐ Evolving with Fractal:
Beyond interpreting, Fractal establishes a runtime environment in MoveVM, executing Solidity on the fly!
This integrates Solidity's flexibility with MoveVM's robust execution, ensuring logic & state integrity for unparalleled security & efficiency
๐ฎ Fractal's Future:
It's not just about making Solidity work on MoveVM; it's about elevating the entire ecosystem to new heights of security and performance.
Stay tuned as we continue to push the boundaries of what's possible in smart contract developmentโ
About us:
Movement is a network of Move-based blockchains designed to pair smart contract security and parallelization with EVM liquidity and user bases. M2 is the first MEVM (Move + EVM) ZK L2 on Ethereum and is powered by Celestia, natively bringing the MoveVM to Ethereum