Skip to checkout

field notes · 202 pages · 23 labs

Printing Money

By the last page you'll be able to spot the representation gap that drains a bridge — rebuild the exploit in Foundry, watch the invariant break, and patch it — and you'll know, with a number, exactly where an LLM stops being able to do it for you.

In February 2022 the Wormhole bridge lost $320,000,000 to sixty-five lines of Rust that worked perfectly — in a world that didn't exist. This book rebuilds ten real exploits (~$1.2B in losses) and reports what the tools catch.

$ run-benchmark --tools all
static analyzers≈ 0%
LLM40%
the other 60%← this book
I want this — $39 PDF · instant download · free updates

Secure checkout via Gumroad · refundable if it's not for you

Printing Money book cover

6×9 typeset PDF — designed for screen and print

$1.2B
in exploits, rebuilt
10
real bridge hacks
23
hands-on Foundry labs
202
pages of field notes

The expensive bugs aren't typos.

They're representation gaps: the space between what the code believes and what the chain can prove. Wormhole checked a signature on one account type and forgot the other. The contract worked. The world it assumed didn't exist.

I wanted to know if a language model could see that gap — not in the abstract. I wanted a number. So I built a benchmark: ten real bridge exploits, six classes of compositional vulnerability, a Foundry suite that reproduces each one from source. Then I ran the tools.

Static analyzers: ≈0%. An LLM: 40%. This book is the investigation that produced those numbers — and a mechanistic answer to what lives in the other 60%.

head -n 20 look inside

Sixty-five lines of Rust. The contract compiled, passed its tests, and ran in production for months. It checked a signature on one account type and never checked it on another — and for a while, nobody needed it to. The bug wasn't in the code. It was in the gap between what the code believed and what the chain could actually prove.

That gap has a price. On February 2nd, 2022, it was $320 million. This book is about learning to see it before the attacker does — and about whether a machine can be taught to see it too.

— from Part I, “Bridges, and the Art of Printing Money”

202 pages · 23 chapters · written as field notes, ordered the way the investigation actually unfolded.

ls what's inside

PART I

Bridges, and the Art of Printing Money

Real exploit anatomy, rebuilt and proven in Foundry: the honeypot with a freeze button, the bridge that paid twice, the bridge that minted from nothing. Plus the EIP-712 bug I found and fixed — the PR is merged in alloy-rs/core.

PART II

Randomness, Proof, and the Limits of Verifiable

A dice game with no win condition. Why a coin flip can be verifiable and still not trustless. What a ZK proof actually proves, ZK dark chess with real fog of war, FHE where ZK stops — and the post-quantum scheme Shor breaks anyway.

PART III

Machine Learning, Pointed at Hard Things

The benchmark itself: who audits the auditor, what active learning buys you, a model that asks when it can't explain what it sees — and the interpretability hunt for why the model reads "not" but can't use it.

cat table-of-contents.md — all 23 chapters
PART I · BRIDGES
  1. Anatomy of a memecoin honeypot
  2. The index fund that held the wrong asset
  3. Rebuilding a perps DEX from its docs
  4. An AMM built to be attacked
  5. How CoW Protocol settles a trade (and what my TWAP router got wrong)
  6. An arbitrage bot with no slippage is a sandwich
  7. The bridge that paid twice
  8. Auditing my own bridge: from “mints money from nothing” to all-criticals-closed
  9. Recursive types, finite values: an EIP-712 bug in alloy
  10. Static analysis scores 0% on real bridge exploits. What does an LLM score?
  11. Running an OP Stack L2 with reth
PART II · PROOF
  1. Anatomy of a fake dice game
  2. The on-chain randomness landscape, or: how to pick a chess position fairly
  3. Verifiable isn’t trustless: a coin flip on Sui
  4. What a ZK proof proves (and what it doesn’t)
  5. Building ZK dark chess: real fog of war on a public chain
  6. The other side of the wall: FHE where ZK stops
  7. The post-quantum proof that Shor breaks anyway
PART III · MACHINE LEARNING
  1. A social-good protocol, built by an agent fleet
  2. Who audits the auditor?
  3. Greedy was enough: active learning on a pretrained potential
  4. When it can’t explain what it sees, it asks
  5. The model reads “not” — it just can’t use it

+ Preface · and a closing chapter, “The Gap”

Every chapter ships a lab.

Clone the repo, run the exploit, watch the invariant go red — then fix it and watch it go green. Real Foundry suites against real bug classes.

$ forge test --match-contract WormholeReplay
[FAIL] test_invariant_mintRequiresProof()   ✗ minted 120,000 wETH from nothing
$ git apply fix/check-sysvar-account.patch
$ forge test --match-contract WormholeReplay
[PASS] test_invariant_mintRequiresProof()   ✓ invariant holds
  • Honeypot anatomy
  • Lock-and-mint bridges
  • EIP-712 recursive types
  • On-chain randomness
  • ZK proof binding
  • Post-quantum verification

whoami — this is for you if

Solidity / DeFi developers who want to internalize how real exploits compose — not CTF puzzles, the actual mechanisms behind nine-figure losses.

Auditors who want a falsifiable benchmark for what LLM tooling can and cannot catch today.

ML engineers pointed at security problems, who want to know where the model's understanding actually stops — measured, not vibes.

Anyone who's read one too many "AI will replace auditors" takes and wants the number instead.

what this isn't [+]

Not a Solidity tutorial (you should read code), not a course (Cyfrin Updraft is free and excellent), and not a prediction about AGI. It's field notes from pointing the current generation of models at the hardest bugs in the most adversarial environment we have — and a precise account of where they fail.

whoami — who wrote this

I'm Toma. I didn't write a book about exploits I read about — I rebuilt ten of them from source in Foundry until every invariant went red, then went looking for what the tools miss. Along the way I found a real EIP-712 encoding bug in alloy-rs/core and fixed it.

The PR is merged. That's the standard this book is held to: if a claim isn't reproducible, it isn't in here.

✓ merged upstream
EIP-712 fix in alloy-rs/core
✓ reproducible
every exploit ships a Foundry suite
✓ falsifiable
a benchmark, not an opinion

man questions

What format do I get?+

A 202-page typeset PDF (6×9, built for both screen and print), plus links to every lab repo and the benchmark suite. Instant download after checkout.

Do I need to be a Solidity expert?+

You should be comfortable reading code. It's not a from-scratch Solidity tutorial — if you've never touched a smart contract, start with Cyfrin Updraft (free) first, then come back. The labs assume you can run forge test.

Are the exploits real or invented?+

Real — ten historical bridge exploits totalling roughly $1.2B in losses, reproduced from source in Foundry. The benchmark numbers (static analyzers ≈0%, LLM 40%) come from running actual tools against those reproductions.

Do I get updates?+

Yes — free updates to this edition land in your Gumroad library automatically. Refunds are handled through Gumroad if it's not what you expected.

Read the gap before you trust an audit to a machine.

Printing Money
$39
  • 202-page typeset PDF (6×9, screen & print)
  • 23 chapters · 23 hands-on Foundry labs
  • Links to every lab repo + the benchmark suite
  • Free updates to this edition

Instant download · secure checkout via Gumroad · refundable if it's not for you