This vulnerability existed for ~4 years in a multi-billion-dollar protocol,
overlooked by multiple in-depth security audits, only to be found by an Opus 4.8
agent a day after the model's public release. Opus 4.7 also failed to find it on
its own without being specifically directed.
Craziest part is that because of Zcash's zero-knowledge design, there's no way to
tell whether it was ever exploited. All ~$1.3B sitting in the Orchard pool
(Zcash's main shielded/private pool, where most private ZEC lives) could have
been minted out of thin air. BTW similar
counterfeiting bug was disclosed in 2019, also never known to have been exploited.
This vulnerability existed for ~4 years in a multi-billion-dollar protocol, overlooked by multiple in-depth security audits, only to be found by an Opus 4.8 agent a day after the model's public release. Opus 4.7 also failed to find it on its own without being specifically directed.
Taylor Hornby's own write-up is quite an interesting read: https://drive.google.com/file/d/1SVK41y-ip3Vw9eB69E9QRy-Qn3i...
Craziest part is that because of Zcash's zero-knowledge design, there's no way to tell whether it was ever exploited. All ~$1.3B sitting in the Orchard pool (Zcash's main shielded/private pool, where most private ZEC lives) could have been minted out of thin air. BTW similar counterfeiting bug was disclosed in 2019, also never known to have been exploited.
all with the public model too, no Mythos access.