Always handle return value from functions enterMarket() and exitMarket() of Compound V2.
if market is not listed it will return MARKET_NOT_LISTED error. Every external call to other protocol should be reviewed and handled.@EthSecurity1
if market is not listed it will return MARKET_NOT_LISTED error. Every external call to other protocol should be reviewed and handled.@EthSecurity1
❤2
Gas optimization written by officer https://blog.pessimistic.io/short-types-in-solidity-rare-tricks-uncovered-46b742c554c9
@EthSecurity1
@EthSecurity1
Medium
Short Types in Solidity: Rare Tricks Uncovered
We continue our series of educational articles and today we’ll look at some specific tips for optimizing gas in smart contracts!
❤4
Advance testning ethereum by engineering group:
https://youtube.com/watch?v=nFsBSVstYiI
unit and fuzz test by patrick collins:
https://youtube.com/watch?v=pgh74-XulXg
How fuzzer works by opensensepw: https://youtube.com/watch?v=phy18o4Fi9k
Build fuzzer like Degen by 0xalpharush
: https://youtube.com/watch?v=qdtQ9k3gCX8 @EthSecurity1
https://youtube.com/watch?v=nFsBSVstYiI
unit and fuzz test by patrick collins:
https://youtube.com/watch?v=pgh74-XulXg
How fuzzer works by opensensepw: https://youtube.com/watch?v=phy18o4Fi9k
Build fuzzer like Degen by 0xalpharush
: https://youtube.com/watch?v=qdtQ9k3gCX8 @EthSecurity1
YouTube
Advanced Solidity Test: Flashloan contract via a Transparent Upgrade Proxy
Slides are here: https://drive.google.com/file/d/1ZId0OCCHF_5cwuvw6MyLNMQiqJh6rLoK/view?usp=sharing
Code is here: https://github.com/drinkcoffee/EthEngGroupSolidityExamples/tree/master/sol-test/202212
Peter Robinson used a Flashloan contract available via…
Code is here: https://github.com/drinkcoffee/EthEngGroupSolidityExamples/tree/master/sol-test/202212
Peter Robinson used a Flashloan contract available via…
🔥1
The "1 Wei Attack" is an exploitation of some DeFi platforms' vaults or liquidity pools, specifically those employing AMMs.
This attack takes advantage of the lack of slippage protection which leads to asset dilution and potential loss of funds for unsuspecting users. Suppose the following occurred:
1. The vault is empty
2. Alice deposits 1 token (1e18 units) into vault
3. Bob front-runs it, depositing 1 unit
4. Bob donates 1 token (1e18 units) into the vault using ERC20 transfer
5. Alice's deposit is executed
What happens?With an empty vault, the shares are being minted at a 1:1 rate with the amount. After Bob deposits 1 unit, the rate is 1:1 unit:shares.
Then, Bob donates another 1e18 units. This will make
(1e18*1) / (1e18 + 1) = 0.99999.. shares
In solidity, the decimals are truncated, and she gets 0 shares! 😲
@EthSecurity1
This attack takes advantage of the lack of slippage protection which leads to asset dilution and potential loss of funds for unsuspecting users. Suppose the following occurred:
1. The vault is empty
2. Alice deposits 1 token (1e18 units) into vault
3. Bob front-runs it, depositing 1 unit
4. Bob donates 1 token (1e18 units) into the vault using ERC20 transfer
5. Alice's deposit is executed
What happens?With an empty vault, the shares are being minted at a 1:1 rate with the amount. After Bob deposits 1 unit, the rate is 1:1 unit:shares.
Then, Bob donates another 1e18 units. This will make
totalAssets = 1e18 + 1.Finally, Alice's transaction is completed and she gets:(1e18*1) / (1e18 + 1) = 0.99999.. shares
In solidity, the decimals are truncated, and she gets 0 shares! 😲
@EthSecurity1
👍3🔥1🤯1
EthSecurity
Find the bug #simple I will post answer @EthSecurity1
In delegate call msg.sender can be altered @EthSecurity1
❤2👍1
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
https://twitter.com/danielvf/status/1657019677544001536?s=19
@EthSecurity1
X (formerly Twitter)
Daniel Von Fange (@danielvf) on X
Heads up! Some Curve ETH pools have a major bug that allows an attacker to manipulate the virtual_price.
This includes the largest pool on Curve.
1/5
This includes the largest pool on Curve.
1/5
How Avoid oracle manipulation
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
https://twitter.com/saxenism/status/1656632735291588609?s=21
@EthSecurity1
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
https://twitter.com/saxenism/status/1656632735291588609?s=21
@EthSecurity1
X (formerly Twitter)
Rahul Saxena (@saxenism) on X
Gm devs!!
Read this thread and bid goodbye to all your price feed contract bugs.
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
Grab some popcorn, this is gonna be fun.
…
Read this thread and bid goodbye to all your price feed contract bugs.
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
Grab some popcorn, this is gonna be fun.
…
👍1
Watch out for arbitrary NFT approvals inside of loops! 👇
If you attempt to call the "setApprovalForAll" function on an AxieInfinity NFT for an address that already has approval, it will revert.
@EthSecurity1
If you attempt to call the "setApprovalForAll" function on an AxieInfinity NFT for an address that already has approval, it will revert.
@EthSecurity1
Great reveals on NFT
https://medium.com/web-design-web-developer-magazine/the-offset-approach-to-fair-nft-reveals-and-other-metadata-reveal-strategies-considerations-2e2c69e5c274
@EthSecurity1
https://medium.com/web-design-web-developer-magazine/the-offset-approach-to-fair-nft-reveals-and-other-metadata-reveal-strategies-considerations-2e2c69e5c274
@EthSecurity1
Medium
The Offset Approach to Fair NFT Reveals, and Other Metadata Reveal Strategies / Considerations
The Bored Ape approach, refined a bit, is still my favorite.
The CoreCollection.withdraw function uses payableToken.transferFrom(address(this), msg.sender, amount) to transfer tokens from the CoreCollection contract to the msg.sender ( who is the owner of the contract). The usage of transferFrom can result in serious issues. In fact, many ERC20 always require that in transferFrom allowance[from][msg.sender] >= amount, so in this case the call to the withdraw function will revert as the allowance[CoreCollection][CoreCollection] == 0 and therefore the funds cannot ben withdrawn and will be locked forever in the contract.
Recommendation : replace transferFrom with transfer @EthSecurity1
Recommendation : replace transferFrom with transfer @EthSecurity1
❤4
tldr of tornado governance hack
1. hacker makes a proposal that executes code from a contract
2. users vote for the proposal since contract code looks good, proposal passes
3. hacker self-destructs contract and deploys malicious one in same address
4. 2nd contract is executed
so hacker got voters to vote a proposal, and, after the proposal passed, they changed the code for it and executed their malicious proposal, giving themselves full control of the DAO and draining the tokens held there.
another resource:
https://twitter.com/samczsun/status/1660012956632104960?s=21
@EthSecurity1
1. hacker makes a proposal that executes code from a contract
2. users vote for the proposal since contract code looks good, proposal passes
3. hacker self-destructs contract and deploys malicious one in same address
4. 2nd contract is executed
so hacker got voters to vote a proposal, and, after the proposal passed, they changed the code for it and executed their malicious proposal, giving themselves full control of the DAO and draining the tokens held there.
another resource:
https://twitter.com/samczsun/status/1660012956632104960?s=21
@EthSecurity1
Twitter
On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.
https://t.co/nY87XmrYgT
https://t.co/nY87XmrYgT
😁1
Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables
Proof of Concept
contract CoreProxy is Ownable {
address private immutable _implement;
When you implement proxies, logic and implementation share the same storage layout. In order to avoid storage conflicts EIP1967 was proposed.(https://eips.ethereum.org/EIPS/eip-1967) The idea is to set proxy variables at fixed positions (like impl and admin ).
For example, according to the standard, the slot for for logic address should be
0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc (obtained as bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) ).
In this case, for example, as you inherits from Ownable the variable _owner is at the first slot and can be overwritten in the implementation. There is a table at OZ site:https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies @EthSecurity1
Proof of Concept
contract CoreProxy is Ownable {
address private immutable _implement;
When you implement proxies, logic and implementation share the same storage layout. In order to avoid storage conflicts EIP1967 was proposed.(https://eips.ethereum.org/EIPS/eip-1967) The idea is to set proxy variables at fixed positions (like impl and admin ).
For example, according to the standard, the slot for for logic address should be
0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc (obtained as bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) ).
In this case, for example, as you inherits from Ownable the variable _owner is at the first slot and can be overwritten in the implementation. There is a table at OZ site:https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies @EthSecurity1
🔥1
Anyone holding funds in Tornado Cash Nova must withdraw the funds ! The attacker can simply upgrade the contract (takes 7 days tho to execute) on Gnosis Chain (is managed by governance) and drain the ETH funds. For how to do it, see here
https://t.co/LXoG9cEMpn
@EthSecurity1
https://t.co/LXoG9cEMpn
@EthSecurity1
👍1