How Avoid oracle manipulation
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
https://twitter.com/saxenism/status/1656632735291588609?s=21
@EthSecurity1
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
https://twitter.com/saxenism/status/1656632735291588609?s=21
@EthSecurity1
X (formerly Twitter)
Rahul Saxena (@saxenism) on X
Gm devs!!
Read this thread and bid goodbye to all your price feed contract bugs.
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
Grab some popcorn, this is gonna be fun.
…
Read this thread and bid goodbye to all your price feed contract bugs.
This thread will be focused on the Chainlink oracles and how to deal with them, since they are one of the most popular choices.
Grab some popcorn, this is gonna be fun.
…
👍1
Watch out for arbitrary NFT approvals inside of loops! 👇
If you attempt to call the "setApprovalForAll" function on an AxieInfinity NFT for an address that already has approval, it will revert.
@EthSecurity1
If you attempt to call the "setApprovalForAll" function on an AxieInfinity NFT for an address that already has approval, it will revert.
@EthSecurity1
Great reveals on NFT
https://medium.com/web-design-web-developer-magazine/the-offset-approach-to-fair-nft-reveals-and-other-metadata-reveal-strategies-considerations-2e2c69e5c274
@EthSecurity1
https://medium.com/web-design-web-developer-magazine/the-offset-approach-to-fair-nft-reveals-and-other-metadata-reveal-strategies-considerations-2e2c69e5c274
@EthSecurity1
Medium
The Offset Approach to Fair NFT Reveals, and Other Metadata Reveal Strategies / Considerations
The Bored Ape approach, refined a bit, is still my favorite.
The CoreCollection.withdraw function uses payableToken.transferFrom(address(this), msg.sender, amount) to transfer tokens from the CoreCollection contract to the msg.sender ( who is the owner of the contract). The usage of transferFrom can result in serious issues. In fact, many ERC20 always require that in transferFrom allowance[from][msg.sender] >= amount, so in this case the call to the withdraw function will revert as the allowance[CoreCollection][CoreCollection] == 0 and therefore the funds cannot ben withdrawn and will be locked forever in the contract.
Recommendation : replace transferFrom with transfer @EthSecurity1
Recommendation : replace transferFrom with transfer @EthSecurity1
❤4
tldr of tornado governance hack
1. hacker makes a proposal that executes code from a contract
2. users vote for the proposal since contract code looks good, proposal passes
3. hacker self-destructs contract and deploys malicious one in same address
4. 2nd contract is executed
so hacker got voters to vote a proposal, and, after the proposal passed, they changed the code for it and executed their malicious proposal, giving themselves full control of the DAO and draining the tokens held there.
another resource:
https://twitter.com/samczsun/status/1660012956632104960?s=21
@EthSecurity1
1. hacker makes a proposal that executes code from a contract
2. users vote for the proposal since contract code looks good, proposal passes
3. hacker self-destructs contract and deploys malicious one in same address
4. 2nd contract is executed
so hacker got voters to vote a proposal, and, after the proposal passed, they changed the code for it and executed their malicious proposal, giving themselves full control of the DAO and draining the tokens held there.
another resource:
https://twitter.com/samczsun/status/1660012956632104960?s=21
@EthSecurity1
Twitter
On 2023/05/20 at 07:25:11 UTC, Tornado Cash governance effectively ceased to exist. Through a malicious proposal, an attacker granted themselves 1,200,000 votes. As this is more than the ~700,000 legitimate votes, they now have full control.
https://t.co/nY87XmrYgT
https://t.co/nY87XmrYgT
😁1
Storage collision because of lack of EIP1967 could cause conflicts and override sensible variables
Proof of Concept
contract CoreProxy is Ownable {
address private immutable _implement;
When you implement proxies, logic and implementation share the same storage layout. In order to avoid storage conflicts EIP1967 was proposed.(https://eips.ethereum.org/EIPS/eip-1967) The idea is to set proxy variables at fixed positions (like impl and admin ).
For example, according to the standard, the slot for for logic address should be
0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc (obtained as bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) ).
In this case, for example, as you inherits from Ownable the variable _owner is at the first slot and can be overwritten in the implementation. There is a table at OZ site:https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies @EthSecurity1
Proof of Concept
contract CoreProxy is Ownable {
address private immutable _implement;
When you implement proxies, logic and implementation share the same storage layout. In order to avoid storage conflicts EIP1967 was proposed.(https://eips.ethereum.org/EIPS/eip-1967) The idea is to set proxy variables at fixed positions (like impl and admin ).
For example, according to the standard, the slot for for logic address should be
0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc (obtained as bytes32(uint256(keccak256('eip1967.proxy.implementation')) - 1) ).
In this case, for example, as you inherits from Ownable the variable _owner is at the first slot and can be overwritten in the implementation. There is a table at OZ site:https://docs.openzeppelin.com/upgrades-plugins/1.x/proxies @EthSecurity1
🔥1
Anyone holding funds in Tornado Cash Nova must withdraw the funds ! The attacker can simply upgrade the contract (takes 7 days tho to execute) on Gnosis Chain (is managed by governance) and drain the ETH funds. For how to do it, see here
https://t.co/LXoG9cEMpn
@EthSecurity1
https://t.co/LXoG9cEMpn
@EthSecurity1
👍1
Getting flash loan without using the flash loan function. https://code4rena.com/reports/2023-04-caviar/#m-01-the-buy-functions-mechanism-enables-users-to-acquire-flash-loans-at-a-cheaper-fee-rate @EthSecurity1
🔥2❤1
Tornado Cash Hack - How to deploy different contracts at the same address
Notes
https://github.com/stakewithus/notes
References
https://twitter.com/storming0x/status/1660076433903869953
https://twitter.com/samczsun/status/1660012956632104960
https://ethereum.stackexchange.com/questions/760/how-is-the-address-of-an-ethereum-contract-computed
@EthSecurity1
Notes
https://github.com/stakewithus/notes
References
https://twitter.com/storming0x/status/1660076433903869953
https://twitter.com/samczsun/status/1660012956632104960
https://ethereum.stackexchange.com/questions/760/how-is-the-address-of-an-ethereum-contract-computed
@EthSecurity1
⚡1🔥1
lack of expiration timestamp check and slippage control. impact:
The transaction can be pending in mempool for a long and the trading activity is very time senstive. Without deadline check, the trade transaction can be executed in a long time after the user submit the transaction, at that time, the trade can be done in a sub-optimal price, which harms user's position.
The deadline check ensure that the transaction can be executed on time and the expired transaction revert. the second point is the slippage control:
require(amountAOptimal >= amountAMin, 'UniswapV2Router: INSUFFICIENT_A_AMOUNT');
and
require(amountBOptimal >= amountBMin, 'UniswapV2Router: INSUFFICIENT_B_AMOUNT');
the slippage control the user can receive the least optimal amount of the token they want to trade.
In the current implementation, neither the deadline check nor the slippage control is in place when user deposit / withdraw / trade. @EthSecurity1
The transaction can be pending in mempool for a long and the trading activity is very time senstive. Without deadline check, the trade transaction can be executed in a long time after the user submit the transaction, at that time, the trade can be done in a sub-optimal price, which harms user's position.
The deadline check ensure that the transaction can be executed on time and the expired transaction revert. the second point is the slippage control:
require(amountAOptimal >= amountAMin, 'UniswapV2Router: INSUFFICIENT_A_AMOUNT');
and
require(amountBOptimal >= amountBMin, 'UniswapV2Router: INSUFFICIENT_B_AMOUNT');
the slippage control the user can receive the least optimal amount of the token they want to trade.
In the current implementation, neither the deadline check nor the slippage control is in place when user deposit / withdraw / trade. @EthSecurity1
❤1🔥1
EthSecurity
lack of expiration timestamp check and slippage control. impact: The transaction can be pending in mempool for a long and the trading activity is very time senstive. Without deadline check, the trade transaction…
mitigation:
We recommend the protocol add deadline check and add slippage control. NOTE! You must Stop Using block.timestamp as Deadline in Swaps. the takeaway is this: protocols should let users who interact with AMMs set expiration deadlines. Without this, there's a risk of a serious loss of funds for anyone starting a swap, especially if there's no slippage parameter. @EthSecurity1
We recommend the protocol add deadline check and add slippage control. NOTE! You must Stop Using block.timestamp as Deadline in Swaps. the takeaway is this: protocols should let users who interact with AMMs set expiration deadlines. Without this, there's a risk of a serious loss of funds for anyone starting a swap, especially if there's no slippage parameter. @EthSecurity1
🔥3
Chain abstraction is cool and save a lot of gas https://fxtwitter.com/ConnextNetwork/status/1661439482950811650 @EthSecurity1
FixTweet
Connext (@ConnextNetwork)
Interacting with a dApp across chains today is difficult and time-consuming: select the right network, bridge assets, get gas tokens,…
Web3 users deserve a better experience.
Introducing Chain Abstraction: onboard users from anywhere, regardless of the chain…
Web3 users deserve a better experience.
Introducing Chain Abstraction: onboard users from anywhere, regardless of the chain…
This research introduces a novel pairs trading strategy based on copulas for cointegrated
pairs of cryptocurrencies: https://arxiv.org/pdf/2305.06961.pdf @EthSecurity1
pairs of cryptocurrencies: https://arxiv.org/pdf/2305.06961.pdf @EthSecurity1
Deploy Different Contracts at Same Address | Hack Solidity 0.8 youtu.be/zYaHtUJN-MI @EthSecurity1
YouTube
Deploy Different Contracts at Same Address | Hack Solidity 0.8
Solidity code and Remix example of how to deploy different contracts at the same address.Tornado Cash Hackhttps://youtu.be/whjRc4H-rAc0:00 - Intro2:05 - Code...
🤯3👍2
The forgotten IPFS vulnerabilities https://consensys.net/diligence/blog/2022/09/the-forgotten-ipfs-vulnerabilities/
Fuzzing Tutorial: How to get started testing your smart https://consensys.net/diligence/blog/2023/04/fuzzing-tutorial-how-to-get-started-testing-your-smart-contracts/
Benchmarking Smart-Contract Fuzzers https://consensys.net/diligence/blog/2023/04/benchmarking-smart-contract-fuzzers/ @EthSecurity1
Fuzzing Tutorial: How to get started testing your smart https://consensys.net/diligence/blog/2023/04/fuzzing-tutorial-how-to-get-started-testing-your-smart-contracts/
Benchmarking Smart-Contract Fuzzers https://consensys.net/diligence/blog/2023/04/benchmarking-smart-contract-fuzzers/ @EthSecurity1
Consensys Diligence
The forgotten IPFS vulnerabilities | Consensys Diligence
In 2021 we privately disclosed multiple vulnerabilities in the InterPlanetary File System but never really talked about it. Let’s change that 😊!
⚡2🔥1
Auditing resources part 1:
Search for Audit reports
Audit Reports DeFi Yield
Past Audit Reports Solodit
Solutions to Blockchain Security CTF
Audit Findings Audit Hero
Security resources by Immunifi
Quill Audits Roadmap
Quill Auditing Mindmap
Quill Attack Vectors
web3 security
Metamask Signature Types
officercia.eth
SWC Registry
Security Guide by Crytic
DeFiHackLabs by Sunsec
DeFiVulnLabs
Smart Contract Best Practices by Consensys
Past Secureum Races
Certora Reports
Chain Security Audit Reports
Learn Advanced EVM/
Macro DAO Audit Reports
@EthSecurity1
Search for Audit reports
Audit Reports DeFi Yield
Past Audit Reports Solodit
Solutions to Blockchain Security CTF
Audit Findings Audit Hero
Security resources by Immunifi
Quill Audits Roadmap
Quill Auditing Mindmap
Quill Attack Vectors
web3 security
Metamask Signature Types
Security Guide by Crytic
DeFiHackLabs by Sunsec
DeFiVulnLabs
Smart Contract Best Practices by Consensys
Past Secureum Races
Certora Reports
Chain Security Audit Reports
Learn Advanced EVM/
Macro DAO Audit Reports
@EthSecurity1
Streamlit
blockchain audit search
A Streamlit app to search for security audits hosted on https://safefiles.defiyield.info/safe/fil...
🔥6
New paper “Automated Market Making and Arbitrage Profits in the Presence of Fees” by jason_of_cs ciamac Tim_Roughgarden
@EthSecurity1
https://moallemi.com/ciamac/papers/lvr-fee-model-2023.pdf
@EthSecurity1
https://moallemi.com/ciamac/papers/lvr-fee-model-2023.pdf
❤2
EthSecurity
Auditing resources part 1: Search for Audit reports Audit Reports DeFi Yield Past Audit Reports Solodit Solutions to Blockchain Security CTF Audit Findings Audit Hero Security resources by Immunifi Quill Audits Roadmap Quill Auditing Mindmap Quill…
Auditing resources part 2:
Security Compedium
Audit Reports - CD Security
YAcademy - DeFi Bugs
List of Reentrancy Attacks
Oracle Manipulation
Secure Contracts - Trail Of Bits
Immunify Bug Bounty Writeups
Audit Reports by Web3Sec News
Coinspect EVM Attacks
Solidity Notes by Chinmaya
Auditing Process by GA
Web3 Bugs
Secureum Mindmap @EthSecurity1
Security Compedium
Audit Reports - CD Security
YAcademy - DeFi Bugs
List of Reentrancy Attacks
Oracle Manipulation
Secure Contracts - Trail Of Bits
Immunify Bug Bounty Writeups
Audit Reports by Web3Sec News
Coinspect EVM Attacks
Solidity Notes by Chinmaya
Auditing Process by GA
Web3 Bugs
Secureum Mindmap @EthSecurity1
GitHub
GitHub - obheda12/Solidity-Security-Compendium: A mission to breakout every single solidity vuln I come across and categorize it
A mission to breakout every single solidity vuln I come across and categorize it - obheda12/Solidity-Security-Compendium
🔥3