Impact:
In passThruGate function, msg.value is checked to be greater than the required cost, but the excess amount is not returned to the sender.
mitigation:
Return excess eth to sender
function passThruGate(uint index, address) override external payable {
uint price = getCost(index);
require(msg.value >= price, 'Please send more ETH');
// bump up the price
Gate storage gate = gates[index];
// multiply by the price increase factor
gate.lastPrice = (price * gate.priceIncreaseFactor) / gate.priceIncreaseDenominator;
// move up the reference
gate.lastPurchaseBlock = block.number;
// pass thru the ether
if (msg.value > 0) {
// use .call so we can send to contracts, for example gnosis safe, re-entrance is not a threat here
(bool sent, bytes memory data) = gate.beneficiary.call{value: msg.value}("");
require(sent, 'ETH transfer failed');
}
} @EthSecurity1
In passThruGate function, msg.value is checked to be greater than the required cost, but the excess amount is not returned to the sender.
mitigation:
Return excess eth to sender
function passThruGate(uint index, address) override external payable {
uint price = getCost(index);
require(msg.value >= price, 'Please send more ETH');
// bump up the price
Gate storage gate = gates[index];
// multiply by the price increase factor
gate.lastPrice = (price * gate.priceIncreaseFactor) / gate.priceIncreaseDenominator;
// move up the reference
gate.lastPurchaseBlock = block.number;
// pass thru the ether
if (msg.value > 0) {
// use .call so we can send to contracts, for example gnosis safe, re-entrance is not a threat here
(bool sent, bytes memory data) = gate.beneficiary.call{value: msg.value}("");
require(sent, 'ETH transfer failed');
}
} @EthSecurity1
Demystifying Exploitable Bugs in Smart Contracts https://www.cs.purdue.edu/homes/zhan3299/res/ICSE23.pdf @EthSecurity1
π₯4
https://medium.com/@balakhonoff_47314/how-to-access-real-time-smart-contract-data-from-python-code-using-lido-as-an-example-38738ff077c5
@EthSecurity1
@EthSecurity1
Medium
How to access real-time smart contract data from Python code (using Lido contract as an example)
Letβs imagine you need access to the real-time data of some smart contracts on Ethereum (or Polygon, BSC, etc.) like Uniswap or even PEPEβ¦
π₯4π1
Somebody: Hey all, I made this simple flashbots bundler app to help people with white hat recoveries of compromised accounts http://flashbots-bundler.surge.sh/
You can use the UI to generate a new flashbots rpc, build the bundle by sending eth for gas, then the recovery TX, then withdraw remaining funds. Then when you hit submit bundle it goes through a relayer i maintain
Iβve used it to help a few people that had leaked wallets and sweeper bots. If you know anyone who has this issue feel free to send them my way!
Hereβs a video walkthrough https://www.youtube.com/watch?v=itPz35FGGJk
If you use it, I recommend paying around 3x the gas price to get included. And make sure your bundle is over 42k gas or it will be ignored by the network or see http://whitehat.flashbots.net
@EthSecurity1
You can use the UI to generate a new flashbots rpc, build the bundle by sending eth for gas, then the recovery TX, then withdraw remaining funds. Then when you hit submit bundle it goes through a relayer i maintain
Iβve used it to help a few people that had leaked wallets and sweeper bots. If you know anyone who has this issue feel free to send them my way!
Hereβs a video walkthrough https://www.youtube.com/watch?v=itPz35FGGJk
If you use it, I recommend paying around 3x the gas price to get included. And make sure your bundle is over 42k gas or it will be ignored by the network or see http://whitehat.flashbots.net
@EthSecurity1
flashbots-bundler.surge.sh
Ethereum App
Web site created using π scaffold-eth
Zipped contracts
Compressed contracts that automatically self-extract when called
https://github.com/merklejerk/zipped-contracts
GasBad is an open-source project that evaluates gas efficiency in Solidity libraries
https://github.com/ciwines/gas-bad
@EthSecurity1
Compressed contracts that automatically self-extract when called
https://github.com/merklejerk/zipped-contracts
GasBad is an open-source project that evaluates gas efficiency in Solidity libraries
https://github.com/ciwines/gas-bad
@EthSecurity1
GitHub
GitHub - merklejerk/zipped-contracts
Contribute to merklejerk/zipped-contracts development by creating an account on GitHub.
π₯4
We reached to 1000 members thank you all.
Special thanks to officercia.eth who support me at first.
Special thanks to officercia.eth who support me at first.
π14β€8π4
Forwarded from Raiders
Hey team, I am working on https://web3sec.news which is an open source initiative for web3 security. It tracks of all latest hacks, news, events, roadmaps, challenges, blogs etc for the community as an aggregator. It would be very helpful if you can help me getting the community feedbacks & spreading the cause together πͺπ»π₯
Web3Sec
Web3Sec β Never miss any breach ever again
Finally, a community feed which is only made for penetration testers and hackers.
β€5
Ethereum investigation tools. #osint Google Dorks
Blacklists
Storage Platforms
Explorers
Scoring
https://github.com/moonIighted/OSINT-MindMaps/blob/main/Ethereum%20Investigation.png
Transaction monitoring @Ethsecurity1
Blacklists
Storage Platforms
Explorers
Scoring
https://github.com/moonIighted/OSINT-MindMaps/blob/main/Ethereum%20Investigation.png
Transaction monitoring @Ethsecurity1
β€8
EthSecurity
Auditing resources part 2: Security Compedium Audit Reports - CD Security YAcademy - DeFi Bugs List of Reentrancy Attacks Oracle Manipulation Secure Contracts - Trail Of Bits Immunify Bug Bounty Writeups Audit Reports by Web3Sec News Coinspect EVM Attacksβ¦
Auditing resources part 3:
Immunify Forge POC
EVM Security ReposPractice Secureum Races
Web3 Security DAO
Tomo Labo Bugs - Medium | High
Auditor Roadmap by Razzor
All things Reentrancy
Checks while Hacks
rareskills common vulners
@EthSecurity1
Immunify Forge POC
EVM Security ReposPractice Secureum Races
Web3 Security DAO
Tomo Labo Bugs - Medium | High
Auditor Roadmap by Razzor
All things Reentrancy
Checks while Hacks
rareskills common vulners
@EthSecurity1
GitHub
GitHub - immunefi-team/forge-poc-templates
Contribute to immunefi-team/forge-poc-templates development by creating an account on GitHub.
β€2π₯1
Here are some key auditing tips and insights :
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
1. Understand the System: Before starting the audit, it's important to understand the
system you're auditing. This includes understanding the high-level overview of the system, how it works, and what makes it unique. In the case of Asteria, understanding the roles of different players in the system, how vaults exist, how loans are represented, and how liquidations work was crucial.
2. Identify Complexities: Identify the complexities in the system. For example Asteria, the
complexities included calls going back and forth between contracts, the system being almost entirely stateless, and the need for accurate total assets of the vault.
3. Look for Vulnerabilities: Look for vulnerabilities in the system. In the case of Asteria, vulnerabilities were found in the delegate role, the stateless system, the Seaport auctions, and the ERC4626 calculations.
4. Learn from Mistakes: Learn from the mistakes made in the system. For Asteria, mistakes were made in not using EC recover properly, having a lot of data inputted, having many different entry points using shared back-end logic, and not resetting variables when changing hands.
5. Implement Fixes: Implement fixes for the vulnerabilities found. For Asteria, fixes included adding checks, getting rid of certain functions, adding unchecked blocks, and changing the way the Seaport liquidations work.
6. Test Thoroughly: Ensure thorough testing is done to cover all edge cases. In the case of Asteria, while they had done the hard parts of testing, they could have done more thorough testing to ensure all edge cases were covered.
7. Rebuild if Necessary: If the product has evolved a lot and more features have been added, it might be beneficial to rebuild or rethink the system from first principles. This
can help ensure that all functionalities are encoded in shared logic and that all validations are rock solid.
8. Stay Updated: Stay updated with the latest vulnerabilities and fixes in the blockchain and smart contract space. This can help you identify potential vulnerabilities in the system you're auditing.
Remember, auditing is a complex process that requires a deep understanding of the system, a keen eye for detail, and a thorough approach to testing. @EthSecurity1
π₯10β€2
On May 28, @jimbosprotocol
fell victim to a significant flash loan attack, resulting in a staggering loss of $7.5M.
In this article we offer a concise analysis, unveiling key details and implications of this incident. https://medium.com/@auditone.io/the-7-5-million-flash-loan-unveiled-analyzing-jimbos-protocol-attack-25cf7fd55079 @EthSecurity1
fell victim to a significant flash loan attack, resulting in a staggering loss of $7.5M.
In this article we offer a concise analysis, unveiling key details and implications of this incident. https://medium.com/@auditone.io/the-7-5-million-flash-loan-unveiled-analyzing-jimbos-protocol-attack-25cf7fd55079 @EthSecurity1
Medium
The $7.5 Million Flash Loan Unveiled: Analyzing Jimboβs Protocol Attack.
A concise analysis of the incident.
π₯3β€1
The math behind Defi is not as hard as you think
https://cryptocutie.medium.com/the-math-behind-defi-is-not-as-hard-as-you-think-60e1ba39ee2a
Immunefi bug bounty writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
Huff vs Yul for EVM Smart Contracts
https://medium.com/@jtriley15/huff-vs-yul-for-evm-smart-contracts-620d1d618197
@EthSecurity1
https://cryptocutie.medium.com/the-math-behind-defi-is-not-as-hard-as-you-think-60e1ba39ee2a
Immunefi bug bounty writeups list
https://github.com/sayan011/Immunefi-bug-bounty-writeups-list
Huff vs Yul for EVM Smart Contracts
https://medium.com/@jtriley15/huff-vs-yul-for-evm-smart-contracts-620d1d618197
@EthSecurity1
Medium
The math behind Defi is not as hard as you think
I was never a good student at math. Math made me uncomfortable. But investing in Defi gets me to re-study it. And this time, I found itsβ¦
π₯8π2
Compound v2 visualisation
https://betterprogramming.pub/compound-v2-in-depth-6227c0528b5?gi=4e5180ce876b
@EthSecurity1
https://betterprogramming.pub/compound-v2-in-depth-6227c0528b5?gi=4e5180ce876b
@EthSecurity1
Medium
Compound V2 in Depth
A hands-on guide
π₯6π1
Signed signature always should have an expiration.
The expiration ensures that the signature becomes invalid once the specified time has passed. @EthSecurity1
The expiration ensures that the signature becomes invalid once the specified time has passed. @EthSecurity1
π₯5β‘3π2
Forwarded from Vladimir S. | Officer's Channel (officercia)
GM!
Today, we will try to understand what a bug bounty is, why itβs important, and why it can complement auditing rather than replace it in order to increase security!
β’ officercia.medium.com/web3-security-distilled-9ff4b2f778c5
Please share π«‘οΈοΈοΈοΈοΈοΈ
#security #bugbounty #web3
Today, we will try to understand what a bug bounty is, why itβs important, and why it can complement auditing rather than replace it in order to increase security!
β’ officercia.medium.com/web3-security-distilled-9ff4b2f778c5
Please share π«‘οΈοΈοΈοΈοΈοΈ
#security #bugbounty #web3
Medium
Web3 Security Distilled
We will try to understand what a bug bounty is, why itβs important, and why it can complement auditing rather than replace it in order toβ¦
π3
Cool idea π‘ Tornado v2 π§΅
https://twitter.com/bi_gly/status/1667094239132655618?s=21
@EthSecurity1
https://twitter.com/bi_gly/status/1667094239132655618?s=21
@EthSecurity1
β‘2π¦2β€1π1π₯1
If you watched patrick's hardhat edition course either foundry edition you will found only thing has diffred isπ
how good question
I recommend to everybody who intend to watch foundry edition
swallow this repo instead watch it:)) https://github.com/selfteaching/How-To-Ask-Questions-The-Smart-Way
@EthSecurity1
I recommend to everybody who intend to watch foundry edition
swallow this repo instead watch it:)) https://github.com/selfteaching/How-To-Ask-Questions-The-Smart-Way
@EthSecurity1
GitHub
GitHub - selfteaching/How-To-Ask-Questions-The-Smart-Way
Contribute to selfteaching/How-To-Ask-Questions-The-Smart-Way development by creating an account on GitHub.
π4β€1
Fully repaying a loan will result in debt payment being lost.When a loan is fully repaid the loan storage is deleted. Since loan is a storage reference to the loan, loan.lender will return address(0) after the loan has been deleted. This will result in the debt being transferred to address(0) instead of the lender. Some ERC20 tokens will revert when being sent to address(0) but a large number will simply be sent there and lost forever.In Cooler#repay the loan storage associated with the loanID being repaid is deleted. loan is a storage reference so when loans[loanID] is deleted so is loan. The result is that loan.lender is now address(0) and the loan payment will be sent there instead.
Recommendation:
Send collateral/debt then delete:
- if (repaid == loan.amount) delete loans[loanID];
+ if (repaid == loan.amount) {
+ debt.transferFrom(msg.sender, loan.lender, loan.amount);
+ collateral.transfer(owner, loan.collateral);
+ delete loans[loanID];
+ return;
+ }
@EthSecurity1
Recommendation:
Send collateral/debt then delete:
- if (repaid == loan.amount) delete loans[loanID];
+ if (repaid == loan.amount) {
+ debt.transferFrom(msg.sender, loan.lender, loan.amount);
+ collateral.transfer(owner, loan.collateral);
+ delete loans[loanID];
+ return;
+ }
@EthSecurity1