Variaty in Role of Access Control in Solidity Smart Contracts. (this is cool)
Protecting the Decentralized Future: An Exploration of Common Blockchain Attacks and their Countermeasures
@EthSecurity1
Protecting the Decentralized Future: An Exploration of Common Blockchain Attacks and their Countermeasures
@EthSecurity1
Smart Contract Audits - Composable Security
The Role of Access Control in Solidity Smart Contracts - Smart Contract Audits - Composable Security
Once upon a time, in the mythical land of Soliditium, a courageous knight named Sir Codelot embarked on a grand mission.
🔥3❤1👍1👏1
Unveiling Transaction Simulation Challenges: Blowfish Case Study by Tiago Assumpcao (Coinspect).
An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts.
Typical vulnerabilities in LSD protocols by kasimonagasaki (Decurity)
@EthSecurity1
An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts.
Typical vulnerabilities in LSD protocols by kasimonagasaki (Decurity)
@EthSecurity1
Coinspect Security
Unveiling Transaction Simulation Challenges: Blowfish Case Study
Phantom wallet vulnerability: Exploiting transaction simulation in Solana
🔥3❤2👍1
Smashing bugs using Certora Prover: A hands on approach to Formal Verification of Smart Contracts
What's inside a node? Malicious IPFS nodes under the magnifying glass
@EthSecurity1
What's inside a node? Malicious IPFS nodes under the magnifying glass
@EthSecurity1
mirror.xyz
Smashing bugs using Certora Prover: A hands on approach to Forma…
To get your hands buffed up and get started with smashing bugs, you need to keep the following in in your mind:
🔥5👏1
Pink drainer learned new tricks such as using private sales on Blur to prevent frontrunning by 0xQuit.
https://drops.scamsniffer.io/post/pink-drainer-steals-3m-from-multiple-hack-events-including-openai-cto-orbiter-finance/
Learn EVM Course by 0xMacro
Blockchain Censorship
Signature Malleability PoC by pcaversaccio.
@EthSecurity1
https://drops.scamsniffer.io/post/pink-drainer-steals-3m-from-multiple-hack-events-including-openai-cto-orbiter-finance/
Learn EVM Course by 0xMacro
Blockchain Censorship
Signature Malleability PoC by pcaversaccio.
@EthSecurity1
Scam Sniffer
Pink Drainer steals $3M from multiple hack events including OpenAI CTO, Orbiter Finance - Scam Sniffer
Overview Recently, there have been a large number of Discord and Twitter hacked events, including Evomos, Pika Protocol, OpenAI CTO, and Orbiter Finance. Hackers send phishing links through Discord accounts they’ve gained access to. Many users have opened…
EVM CFG - a fast and accurate CFG generator for EVM bytecode using symbolic stack analysis
CheckTheChain - a ChatGPT plugin that lets AI do blockchain analysis.
Uniswap V3 TWAP: Assessing TWAP Market Risk by Omer Goldberg.
Immunefi Bug Bounty Writeups List by sayan011.
@EthSecurity1
CheckTheChain - a ChatGPT plugin that lets AI do blockchain analysis.
Uniswap V3 TWAP: Assessing TWAP Market Risk by Omer Goldberg.
Immunefi Bug Bounty Writeups List by sayan011.
@EthSecurity1
GitHub
GitHub - plotchy/evm-cfg: Symbolic stack CFG generator for EVM
Symbolic stack CFG generator for EVM. Contribute to plotchy/evm-cfg development by creating an account on GitHub.
👍3🔥3
Price & Reward Manipulation Attacks Distilled by Officercia
Numerical Analysis - Security Tips and Tricks for DeFi Audits by Spearbit.
Saving $100M at risk in KyberSwap Elastic by 100 Proof.
Election Fraud? Double Voting in Celer’s State Guardian Network by Felix Wilhelm.
@EthSecurity1
Numerical Analysis - Security Tips and Tricks for DeFi Audits by Spearbit.
Saving $100M at risk in KyberSwap Elastic by 100 Proof.
Election Fraud? Double Voting in Celer’s State Guardian Network by Felix Wilhelm.
@EthSecurity1
Medium
Price & Reward Manipulation Attacks Distilled
Today, we’re going to take a look at a variety of different attacks, dissect the ways in which they differ from one another, and discuss…
🔥2🦄2❤1
Satacom delivers browser extension that steals cryptocurrency by Kaspersky
Towards Understanding Crypto Money Laundering in Web3 Through the Lenses of Ethereum Heists
@EthSecurity1
Towards Understanding Crypto Money Laundering in Web3 Through the Lenses of Ethereum Heists
@EthSecurity1
Securelist
Recent Satacom campaign delivers cryptocurrency-stealing addon
A recent campaign by Satacom downloader is delivering a cryptocurrency-stealing extension for Chromium-based browsers, such as Chrome, Brave and Opera.
Struggling with codebases? Try this:
1) Manage workload in bite-size sections daily
2) Interact with code through comments
3) Understand the code before the docs
4) Use state machines to track variable changes. Stay organized, stay efficient.
@EthSecurity1
1) Manage workload in bite-size sections daily
2) Interact with code through comments
3) Understand the code before the docs
4) Use state machines to track variable changes. Stay organized, stay efficient.
@EthSecurity1
🔥4
huff vs yul
inline assembly???
In a way, yes. Yul is an assembly language, but it is designed to be used in conjunction with Solidity as a lower-level alternative to Solidity's high-level syntax. but Huff is not inline assembly
optimization???
Huff provides even greater efficiency and optimization at the cost of more complex programming. it is great to manage jumps and stacks
@EthSecurity1
inline assembly???
In a way, yes. Yul is an assembly language, but it is designed to be used in conjunction with Solidity as a lower-level alternative to Solidity's high-level syntax. but Huff is not inline assembly
optimization???
Huff provides even greater efficiency and optimization at the cost of more complex programming. it is great to manage jumps and stacks
@EthSecurity1
❤5
6 security sins of Web3 bridges by Damian Rusinek.
Catch me if you can! Learning about edge cases of Solidity's try/catch while I explored Account Abstraction by matta.
@EthSecurity1
Catch me if you can! Learning about edge cases of Solidity's try/catch while I explored Account Abstraction by matta.
@EthSecurity1
Smart Contract Audits - Composable Security 🇵🇱⛓
Bridge exploits account for ~50% of all decentralized finance exploits since September 2020, totaling ~$2.5B in lost assets, according to…
❤5
All things reentrancy! workshop by Jsec Security.
Intro to Smart Contract Security Audit — Front Running by SlowMist
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
@EthSecurity1
Intro to Smart Contract Security Audit — Front Running by SlowMist
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
@EthSecurity1
GitHub
GitHub - jcsec-security/all-things-reentrancy: Workshop about the different types of reentrancy attacks
Workshop about the different types of reentrancy attacks - jcsec-security/all-things-reentrancy
👍5
Forwarded from Vladimir S. | Officer's Channel (officercia)
GM! Check out my latest piece!
I'll describe Web3 audits, CTFs, and compare the corresponding security methodologies in it.
Also presenting a new project from my friend’s team r(dot)xyz - go check it out as well fam!
• officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g
#security #web3
I'll describe Web3 audits, CTFs, and compare the corresponding security methodologies in it.
Also presenting a new project from my friend’s team r(dot)xyz - go check it out as well fam!
• officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g
#security #web3
intro to zkp Security.this promoted by spearbit
https://www.youtube.com/watch?v=8wsR7o0rOxU&feature=youtu.be
@EthSecurity1
https://www.youtube.com/watch?v=8wsR7o0rOxU&feature=youtu.be
@EthSecurity1
🔥3
Demystifying Ethereum Assembly by Joshua Riley | Devcon Bogotá
https://www.youtube.com/watch?v=btDOvn8pLkA
@EthSecurity1
https://www.youtube.com/watch?v=btDOvn8pLkA
@EthSecurity1
YouTube
Demystifying Ethereum Assembly by Joshua Riley | Devcon Bogotá
Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/demystifying…
https://archive.devcon.org/archive/watch/6/demystifying…
❤4
https://blog.openzeppelin.com/openzeppelin-security-report-top-security-incidents-and-insights-from-april-june-2023 @EthSecurity1
Openzeppelin
Security Report: Top Incidents and Insights from April - June 2023
By shedding light on various vulnerabilities and risks, the OpenZeppelin Security Report aims to dissect some of the key incidents and lessons learned for blockchain security researchers. In this edition, we will explore exploits from critical logic errors…