6 security sins of Web3 bridges by Damian Rusinek.
Catch me if you can! Learning about edge cases of Solidity's try/catch while I explored Account Abstraction by matta.
@EthSecurity1
Catch me if you can! Learning about edge cases of Solidity's try/catch while I explored Account Abstraction by matta.
@EthSecurity1
Smart Contract Audits - Composable Security 🇵🇱⛓
Bridge exploits account for ~50% of all decentralized finance exploits since September 2020, totaling ~$2.5B in lost assets, according to…
❤5
All things reentrancy! workshop by Jsec Security.
Intro to Smart Contract Security Audit — Front Running by SlowMist
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
@EthSecurity1
Intro to Smart Contract Security Audit — Front Running by SlowMist
ArbiNet is the MEV detection model that doesn't require knowledge about DeFi smart contracts.
@EthSecurity1
GitHub
GitHub - jcsec-security/all-things-reentrancy: Workshop about the different types of reentrancy attacks
Workshop about the different types of reentrancy attacks - jcsec-security/all-things-reentrancy
👍5
Forwarded from Vladimir S. | Officer's Channel (officercia)
GM! Check out my latest piece!
I'll describe Web3 audits, CTFs, and compare the corresponding security methodologies in it.
Also presenting a new project from my friend’s team r(dot)xyz - go check it out as well fam!
• officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g
#security #web3
I'll describe Web3 audits, CTFs, and compare the corresponding security methodologies in it.
Also presenting a new project from my friend’s team r(dot)xyz - go check it out as well fam!
• officercia.mirror.xyz/VmSJDoV3c8xKDMRjTOl4DQ7KPgBTlb8cVdcTlOJxj1g
#security #web3
intro to zkp Security.this promoted by spearbit
https://www.youtube.com/watch?v=8wsR7o0rOxU&feature=youtu.be
@EthSecurity1
https://www.youtube.com/watch?v=8wsR7o0rOxU&feature=youtu.be
@EthSecurity1
🔥3
Demystifying Ethereum Assembly by Joshua Riley | Devcon Bogotá
https://www.youtube.com/watch?v=btDOvn8pLkA
@EthSecurity1
https://www.youtube.com/watch?v=btDOvn8pLkA
@EthSecurity1
YouTube
Demystifying Ethereum Assembly by Joshua Riley | Devcon Bogotá
Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/demystifying…
https://archive.devcon.org/archive/watch/6/demystifying…
❤4
https://blog.openzeppelin.com/openzeppelin-security-report-top-security-incidents-and-insights-from-april-june-2023 @EthSecurity1
Openzeppelin
Security Report: Top Incidents and Insights from April - June 2023
By shedding light on various vulnerabilities and risks, the OpenZeppelin Security Report aims to dissect some of the key incidents and lessons learned for blockchain security researchers. In this edition, we will explore exploits from critical logic errors…
-How To Reproduce A Simple MEV Attack
-Your Sandwich Is My Lunch: How To Drain MEV Contracts V2
@EthSecurity1
-Your Sandwich Is My Lunch: How To Drain MEV Contracts V2
@EthSecurity1
Medium
How To Reproduce A Simple MEV Attack
Introduction
😁3🔥2
What does a math-related critical bug look like in Polygon's zkEVM?
https://twitter.com/SpearbitDAO/status/1679189382907953180?s=20
@EthSecurity1
https://twitter.com/SpearbitDAO/status/1679189382907953180?s=20
@EthSecurity1
❤5
https://www.helpnetsecurity.com/2023/07/17/quantum-based-attacks-video/?utm_content=257253710&utm_medium=social&utm_source=twitter&hss_channel=tw-906029628
@EthSecurity1
@EthSecurity1
Help Net Security
Real-world examples of quantum-based attacks
In this video, Tommaso Gagliardoni, Global Practice Lead in Quantum Security at Kudelski Security, discusses quantum-based attacks.
Threshold Encrypted Mempools: Limitations and Considerations.
https://arxiv.org/abs/2307.10878
Crypto bridges sins exposed. Exploiting weak spots of multi-chain protocols by deliriusz.
@Ethsecurity1
https://arxiv.org/abs/2307.10878
Crypto bridges sins exposed. Exploiting weak spots of multi-chain protocols by deliriusz.
@Ethsecurity1
Medium
Crypto bridges sins exposed. Exploiting weak spots of multi-chain protocols.
Every kind of a software system has their own set of problems. Our mission as security consultants (researchers) is to identify weak spots…
-solc Internals Part 3: Quirks & Optimizations.
-Fuzzing on-chain contracts with Echidna.
-A Comprehensive Guide to Arbitrum and its Security Features.
@EthSecurity1
-Fuzzing on-chain contracts with Echidna.
-A Comprehensive Guide to Arbitrum and its Security Features.
@EthSecurity1
Medium
solc Internals Part 3: Quirks & Optimizations
We review quirks & optimizations that solc implemented to output efficient EVM bytecode.
🔥2
Daniel Von Fange - How to understand a hack.
https://www.youtube.com/watch?v=s-CwUn4ZQ5w&list=PLhM7rBgpVV-KN8mM17IRSFIGsL0EaGA_m&index=36
@ethsecurity1
https://www.youtube.com/watch?v=s-CwUn4ZQ5w&list=PLhM7rBgpVV-KN8mM17IRSFIGsL0EaGA_m&index=36
@ethsecurity1
YouTube
Daniel Von Fange - How to understand a hack
"Hacks are the best teachers about the vulnerabilities that matter most - the ones that get past tools, reviews, and audits.
- How to discover what happened during a hack
- How to trace it back to the root vulnerability
- What tools to use"
- How to discover what happened during a hack
- How to trace it back to the root vulnerability
- What tools to use"
👍5
-How to Write Better Smart Contracts By Checking Them With Slither.
-The Blockchain Guardians: Safeguarding the Future of Ethereum Smart Contract Security.
@EthSecurity1
-The Blockchain Guardians: Safeguarding the Future of Ethereum Smart Contract Security.
@EthSecurity1
YouTube
How to Write Better Smart Contracts By Checking Them With Slither | PyChain 2022
This is a video recording of the PyChain 2022 conference sessions.
Speaker: Troy Sargent - Trail of Bits
Checking smart contracts for security issues using Slither static analyzer
The correctness and security of smart contracts is forefront in the mind…
Speaker: Troy Sargent - Trail of Bits
Checking smart contracts for security issues using Slither static analyzer
The correctness and security of smart contracts is forefront in the mind…
I feels everybody in auditing needs know web3 Architectur. here is some courses please feedback me if these courses beneficial for you.
1. Course I: DeFi Infrastructure:
https://youtube.com/playlist?list=PLE1Vu6ctbqa61FqJmPDnoPzDqrnyILHRm
2. Course II: DeFi Primitives:
https://youtube.com/playlist?list=PLE1Vu6ctbqa5kIXZCCpkAJxkI66dXzy61
3. Course III: DeFi Deep Dive:
https://youtube.com/playlist?list=PLE1Vu6ctbqa7Df5YJgMtH1xCcy0yX_dri
4. Course IV: DeFi Risks and Opportunities:
https://youtube.com/playlist?list=PLE1Vu6ctbqa7eZK2gychKr1RGZ3t1qf8S
@EthSecurity1
1. Course I: DeFi Infrastructure:
https://youtube.com/playlist?list=PLE1Vu6ctbqa61FqJmPDnoPzDqrnyILHRm
2. Course II: DeFi Primitives:
https://youtube.com/playlist?list=PLE1Vu6ctbqa5kIXZCCpkAJxkI66dXzy61
3. Course III: DeFi Deep Dive:
https://youtube.com/playlist?list=PLE1Vu6ctbqa7Df5YJgMtH1xCcy0yX_dri
4. Course IV: DeFi Risks and Opportunities:
https://youtube.com/playlist?list=PLE1Vu6ctbqa7eZK2gychKr1RGZ3t1qf8S
@EthSecurity1
⚡8👍1🔥1
A Leap in DeFi UX: The Surge of Telegram Trading Bots 🤖
[ Rise of The Machines ]
In the crypto landscape, user experience (UX) often takes a back seat to developer experience. However, a UX shift in DeFi is unfolding right before our eyes. The game-changer? and the rise of Telegram trading bots.
Trading bots aren't a new concept and are relatively simple to understand and implement - they automate trades based on predefined rules. What really sets the recent wave of trading bots apart is their integration into a convenient and familiar chat interface: the Telegram app.
[ Simplicity Wins ]
These bots simplify the trading process, making DeFi more accessible to the average user. No more navigating complex exchange dashboards or deciphering trading charts. Now, it’s as simple as sending a text message.
These bots also offer real-time updates and alerts, keeping users informed about market changes and potential trading opportunities. It's like having a personal trading assistant, always on call.
But it's not just about convenience. These bots also open up new possibilities for strategy and automation. Users can set their own rules, customize their trading strategies, and let the bot do the work.
This shift in UX is a testament to the innovative spirit of crypto. Making DeFi more user-friendly, more accessible, and ultimately, more democratic is a net positive for the space.
[ Closing Thoughts ]
In hindsight, it might seem obvious that the rise of Telegram trading bots marked a new chapter in the DeFi/crypto UX story: A future where transactions are seamlessly integrated into our day-to-day lives.
As with any innovation, there are risks. Always do your own research.
📍 Web2 security engineers incoming to web3 industry
@ethsecurity1
[ Rise of The Machines ]
In the crypto landscape, user experience (UX) often takes a back seat to developer experience. However, a UX shift in DeFi is unfolding right before our eyes. The game-changer? and the rise of Telegram trading bots.
Trading bots aren't a new concept and are relatively simple to understand and implement - they automate trades based on predefined rules. What really sets the recent wave of trading bots apart is their integration into a convenient and familiar chat interface: the Telegram app.
[ Simplicity Wins ]
These bots simplify the trading process, making DeFi more accessible to the average user. No more navigating complex exchange dashboards or deciphering trading charts. Now, it’s as simple as sending a text message.
These bots also offer real-time updates and alerts, keeping users informed about market changes and potential trading opportunities. It's like having a personal trading assistant, always on call.
But it's not just about convenience. These bots also open up new possibilities for strategy and automation. Users can set their own rules, customize their trading strategies, and let the bot do the work.
This shift in UX is a testament to the innovative spirit of crypto. Making DeFi more user-friendly, more accessible, and ultimately, more democratic is a net positive for the space.
[ Closing Thoughts ]
In hindsight, it might seem obvious that the rise of Telegram trading bots marked a new chapter in the DeFi/crypto UX story: A future where transactions are seamlessly integrated into our day-to-day lives.
As with any innovation, there are risks. Always do your own research.
📍 Web2 security engineers incoming to web3 industry
@ethsecurity1