-MEV-Share CTF Writeups
-Gas optimization resources
-blockchain security and AML report
-Whitehacks Kit - A simple template to perform whitehacks safely in a single tx, leveraging Foundry and Flashbots.
@EthSecurity1
-Gas optimization resources
-blockchain security and AML report
-Whitehacks Kit - A simple template to perform whitehacks safely in a single tx, leveraging Foundry and Flashbots.
@EthSecurity1
GitHub
ctf-blockchain/src/MEVShareCTF at main · minaminao/ctf-blockchain
A summary of 200+ CTF blockchain challenges. Contribute to minaminao/ctf-blockchain development by creating an account on GitHub.
👍4⚡1
guys please Do not undestimate resources that I shared here. many of them is enough to turn you in professional or start you desire career.
❤8⚡5🔥2🦄2👍1
Web3 Security Talks Frequent Content Creators
samczsun videos
• Reentrancy patterns Video
DeFi MOOC channel
• Practical Smart Contract Security with samczsun Video
• DeFi risks and attacks with Arthur Gervais Video
Patrick Ventuzelo videos
• Smart contract reverse engineering Video
• Fuzzing with Echidna Video
• Auditing with mythril Video
Mudit Gupta videos
• Livestream #1 Video
• Livestream #2 Video
yAcademy channel
• Formal Verification Video
• Audit Like You Mean It Video
OpenZeppelin channel
• Introduction to backrunning
• OpenZeppelin Secure Development Series
Immunefi channel
• Live bug hunt video
Spearbit channel
Other Lists
Crytic's awesome ethereum security
@Ethsecurity1
samczsun videos
• Reentrancy patterns Video
DeFi MOOC channel
• Practical Smart Contract Security with samczsun Video
• DeFi risks and attacks with Arthur Gervais Video
Patrick Ventuzelo videos
• Smart contract reverse engineering Video
• Fuzzing with Echidna Video
• Auditing with mythril Video
Mudit Gupta videos
• Livestream #1 Video
• Livestream #2 Video
yAcademy channel
• Formal Verification Video
• Audit Like You Mean It Video
OpenZeppelin channel
• Introduction to backrunning
• OpenZeppelin Secure Development Series
Immunefi channel
• Live bug hunt video
Spearbit channel
Other Lists
Crytic's awesome ethereum security
@Ethsecurity1
🔥7⚡1
Yul & Memory Intro | Yul Exploit!
https://www.youtube.com/watch?v=9qLUvtL5uKQ
The Dark Arts of Yul | Solidity Fridays
https://www.youtube.com/watch?v=ew3pfnb2_V8
@EthSecurity1
https://www.youtube.com/watch?v=9qLUvtL5uKQ
The Dark Arts of Yul | Solidity Fridays
https://www.youtube.com/watch?v=ew3pfnb2_V8
@EthSecurity1
YouTube
Yul & Memory Intro | Yul Exploit!
Are you a security researcher looking to join a world-class team? Apply to open positions at Guardian here: https://guardianaudits.com
Interested in getting hands-on training to become an expert security researcher in a matter of months?
Get the guide to…
Interested in getting hands-on training to become an expert security researcher in a matter of months?
Get the guide to…
👍1
What bad hooks look-like
https://uniswap.notion.site/Research-What-bad-hooks-look-like-b10256c445904111914eb3b01fb4ec53
A Novel Defense Against ERC4626 Inflation Attacks
https://blog.openzeppelin.com/a-novel-defense-against-erc4626-inflation-attacks
@EthSecurity1
https://uniswap.notion.site/Research-What-bad-hooks-look-like-b10256c445904111914eb3b01fb4ec53
A Novel Defense Against ERC4626 Inflation Attacks
https://blog.openzeppelin.com/a-novel-defense-against-erc4626-inflation-attacks
@EthSecurity1
Uniswap Foundation on Notion
Research - What bad hooks look like | Notion
Overview
🔥4
Solidity Interview Questions
https://www.rareskills.io/post/solidity-interview-questions
Unmasking the Phantom: The Intricate Shadow Transactions Attack Deciphered
Ciaofficer auditors advice in 3 parts
blog.pessimistic.io/auditors-advice-math-solidity-gas-optimizations-part-1-3-a99c478d2ebb
@ethsecurity1
https://www.rareskills.io/post/solidity-interview-questions
Unmasking the Phantom: The Intricate Shadow Transactions Attack Deciphered
Ciaofficer auditors advice in 3 parts
blog.pessimistic.io/auditors-advice-math-solidity-gas-optimizations-part-1-3-a99c478d2ebb
@ethsecurity1
rareskills.io
Over 150 interview questions for Ethereum Developers | RareSkills
Over 150 interview questions for Ethereum Developers All of these questions can be answered in three sentences or less. Easy What is the difference between private, internal, public, and external...
❤2⚡2🔥2
TWAMM introducing
https://www.paradigm.xyz/2021/07/twamm
L2 Sequencer and Stale Oracle Prices Bug
https://medium.com/@lopotras/l2-sequencer-and-stale-oracle-prices-bug-54a749417277?source=social.tw
Web3 Bug Bounty Collection
https://github.com/JeffCX/collection-web3-bug-bounty
@ethsecurity1
https://www.paradigm.xyz/2021/07/twamm
L2 Sequencer and Stale Oracle Prices Bug
https://medium.com/@lopotras/l2-sequencer-and-stale-oracle-prices-bug-54a749417277?source=social.tw
Web3 Bug Bounty Collection
https://github.com/JeffCX/collection-web3-bug-bounty
@ethsecurity1
Paradigm
TWAMM - Paradigm
Paradigm is a research-driven crypto investment firm that funds companies and protocols from their earliest stages.
❤3
That is one of High level course about ZK Audit i have seen it. Feedback me if it is useful
https://www.youtube.com/playlist?list=PLeUIc0UZxuuF8_ueHNt1TuEyNhcsmzu_g
@ethsecurity1
https://www.youtube.com/playlist?list=PLeUIc0UZxuuF8_ueHNt1TuEyNhcsmzu_g
@ethsecurity1
🔥5⚡1
Protocol Diagramming
• ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
• Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
• Solgraph - Generates DOT graphs with function control flow of a solidity contract
• Surya - Generates various visual outputs of function call graphs
• sol-function-profiler - Solidity contract function
Jonatas
Write-up
Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3.
@ethsecurity1
• ethereum-graph-debugger - A graphical EVM debugger. Displays the entire program control flow graph.
• Slither - Slither can map method visibility and modifiers, state variables that are read and written, calls, and can print the inheritance graph of a smart contract
• Solgraph - Generates DOT graphs with function control flow of a solidity contract
• Surya - Generates various visual outputs of function call graphs
• sol-function-profiler - Solidity contract function
Jonatas
Write-up
Auditor’s Advice: EVM Limitations & Assembly Auditing Tips | Part 3/3.
@ethsecurity1
GitHub
GitHub - fergarrui/ethereum-graph-debugger: Ethereum solidity graph plain debugger. To have the whole picture when debugging.
Ethereum solidity graph plain debugger. To have the whole picture when debugging. - fergarrui/ethereum-graph-debugger
🔥3❤1
Forwarded from Vladimir S. | Officer's Channel (officercia)
solidity Decompilers
https://github.com/eveem-org/panoramix — another decompiler
ethervm.io — online decompiler
ABI for unverified contracts
https://github.com/Jon-Becker/heimdall-rs — also includes a decompiler Solidity data representation https://ethdebug.github.io/solidity-data-representation/ Working in Web3: The Handbook https://web3.smsunarto.com/ solidity style Guide https://www.rareskills.io/post/solidity-style-guide /
@ethsecurity1
https://github.com/eveem-org/panoramix — another decompiler
ethervm.io — online decompiler
ABI for unverified contracts
https://github.com/Jon-Becker/heimdall-rs — also includes a decompiler Solidity data representation https://ethdebug.github.io/solidity-data-representation/ Working in Web3: The Handbook https://web3.smsunarto.com/ solidity style Guide https://www.rareskills.io/post/solidity-style-guide /
@ethsecurity1
GitHub
GitHub - eveem-org/panoramix: Decompiler at the heart of Eveem.org
Decompiler at the heart of Eveem.org. Contribute to eveem-org/panoramix development by creating an account on GitHub.
👍4⚡1❤1
Officercia new post
https://blog.pessimistic.io/auditors-notes-initializing-proxy-oracles-multi-chain-e314ec0694b2
Curve Finance Analysis and Post-mortem
Theft of collateral tokens with fewer than 18 decimals
@EthSecurity1
https://blog.pessimistic.io/auditors-notes-initializing-proxy-oracles-multi-chain-e314ec0694b2
Curve Finance Analysis and Post-mortem
Theft of collateral tokens with fewer than 18 decimals
@EthSecurity1
Medium
Auditor’s Notes: Initializing, Proxy, Oracles & Multi-Chain
We’ll look at some specific advice for/when working with initializing, proxy, oracles and auditing during the development of smart…
❤4🫡2
ZKP vulnerabilities
Zcash hash collision
https://www.youtube.com/watch?v=W4zAbEnJQUw
Frozen heart
https://www.youtube.com/watch?v=ffPI0B2l2dY
@EthSecurity1
Zcash hash collision
https://www.youtube.com/watch?v=W4zAbEnJQUw
Frozen heart
https://www.youtube.com/watch?v=ffPI0B2l2dY
@EthSecurity1
YouTube
ZK Vulnerability - Zcash Hash Collision
Today on our zero-knowledge-proof learning journey we’re focusing on a ZK hash collision that led to a double-spending vulnerability impacting Zcash (2016)
If you’re interested in crypto security you should subscribe to my weekly newsletter here - http:…
If you’re interested in crypto security you should subscribe to my weekly newsletter here - http:…
🔥3
Time to shit on some proxy patterns.
- Beacon: it sucks in performance, antipattern that got psyoped into relevance.
- UUPS: devs need to pollute their implementations.
- Transparent: devs need to deploy 2 extra contracts and verify them everytime. Much captcha.@EthSecurity1
- Beacon: it sucks in performance, antipattern that got psyoped into relevance.
- UUPS: devs need to pollute their implementations.
- Transparent: devs need to deploy 2 extra contracts and verify them everytime. Much captcha.@EthSecurity1
😁5🔥2👍1
X users manipulated by ChatGPT bots to visit malicious crypto sites.
Dark days incoming
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
DeFi Hacks Analysis - Root Cause Analysis Part 2 SunSec
@EthSecyrity1
Dark days incoming
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
DeFi Hacks Analysis - Root Cause Analysis Part 2 SunSec
@EthSecyrity1
Protos
X users manipulated by ChatGPT bots to visit malicious crypto sites
The 'Fox8' botnet comprises 1,140 X accounts designed to share tweets, retweeted posts, and images to drive traffic to these fake websites.
🔥4
Web2 Bug Repellant Instructions
Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects
@EthSecurity1
Exploring Tornado Cash In-Depth to Reveal Malleability Attacks in ZKP Projects
@EthSecurity1
OtterSec
Web2 Bug Repellant Instructions
An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.
❤1⚡1🔥1